diff options
| -rw-r--r-- | cryptography/exceptions.py | 3 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/asymmetric/padding.py | 13 | ||||
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/padding.rst | 2 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_rsa.py | 9 |
4 files changed, 18 insertions, 9 deletions
diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py index b4ee8feb..b3c6ca7b 100644 --- a/cryptography/exceptions.py +++ b/cryptography/exceptions.py @@ -59,3 +59,6 @@ class InvalidKey(Exception): class InvalidToken(Exception): pass + + +DeprecatedIn04 = PendingDeprecationWarning diff --git a/cryptography/hazmat/primitives/asymmetric/padding.py b/cryptography/hazmat/primitives/asymmetric/padding.py index 8a1929bb..932c2e29 100644 --- a/cryptography/hazmat/primitives/asymmetric/padding.py +++ b/cryptography/hazmat/primitives/asymmetric/padding.py @@ -17,7 +17,7 @@ import warnings import six -from cryptography import utils +from cryptography import exceptions, utils from cryptography.hazmat.primitives import interfaces @@ -38,7 +38,7 @@ class PSS(object): warnings.warn( "salt_length is deprecated on MGF1 and should be added via the" " PSS constructor.", - PendingDeprecationWarning + exceptions.DeprecatedIn04 ) else: if (not isinstance(salt_length, six.integer_types) and @@ -48,6 +48,9 @@ class PSS(object): if salt_length is not self.MAX_LENGTH and salt_length < 0: raise ValueError("salt_length must be zero or greater") + if salt_length is None and self._mgf._salt_length is None: + raise ValueError("You must supply salt_length") + self._salt_length = salt_length @@ -62,9 +65,9 @@ class MGF1(object): if salt_length is not None: warnings.warn( - "salt_length is deprecated on MGF1 and should be added via the" - " PSS constructor.", - PendingDeprecationWarning + "salt_length is deprecated on MGF1 and should be passed to " + "the PSS constructor instead.", + exceptions.DeprecatedIn04 ) if (not isinstance(salt_length, six.integer_types) and salt_length is not self.MAX_LENGTH): diff --git a/docs/hazmat/primitives/asymmetric/padding.rst b/docs/hazmat/primitives/asymmetric/padding.rst index 6d584730..89af7eaa 100644 --- a/docs/hazmat/primitives/asymmetric/padding.rst +++ b/docs/hazmat/primitives/asymmetric/padding.rst @@ -47,7 +47,7 @@ Mask generation functions .. versionadded:: 0.3 .. versionchanged:: 0.4 - Deprecated ``salt_length`` parameter. + Deprecated the ``salt_length`` parameter. MGF1 (Mask Generation Function 1) is used as the mask generation function in :class:`PSS` padding. It takes a hash algorithm and a salt length. diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index c159ab8b..e15108a9 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -1128,7 +1128,7 @@ class TestPSS(object): def test_deprecation_warning(self): pytest.deprecated_call( padding.PSS, - **{"mgf": padding.MGF1(hashes.SHA1(), 20)} + padding.MGF1(hashes.SHA1(), 20) ) def test_invalid_salt_length_not_integer(self): @@ -1149,6 +1149,10 @@ class TestPSS(object): salt_length=-1 ) + def test_no_salt_length_supplied_pss_or_mgf1(self): + with pytest.raises(ValueError): + padding.PSS(mgf=padding.MGF1(hashes.SHA1())) + def test_valid_pss_parameters(self): algorithm = hashes.SHA1() salt_length = algorithm.digest_size @@ -1168,8 +1172,7 @@ class TestPSS(object): class TestMGF1(object): def test_deprecation_warning(self): pytest.deprecated_call( - padding.MGF1, - **{"algorithm": hashes.SHA1(), "salt_length": 20} + padding.MGF1, hashes.SHA1(), 20 ) def test_invalid_hash_algorithm(self): |