aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/cryptography/hazmat/backends/openssl/dsa.py4
-rw-r--r--src/cryptography/hazmat/backends/openssl/ec.py4
-rw-r--r--src/cryptography/hazmat/backends/openssl/rsa.py4
-rw-r--r--src/cryptography/hazmat/backends/openssl/utils.py8
4 files changed, 17 insertions, 3 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/dsa.py b/src/cryptography/hazmat/backends/openssl/dsa.py
index e2ed3dfd..c2223250 100644
--- a/src/cryptography/hazmat/backends/openssl/dsa.py
+++ b/src/cryptography/hazmat/backends/openssl/dsa.py
@@ -7,7 +7,7 @@ from __future__ import absolute_import, division, print_function
from cryptography import utils
from cryptography.exceptions import InvalidSignature
from cryptography.hazmat.backends.openssl.utils import (
- _calculate_digest_and_algorithm
+ _calculate_digest_and_algorithm, _check_not_prehashed
)
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import (
@@ -121,6 +121,7 @@ class _DSAPrivateKey(object):
key_size = utils.read_only_property("_key_size")
def signer(self, signature_algorithm):
+ _check_not_prehashed(signature_algorithm)
return _DSASignatureContext(self._backend, self, signature_algorithm)
def private_numbers(self):
@@ -210,6 +211,7 @@ class _DSAPublicKey(object):
if not isinstance(signature, bytes):
raise TypeError("signature must be bytes.")
+ _check_not_prehashed(signature_algorithm)
return _DSAVerificationContext(
self._backend, self, signature, signature_algorithm
)
diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py
index 3a81f919..b70735dc 100644
--- a/src/cryptography/hazmat/backends/openssl/ec.py
+++ b/src/cryptography/hazmat/backends/openssl/ec.py
@@ -9,7 +9,7 @@ from cryptography.exceptions import (
InvalidSignature, UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.openssl.utils import (
- _calculate_digest_and_algorithm
+ _calculate_digest_and_algorithm, _check_not_prehashed
)
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import (
@@ -141,6 +141,7 @@ class _EllipticCurvePrivateKey(object):
def signer(self, signature_algorithm):
_check_signature_algorithm(signature_algorithm)
+ _check_not_prehashed(signature_algorithm.algorithm)
return _ECDSASignatureContext(
self._backend, self, signature_algorithm.algorithm
)
@@ -244,6 +245,7 @@ class _EllipticCurvePublicKey(object):
raise TypeError("signature must be bytes.")
_check_signature_algorithm(signature_algorithm)
+ _check_not_prehashed(signature_algorithm.algorithm)
return _ECDSAVerificationContext(
self._backend, self, signature, signature_algorithm.algorithm
)
diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py
index 0a375721..fdde4589 100644
--- a/src/cryptography/hazmat/backends/openssl/rsa.py
+++ b/src/cryptography/hazmat/backends/openssl/rsa.py
@@ -11,7 +11,7 @@ from cryptography.exceptions import (
InvalidSignature, UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.openssl.utils import (
- _calculate_digest_and_algorithm
+ _calculate_digest_and_algorithm, _check_not_prehashed
)
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import (
@@ -378,6 +378,7 @@ class _RSAPrivateKey(object):
key_size = utils.read_only_property("_key_size")
def signer(self, padding, algorithm):
+ _check_not_prehashed(algorithm)
return _RSASignatureContext(self._backend, self, padding, algorithm)
def decrypt(self, ciphertext, padding):
@@ -474,6 +475,7 @@ class _RSAPublicKey(object):
if not isinstance(signature, bytes):
raise TypeError("signature must be bytes.")
+ _check_not_prehashed(algorithm)
return _RSAVerificationContext(
self._backend, self, signature, padding, algorithm
)
diff --git a/src/cryptography/hazmat/backends/openssl/utils.py b/src/cryptography/hazmat/backends/openssl/utils.py
index e8b4a307..f71a62a5 100644
--- a/src/cryptography/hazmat/backends/openssl/utils.py
+++ b/src/cryptography/hazmat/backends/openssl/utils.py
@@ -23,3 +23,11 @@ def _calculate_digest_and_algorithm(backend, data, algorithm):
)
return (data, algorithm)
+
+
+def _check_not_prehashed(signature_algorithm):
+ if isinstance(signature_algorithm, Prehashed):
+ raise TypeError(
+ "Prehashed is only supported in the sign and verify methods. "
+ "It cannot be used with signer or verifier."
+ )
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-29 08:03:27 +0000