aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGELOG.rst5
-rw-r--r--cryptography/hazmat/backends/openssl/rsa.py5
-rw-r--r--cryptography/hazmat/primitives/asymmetric/padding.py43
-rw-r--r--cryptography/utils.py3
-rw-r--r--docs/hazmat/primitives/asymmetric/padding.rst4
-rw-r--r--tests/hazmat/primitives/test_rsa.py93
6 files changed, 33 insertions, 120 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 055c5abf..d0629c24 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -6,6 +6,11 @@ Changelog
.. note:: This version is not yet released and is under active development.
+* Removed the, deprecated in 0.4, support for the ``salt_length`` argument to
+ the :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1`
+ constructor. The ``salt_length`` should be passed to
+ :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` instead.
+
0.5.1 - 2014-07-07
~~~~~~~~~~~~~~~~~~
diff --git a/cryptography/hazmat/backends/openssl/rsa.py b/cryptography/hazmat/backends/openssl/rsa.py
index 6f28c541..21ac1573 100644
--- a/cryptography/hazmat/backends/openssl/rsa.py
+++ b/cryptography/hazmat/backends/openssl/rsa.py
@@ -30,10 +30,7 @@ from cryptography.hazmat.primitives.interfaces import (
def _get_rsa_pss_salt_length(pss, key_size, digest_size):
- if pss._mgf._salt_length is not None:
- salt = pss._mgf._salt_length
- else:
- salt = pss._salt_length
+ salt = pss._salt_length
if salt is MGF1.MAX_LENGTH or salt is PSS.MAX_LENGTH:
# bit length - 1 per RFC 3447
diff --git a/cryptography/hazmat/primitives/asymmetric/padding.py b/cryptography/hazmat/primitives/asymmetric/padding.py
index d44bbda5..3967e065 100644
--- a/cryptography/hazmat/primitives/asymmetric/padding.py
+++ b/cryptography/hazmat/primitives/asymmetric/padding.py
@@ -13,8 +13,6 @@
from __future__ import absolute_import, division, print_function
-import warnings
-
import six
from cryptography import utils
@@ -31,26 +29,15 @@ class PSS(object):
MAX_LENGTH = object()
name = "EMSA-PSS"
- def __init__(self, mgf, salt_length=None):
+ def __init__(self, mgf, salt_length):
self._mgf = mgf
- if salt_length is None:
- warnings.warn(
- "salt_length is deprecated on MGF1 and should be added via the"
- " PSS constructor.",
- utils.DeprecatedIn04,
- stacklevel=2
- )
- else:
- if (not isinstance(salt_length, six.integer_types) and
- salt_length is not self.MAX_LENGTH):
- raise TypeError("salt_length must be an integer.")
-
- if salt_length is not self.MAX_LENGTH and salt_length < 0:
- raise ValueError("salt_length must be zero or greater.")
+ if (not isinstance(salt_length, six.integer_types) and
+ salt_length is not self.MAX_LENGTH):
+ raise TypeError("salt_length must be an integer.")
- if salt_length is None and self._mgf._salt_length is None:
- raise ValueError("You must supply salt_length.")
+ if salt_length is not self.MAX_LENGTH and salt_length < 0:
+ raise ValueError("salt_length must be zero or greater.")
self._salt_length = salt_length
@@ -71,24 +58,8 @@ class OAEP(object):
class MGF1(object):
MAX_LENGTH = object()
- def __init__(self, algorithm, salt_length=None):
+ def __init__(self, algorithm):
if not isinstance(algorithm, interfaces.HashAlgorithm):
raise TypeError("Expected instance of interfaces.HashAlgorithm.")
self._algorithm = algorithm
-
- if salt_length is not None:
- warnings.warn(
- "salt_length is deprecated on MGF1 and should be passed to "
- "the PSS constructor instead.",
- utils.DeprecatedIn04,
- stacklevel=2
- )
- if (not isinstance(salt_length, six.integer_types) and
- salt_length is not self.MAX_LENGTH):
- raise TypeError("salt_length must be an integer.")
-
- if salt_length is not self.MAX_LENGTH and salt_length < 0:
- raise ValueError("salt_length must be zero or greater.")
