move salt_length from MGF1 to PSS and start deprecation cycle

2 files changed, 44 insertions, 14 deletions

diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index 3293741c..0c632aee 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -701,15 +701,20 @@ class _HMACContext(object):
         return self._backend._ffi.buffer(buf)[:outlen[0]]
 
 
-def _get_rsa_pss_salt_length(mgf, key_size, digest_size):
-    if mgf._salt_length is MGF1.MAX_LENGTH:
+def _get_rsa_pss_salt_length(pss, key_size, digest_size):
+    if pss._mgf._salt_length is not None:
+        salt = pss._mgf._salt_length
+    else:
+        salt = pss._salt_length
+
+    if salt is MGF1.MAX_LENGTH or salt is PSS.MAX_LENGTH:
         # bit length - 1 per RFC 3447
         emlen = int(math.ceil((key_size - 1) / 8.0))
         salt_length = emlen - digest_size - 2
         assert salt_length >= 0
         return salt_length
     else:
-        return mgf._salt_length
+        return salt
 
 
 @utils.register_interface(interfaces.AsymmetricSignatureContext)
@@ -803,7 +808,7 @@ class _RSASignatureContext(object):
             res = self._backend._lib.EVP_PKEY_CTX_set_rsa_pss_saltlen(
                 pkey_ctx,
                 _get_rsa_pss_salt_length(
-                    self._padding._mgf,
+                    self._padding,
                     self._private_key.key_size,
                     self._hash_ctx.algorithm.digest_size
                 )
@@ -871,7 +876,7 @@ class _RSASignatureContext(object):
             data_to_sign,
             evp_md,
             _get_rsa_pss_salt_length(
-                self._padding._mgf,
+                self._padding,
                 self._private_key.key_size,
                 len(data_to_sign)
             )
@@ -988,7 +993,7 @@ class _RSAVerificationContext(object):
             res = self._backend._lib.EVP_PKEY_CTX_set_rsa_pss_saltlen(
                 pkey_ctx,
                 _get_rsa_pss_salt_length(
-                    self._padding._mgf,
+                    self._padding,
                     self._public_key.key_size,
                     self._hash_ctx.algorithm.digest_size
                 )
@@ -1068,7 +1073,7 @@ class _RSAVerificationContext(object):
             evp_md,
             buf,
             _get_rsa_pss_salt_length(
-                self._padding._mgf,
+                self._padding,
                 self._public_key.key_size,
                 len(data_to_verify)
             )
diff --git a/cryptography/hazmat/primitives/asymmetric/padding.py b/cryptography/hazmat/primitives/asymmetric/padding.py
index 02aff280..8a1929bb 100644
--- a/cryptography/hazmat/primitives/asymmetric/padding.py
+++ b/cryptography/hazmat/primitives/asymmetric/padding.py
@@ -13,6 +13,8 @@
 
 from __future__ import absolute_import, division, print_function
 
+import warnings
+
 import six
 
 from cryptography import utils
@@ -26,26 +28,49 @@ class PKCS1v15(object):
 
 @utils.register_interface(interfaces.AsymmetricPadding)
 class PSS(object):
+    MAX_LENGTH = object()
     name = "EMSA-PSS"
 
-    def __init__(self, mgf):
+    def __init__(self, mgf, salt_length=None):
         self._mgf = mgf
 
+        if salt_length is None:
+            warnings.warn(
+                "salt_length is deprecated on MGF1 and should be added via the"
+                " PSS constructor.",
+                PendingDeprecationWarning
+            )
+        else:
+            if (not isinstance(salt_length, six.integer_types) and
+                    salt_length is not self.MAX_LENGTH):
+                raise TypeError("salt_length must be an integer")
+
+            if salt_length is not self.MAX_LENGTH and salt_length < 0:
+                raise ValueError("salt_length must be zero or greater")
+
+        self._salt_length = salt_length
+
 
 class MGF1(object):
     MAX_LENGTH = object()
 
-    def __init__(self, algorithm, salt_length):
+    def __init__(self, algorithm, salt_length=None):
         if not isinstance(algorithm, interfaces.HashAlgorithm):
             raise TypeError("Expected instance of interfaces.HashAlgorithm.")
 
         self._algorithm = algorithm
 
-        if (not isinstance(salt_length, six.integer_types) and
-                salt_length is not self.MAX_LENGTH):
-            raise TypeError("salt_length must be an integer")
+        if salt_length is not None:
+            warnings.warn(
+                "salt_length is deprecated on MGF1 and should be added via the"
+                " PSS constructor.",
+                PendingDeprecationWarning
+            )
+            if (not isinstance(salt_length, six.integer_types) and
+                    salt_length is not self.MAX_LENGTH):
+                raise TypeError("salt_length must be an integer")
 
-        if salt_length is not self.MAX_LENGTH and salt_length < 0:
-            raise ValueError("salt_length must be zero or greater")
+            if salt_length is not self.MAX_LENGTH and salt_length < 0:
+                raise ValueError("salt_length must be zero or greater")
 
         self._salt_length = salt_length