diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-06-03 17:11:55 -1000 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2017-06-03 23:11:55 -0400 |
| commit | 1a5d70e876346653b3dfa2a95f188ef0eb92bd7d (patch) | |
| tree | b940ff3a938a91613860dd20bc9e63568b78734b /src | |
| parent | e6055fbfb2b1b7b00b361615d4c665c6e9fc0b6d (diff) | |
| download | cryptography-1a5d70e876346653b3dfa2a95f188ef0eb92bd7d.tar.gz cryptography-1a5d70e876346653b3dfa2a95f188ef0eb92bd7d.tar.bz2 cryptography-1a5d70e876346653b3dfa2a95f188ef0eb92bd7d.zip | |
deprecate signer/verifier on asymmetric keys (#3663)
* deprecate signer/verifier on asymmetric keys
* review feedback, switch deprecated_call to work around a bug
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/dsa.py | 5 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/ec.py | 5 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/rsa.py | 5 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/utils.py | 12 |
4 files changed, 24 insertions, 3 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/dsa.py b/src/cryptography/hazmat/backends/openssl/dsa.py index c2223250..48886e45 100644 --- a/src/cryptography/hazmat/backends/openssl/dsa.py +++ b/src/cryptography/hazmat/backends/openssl/dsa.py @@ -7,7 +7,8 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.exceptions import InvalidSignature from cryptography.hazmat.backends.openssl.utils import ( - _calculate_digest_and_algorithm, _check_not_prehashed + _calculate_digest_and_algorithm, _check_not_prehashed, + _warn_sign_verify_deprecated ) from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import ( @@ -121,6 +122,7 @@ class _DSAPrivateKey(object): key_size = utils.read_only_property("_key_size") def signer(self, signature_algorithm): + _warn_sign_verify_deprecated() _check_not_prehashed(signature_algorithm) return _DSASignatureContext(self._backend, self, signature_algorithm) @@ -208,6 +210,7 @@ class _DSAPublicKey(object): key_size = utils.read_only_property("_key_size") def verifier(self, signature, signature_algorithm): + _warn_sign_verify_deprecated() if not isinstance(signature, bytes): raise TypeError("signature must be bytes.") diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py index b70735dc..69da2344 100644 --- a/src/cryptography/hazmat/backends/openssl/ec.py +++ b/src/cryptography/hazmat/backends/openssl/ec.py @@ -9,7 +9,8 @@ from cryptography.exceptions import ( InvalidSignature, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.openssl.utils import ( - _calculate_digest_and_algorithm, _check_not_prehashed + _calculate_digest_and_algorithm, _check_not_prehashed, + _warn_sign_verify_deprecated ) from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import ( @@ -140,6 +141,7 @@ class _EllipticCurvePrivateKey(object): return self.curve.key_size def signer(self, signature_algorithm): + _warn_sign_verify_deprecated() _check_signature_algorithm(signature_algorithm) _check_not_prehashed(signature_algorithm.algorithm) return _ECDSASignatureContext( @@ -241,6 +243,7 @@ class _EllipticCurvePublicKey(object): return self.curve.key_size def verifier(self, signature, signature_algorithm): + _warn_sign_verify_deprecated() if not isinstance(signature, bytes): raise TypeError("signature must be bytes.") diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py index fdde4589..839ef147 100644 --- a/src/cryptography/hazmat/backends/openssl/rsa.py +++ b/src/cryptography/hazmat/backends/openssl/rsa.py @@ -11,7 +11,8 @@ from cryptography.exceptions import ( InvalidSignature, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.openssl.utils import ( - _calculate_digest_and_algorithm, _check_not_prehashed + _calculate_digest_and_algorithm, _check_not_prehashed, + _warn_sign_verify_deprecated ) from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import ( @@ -378,6 +379,7 @@ class _RSAPrivateKey(object): key_size = utils.read_only_property("_key_size") def signer(self, padding, algorithm): + _warn_sign_verify_deprecated() _check_not_prehashed(algorithm) return _RSASignatureContext(self._backend, self, padding, algorithm) @@ -472,6 +474,7 @@ class _RSAPublicKey(object): key_size = utils.read_only_property("_key_size") def verifier(self, signature, padding, algorithm): + _warn_sign_verify_deprecated() if not isinstance(signature, bytes): raise TypeError("signature must be bytes.") diff --git a/src/cryptography/hazmat/backends/openssl/utils.py b/src/cryptography/hazmat/backends/openssl/utils.py index f71a62a5..ff1b9745 100644 --- a/src/cryptography/hazmat/backends/openssl/utils.py +++ b/src/cryptography/hazmat/backends/openssl/utils.py @@ -4,6 +4,9 @@ from __future__ import absolute_import, division, print_function +import warnings + +from cryptography import utils from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric.utils import Prehashed @@ -31,3 +34,12 @@ def _check_not_prehashed(signature_algorithm): "Prehashed is only supported in the sign and verify methods. " "It cannot be used with signer or verifier." ) + + +def _warn_sign_verify_deprecated(): + warnings.warn( + "signer and verifier have been deprecated. Please use sign " + "and verify instead.", + utils.PersistentlyDeprecated, + stacklevel=2 + ) |