9 files changed, 40 insertions, 15 deletions

diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py
index ca7122c2..aaaca5e2 100644
--- a/cryptography/hazmat/backends/interfaces.py
+++ b/cryptography/hazmat/backends/interfaces.py
@@ -147,9 +147,9 @@ class DSABackend(object):
 
 
 @six.add_metaclass(abc.ABCMeta)
-class OpenSSLSerializationBackend(object):
+class TraditionalOpenSSLSerializationBackend(object):
     @abc.abstractmethod
-    def load_openssl_pem_private_key(self, data, password):
+    def load_traditional_openssl_pem_private_key(self, data, password):
         """
         Load a private key from PEM encoded data, using password if the data
         is encrypted.
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index 2114cd8f..f9154f3b 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -351,7 +351,7 @@ class Backend(object):
     def _new_evp_pkey(self):
         evp_pkey = self._lib.EVP_PKEY_new()
         assert evp_pkey != self._ffi.NULL
-        return self._ffi.gc(evp_pkey, backend._lib.EVP_PKEY_free)
+        return self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
 
     def _rsa_private_key_to_evp_pkey(self, private_key):
         evp_pkey = self._new_evp_pkey()
@@ -603,8 +603,8 @@ class Backend(object):
 
     def cmac_algorithm_supported(self, algorithm):
         return (
-            backend._lib.Cryptography_HAS_CMAC == 1
-            and backend.cipher_supported(algorithm, CBC(
+            self._lib.Cryptography_HAS_CMAC == 1
+            and self.cipher_supported(algorithm, CBC(
                 b"\x00" * algorithm.block_size))
         )
 
diff --git a/cryptography/hazmat/bindings/commoncrypto/binding.py b/cryptography/hazmat/bindings/commoncrypto/binding.py
index 3673ea36..144bb099 100644
--- a/cryptography/hazmat/bindings/commoncrypto/binding.py
+++ b/cryptography/hazmat/bindings/commoncrypto/binding.py
@@ -42,8 +42,10 @@ class Binding(object):
         if cls.ffi is not None and cls.lib is not None:
             return
 
-        cls.ffi, cls.lib = build_ffi(cls._module_prefix, cls._modules,
-                                     "", "", [])
+        cls.ffi, cls.lib = build_ffi(
+            module_prefix=cls._module_prefix,
+            modules=cls._modules,
+        )
 
     @classmethod
     def is_available(cls):
diff --git a/cryptography/hazmat/bindings/openssl/binding.py b/cryptography/hazmat/bindings/openssl/binding.py
index cc40a108..f0ff3275 100644
--- a/cryptography/hazmat/bindings/openssl/binding.py
+++ b/cryptography/hazmat/bindings/openssl/binding.py
@@ -97,9 +97,13 @@ class Binding(object):
         else:  # pragma: no cover
             libraries = ["libeay32", "ssleay32", "advapi32"]
 
-        cls.ffi, cls.lib = build_ffi(cls._module_prefix, cls._modules,
-                                     _OSX_PRE_INCLUDE, _OSX_POST_INCLUDE,
-                                     libraries)
+        cls.ffi, cls.lib = build_ffi(
+            module_prefix=cls._module_prefix,
+            modules=cls._modules,
+            pre_include=_OSX_PRE_INCLUDE,
+            post_include=_OSX_POST_INCLUDE,
+            libraries=libraries,
+        )
         res = cls.lib.Cryptography_add_osrandom_engine()
         assert res != 0
 
diff --git a/cryptography/hazmat/bindings/openssl/dsa.py b/cryptography/hazmat/bindings/openssl/dsa.py
index a5305893..7db03326 100644
--- a/cryptography/hazmat/bindings/openssl/dsa.py
+++ b/cryptography/hazmat/bindings/openssl/dsa.py
@@ -48,6 +48,10 @@ void DSA_SIG_free(DSA_SIG *);
 int i2d_DSA_SIG(const DSA_SIG *, unsigned char **);
 DSA_SIG *d2i_DSA_SIG(DSA_SIG **, const unsigned char **, long);
 int DSA_size(const DSA *);
+int DSA_sign(int, const unsigned char *, int, unsigned char *, unsigned int *,
+             DSA *);
+int DSA_verify(int, const unsigned char *, int, const unsigned char *, int,
+               DSA *);
 """
 
 MACROS = """
diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/bindings/openssl/err.py
index c08c880c..f6456d66 100644
--- a/cryptography/hazmat/bindings/openssl/err.py
+++ b/cryptography/hazmat/bindings/openssl/err.py
@@ -138,6 +138,7 @@ static const int EVP_F_RC5_CTRL;
 static const int EVP_R_AES_KEY_SETUP_FAILED;
 static const int EVP_R_ASN1_LIB;
 static const int EVP_R_BAD_BLOCK_LENGTH;
+static const int EVP_R_BAD_DECRYPT;
 static const int EVP_R_BAD_KEY_LENGTH;
 static const int EVP_R_BN_DECODE_ERROR;
 static const int EVP_R_BN_PUBKEY_ERROR;
diff --git a/cryptography/hazmat/bindings/openssl/x509.py b/cryptography/hazmat/bindings/openssl/x509.py
index 92870369..36a15e4a 100644
--- a/cryptography/hazmat/bindings/openssl/x509.py
+++ b/cryptography/hazmat/bindings/openssl/x509.py
@@ -183,8 +183,13 @@ const char *X509_get_default_private_dir(void);
 
