diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2013-12-21 14:34:21 -0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2013-12-21 14:34:21 -0800 |
| commit | 9b7624e3cd4d19cae38bc8f05eea7b6164445453 (patch) | |
| tree | 16b8ecff0fd839b221c596642a118dee9acb05d1 | |
| parent | 4447e5a72c6c5d4f3f8fc27711e094540d66ef67 (diff) | |
| parent | 447d64fb69e19c0059e3ba18ef3b1317a716a7c4 (diff) | |
| download | cryptography-9b7624e3cd4d19cae38bc8f05eea7b6164445453.tar.gz cryptography-9b7624e3cd4d19cae38bc8f05eea7b6164445453.tar.bz2 cryptography-9b7624e3cd4d19cae38bc8f05eea7b6164445453.zip | |
Merge pull request #326 from public/unsupported-hmac-hash
Raise UnsupportedAlgorithm when initing HMACs
| -rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py | 6 | ||||
| -rw-r--r-- | docs/hazmat/primitives/hmac.rst | 2 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hmac.py | 14 |
3 files changed, 19 insertions, 3 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 5b7cb3de..b9e8b896 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -446,7 +446,11 @@ class _HMACContext(object): ctx = self._backend.ffi.gc(ctx, self._backend.lib.HMAC_CTX_cleanup) evp_md = self._backend.lib.EVP_get_digestbyname( algorithm.name.encode('ascii')) - assert evp_md != self._backend.ffi.NULL + if evp_md == self._backend.ffi.NULL: + raise UnsupportedAlgorithm( + "{0} is not a supported hash on this backend".format( + algorithm.name) + ) res = self._backend.lib.Cryptography_HMAC_Init_ex( ctx, key, len(key), evp_md, self._backend.ffi.NULL ) diff --git a/docs/hazmat/primitives/hmac.rst b/docs/hazmat/primitives/hmac.rst index 0c0d0220..0547b7d2 100644 --- a/docs/hazmat/primitives/hmac.rst +++ b/docs/hazmat/primitives/hmac.rst @@ -34,6 +34,8 @@ message. >>> h.finalize() '#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J' + If the backend doesn't support the requested ``algorithm`` an + :class:`~cryptography.exceptions.UnsupportedAlgorithm` will be raised. :param key: Secret key as ``bytes``. :param algorithm: A diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index 992bcb1a..124c4377 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -19,12 +19,18 @@ import pytest import six -from cryptography.exceptions import AlreadyFinalized -from cryptography.hazmat.primitives import hashes, hmac +from cryptography import utils +from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm +from cryptography.hazmat.primitives import hashes, hmac, interfaces from .utils import generate_base_hmac_test +@utils.register_interface(interfaces.HashAlgorithm) +class UnsupportedDummyHash(object): + name = "unsupported-dummy-hash" + + class TestHMAC(object): test_copy = generate_base_hmac_test( hashes.MD5(), @@ -63,3 +69,7 @@ class TestHMAC(object): with pytest.raises(AlreadyFinalized): h.finalize() + + def test_unsupported_hash(self, backend): + with pytest.raises(UnsupportedAlgorithm): + hmac.HMAC(b"key", UnsupportedDummyHash(), backend) |