diff options
-rw-r--r-- | cryptography/hazmat/backends/interfaces.py | 2 | ||||
-rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py | 21 | ||||
-rw-r--r-- | docs/hazmat/backends/interfaces.rst | 11 | ||||
-rw-r--r-- | docs/hazmat/primitives/asymmetric/dsa.rst | 4 | ||||
-rw-r--r-- | tests/hazmat/primitives/test_dsa.py | 7 |
5 files changed, 23 insertions, 22 deletions
diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py index 66ee1e44..e63b079b 100644 --- a/cryptography/hazmat/backends/interfaces.py +++ b/cryptography/hazmat/backends/interfaces.py @@ -159,7 +159,7 @@ class DSABackend(object): """ @abc.abstractmethod - def dsa_parameters_supported(self, p, q): + def dsa_parameters_supported(self, p, q, g): """ Return True if the parameters are supported by the backend for DSA. """ diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index ea58d753..37d1c35e 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -492,20 +492,14 @@ class Backend(object): return ctx def dsa_hash_supported(self, algorithm): - if ( - self._lib.OPENSSL_VERSION_NUMBER < 0x1000000f and - not isinstance(algorithm, hashes.SHA1) - ): - return False + if self._lib.OPENSSL_VERSION_NUMBER < 0x1000000f: + return isinstance(algorithm, hashes.SHA1) else: return self.hash_supported(algorithm) - def dsa_parameters_supported(self, p, q): - if ( - self._lib.OPENSSL_VERSION_NUMBER < 0x1000000f and - not (utils.bit_length(p) <= 1024 and utils.bit_length(q) <= 160) - ): - return False + def dsa_parameters_supported(self, p, q, g): + if self._lib.OPENSSL_VERSION_NUMBER < 0x1000000f: + return (utils.bit_length(p) <= 1024 and utils.bit_length(q) <= 160) else: return True @@ -1334,8 +1328,7 @@ class _RSAVerificationContext(object): @utils.register_interface(interfaces.AsymmetricVerificationContext) class _DSAVerificationContext(object): - def __init__( - self, backend, public_key, signature, algorithm): + def __init__(self, backend, public_key, signature, algorithm): self._backend = backend self._public_key = public_key self._signature = signature @@ -1361,6 +1354,8 @@ class _DSAVerificationContext(object): data_to_verify = self._hash_ctx.finalize() self._hash_ctx = None + # The first parameter passed to DSA_verify is unused by OpenSSL but + # must be an integer. res = self._backend._lib.DSA_verify( 0, data_to_verify, len(data_to_verify), self._signature, len(self._signature), self._dsa_cdata) diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index 3b3d5eff..6833f221 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -351,7 +351,8 @@ A specific ``backend`` may provide one or more of these interfaces. :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey` provider. - :param bytes signature: The signature to verify. + :param bytes signature: The signature to verify. DER encoded as + specified in :rfc:`6979`. :param algorithm: An instance of a :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` @@ -369,14 +370,16 @@ A specific ``backend`` may provide one or more of these interfaces. :returns: ``True`` if the specified ``algorithm`` is supported by this backend, otherwise ``False``. - .. method:: dsa_parameters_supported(p, q): + .. method:: dsa_parameters_supported(p, q, g): :param int p: The p value of a DSA key. :param int q: The q value of a DSA key. - :returns: ``True`` if the given values of ``p`` and ``q`` are supported - by this backend, otherwise ``False``. + :param int g: The g value of a DSA key. + + :returns: ``True`` if the given values of ``p``, ``q``, and ``g`` are + supported by this backend, otherwise ``False``. .. class:: CMACBackend diff --git a/docs/hazmat/primitives/asymmetric/dsa.rst b/docs/hazmat/primitives/asymmetric/dsa.rst index 5cee5705..03e476b6 100644 --- a/docs/hazmat/primitives/asymmetric/dsa.rst +++ b/docs/hazmat/primitives/asymmetric/dsa.rst @@ -142,7 +142,7 @@ DSA ... hashes.SHA256(), ... default_backend() ... ) - >>> data= b"this is some data I'd like to sign" + >>> data = b"this is some data I'd like to sign" >>> signer.update(data) >>> signature = signer.finalize() >>> public_key = private_key.public_key() @@ -154,7 +154,7 @@ DSA >>> verifier.update(data) >>> verifier.verify() - :param bytes signature: The signature to verify in DER encoding as + :param bytes signature: The signature to verify. DER encoded as specified in :rfc:`6979`. :param algorithm: An instance of a diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py index 67f90295..c6642e07 100644 --- a/tests/hazmat/primitives/test_dsa.py +++ b/tests/hazmat/primitives/test_dsa.py @@ -744,8 +744,11 @@ class TestDSAVerification(object): def test_dsa_verification(self, vector, backend): digest_algorithm = vector['digest_algorithm'].replace("-", "") algorithm = self._algorithms_dict[digest_algorithm] - if (not backend.dsa_parameters_supported(vector['p'], vector['q']) - or not backend.dsa_hash_supported(algorithm)): + if ( + not backend.dsa_parameters_supported( + vector['p'], vector['q'], vector['g'] + ) or not backend.dsa_hash_supported(algorithm) + ): pytest.skip( "{0} does not support the provided parameters".format(backend) ) |