 int i2d_RSA_PUBKEY(RSA *, unsigned char **);
 RSA *d2i_RSA_PUBKEY(RSA **, const unsigned char **, long);
+RSA *d2i_RSAPublicKey(RSA **, const unsigned char **, long);
+RSA *d2i_RSAPrivateKey(RSA **, const unsigned char **, long);
 int i2d_DSA_PUBKEY(DSA *, unsigned char **);
 DSA *d2i_DSA_PUBKEY(DSA **, const unsigned char **, long);
+DSA *d2i_DSAPublicKey(DSA **, const unsigned char **, long);
+DSA *d2i_DSAPrivateKey(DSA **, const unsigned char **, long);
+
 
 RSA *d2i_RSAPrivateKey_bio(BIO *, RSA **);
 int i2d_RSAPrivateKey_bio(BIO *, RSA *);
@@ -223,6 +228,11 @@ void sk_X509_EXTENSION_free(X509_EXTENSIONS *);
 int sk_X509_REVOKED_num(Cryptography_STACK_OF_X509_REVOKED *);
 X509_REVOKED *sk_X509_REVOKED_value(Cryptography_STACK_OF_X509_REVOKED *, int);
 
+int i2d_RSAPublicKey(RSA *, unsigned char **);
+int i2d_RSAPrivateKey(RSA *, unsigned char **);
+int i2d_DSAPublicKey(DSA *, unsigned char **);
+int i2d_DSAPrivateKey(DSA *, unsigned char **);
+
 /* These aren't macros these arguments are all const X on openssl > 1.0.x */
 int X509_CRL_set_lastUpdate(X509_CRL *, ASN1_TIME *);
 int X509_CRL_set_nextUpdate(X509_CRL *, ASN1_TIME *);
diff --git a/cryptography/hazmat/bindings/utils.py b/cryptography/hazmat/bindings/utils.py
index 318b82bb..1c48116e 100644
--- a/cryptography/hazmat/bindings/utils.py
+++ b/cryptography/hazmat/bindings/utils.py
@@ -20,7 +20,8 @@ import sys
 import cffi
 
 
-def build_ffi(module_prefix, modules, pre_include, post_include, libraries):
+def build_ffi(module_prefix, modules, pre_include="", post_include="",
+              libraries=[], extra_compile_args=[], extra_link_args=[]):
     """
     Modules listed in ``modules`` should have the following attributes:
 
@@ -75,6 +76,8 @@ def build_ffi(module_prefix, modules, pre_include, post_include, libraries):
         modulename=_create_modulename(cdef_sources, source, sys.version),
         libraries=libraries,
         ext_package="cryptography",
+        extra_compile_args=extra_compile_args,
+        extra_link_args=extra_link_args,
     )
 
     for name in modules:
diff --git a/cryptography/hazmat/primitives/padding.py b/cryptography/hazmat/primitives/padding.py
index d78c6a5b..c1a763b5 100644
--- a/cryptography/hazmat/primitives/padding.py
+++ b/cryptography/hazmat/primitives/padding.py
@@ -20,6 +20,7 @@ import cffi
 import six
 
 from cryptography import utils
+from cryptography.exceptions import AlreadyFinalized
 from cryptography.hazmat.bindings.utils import _create_modulename
 from cryptography.hazmat.primitives import interfaces
 
@@ -101,7 +102,7 @@ class _PKCS7PaddingContext(object):
 
     def update(self, data):
         if self._buffer is None:
-            raise ValueError("Context was already finalized")
+            raise AlreadyFinalized("Context was already finalized")
 
         if isinstance(data, six.text_type):
             raise TypeError("Unicode-objects must be encoded before padding")
@@ -117,7 +118,7 @@ class _PKCS7PaddingContext(object):
 
     def finalize(self):
         if self._buffer is None:
-            raise ValueError("Context was already finalized")
+            raise AlreadyFinalized("Context was already finalized")
 
         pad_size = self.block_size // 8 - len(self._buffer)
         result = self._buffer + six.int2byte(pad_size) * pad_size
@@ -134,7 +135,7 @@ class _PKCS7UnpaddingContext(object):
 
     def update(self, data):
         if self._buffer is None:
-            raise ValueError("Context was already finalized")
+            raise AlreadyFinalized("Context was already finalized")
 
         if isinstance(data, six.text_type):
             raise TypeError("Unicode-objects must be encoded before unpadding")
@@ -153,7 +154,7 @@ class _PKCS7UnpaddingContext(object):
 
     def finalize(self):
         if self._buffer is None:
-            raise ValueError("Context was already finalized")
+            raise AlreadyFinalized("Context was already finalized")
 
         if len(self._buffer) != self.block_size // 8:
             raise ValueError("Invalid padding bytes")