-
- self._salt_length = salt_length
diff --git a/cryptography/utils.py b/cryptography/utils.py
index 1db16151..9c574085 100644
--- a/cryptography/utils.py
+++ b/cryptography/utils.py
@@ -16,8 +16,7 @@ from __future__ import absolute_import, division, print_function
import sys
-DeprecatedIn04 = DeprecationWarning
-DeprecatedIn05 = PendingDeprecationWarning
+DeprecatedIn05 = DeprecationWarning
def register_interface(iface):
diff --git a/docs/hazmat/primitives/asymmetric/padding.rst b/docs/hazmat/primitives/asymmetric/padding.rst
index 40084799..00c77590 100644
--- a/docs/hazmat/primitives/asymmetric/padding.rst
+++ b/docs/hazmat/primitives/asymmetric/padding.rst
@@ -63,8 +63,8 @@ Mask generation functions
.. versionadded:: 0.3
- .. versionchanged:: 0.4
- Deprecated the ``salt_length`` parameter.
+ .. versionchanged:: 0.6
+ Removed the deprecated ``salt_length`` parameter.
MGF1 (Mask Generation Function 1) is used as the mask generation function
in :class:`PSS` padding. It takes a hash algorithm and a salt length.
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 04908453..8e850737 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -511,46 +511,6 @@ class TestRSASignature(object):
verifier.update(binascii.unhexlify(example["message"]))
verifier.verify()
- @pytest.mark.supported(
- only_if=lambda backend: backend.rsa_padding_supported(
- padding.PSS(
- mgf=padding.MGF1(hashes.SHA1()),
- salt_length=padding.PSS.MAX_LENGTH
- )
- ),
- skip_message="Does not support PSS."
- )
- def test_deprecated_pss_mgf1_salt_length(self, backend):
- private_key = RSA_KEY_512.private_key(backend)
- signer = private_key.signer(
- pytest.deprecated_call(
- padding.PSS,
- mgf=pytest.deprecated_call(
- padding.MGF1,
- algorithm=hashes.SHA1(),
- salt_length=padding.MGF1.MAX_LENGTH
- )
- ),
- hashes.SHA1()
- )
- signer.update(b"so deprecated")
- signature = signer.finalize()
- assert len(signature) == math.ceil(private_key.key_size / 8.0)
- verifier = private_key.public_key().verifier(
- signature,
- pytest.deprecated_call(
- padding.PSS,
- mgf=pytest.deprecated_call(
- padding.MGF1,
- algorithm=hashes.SHA1(),
- salt_length=padding.MGF1.MAX_LENGTH
- )
- ),
- hashes.SHA1()
- )
- verifier.update(b"so deprecated")
- verifier.verify()
-
@pytest.mark.parametrize(
"hash_alg",
[hashes.SHA224(), hashes.SHA256(), hashes.SHA384(), hashes.SHA512()]
@@ -701,7 +661,13 @@ class TestRSASignature(object):
def test_unsupported_pss_mgf(self, backend):
private_key = RSA_KEY_512.private_key(backend)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF):
- private_key.signer(padding.PSS(mgf=DummyMGF()), hashes.SHA1())
+ private_key.signer(
+ padding.PSS(
+ mgf=DummyMGF(),
+ salt_length=padding.PSS.MAX_LENGTH
+ ),
+ hashes.SHA1()
+ )
@pytest.mark.supported(
only_if=lambda backend: backend.rsa_padding_supported(
@@ -1014,8 +980,14 @@ class TestRSAVerification(object):
private_key = RSA_KEY_512.private_key(backend)
public_key = private_key.public_key()
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF):
- public_key.verifier(b"sig", padding.PSS(mgf=DummyMGF()),
- hashes.SHA1())
+ public_key.verifier(
+ b"sig",
+ padding.PSS(
+ mgf=DummyMGF(),
+ salt_length=padding.PSS.MAX_LENGTH
+ ),
+ hashes.SHA1()
+ )
@pytest.mark.supported(
only_if=lambda backend: backend.rsa_padding_supported(
@@ -1307,12 +1279,6 @@ class TestRSAPKCS1Verification(object):
class TestPSS(object):
- def test_deprecation_warning(self):
- pytest.deprecated_call(
- padding.PSS,
- mgf=padding.MGF1(hashes.SHA1(), 20)
- )
-
def test_invalid_salt_length_not_integer(self):
with pytest.raises(TypeError):
padding.PSS(
@@ -1331,10 +1297,6 @@ class TestPSS(object):
salt_length=-1
)
- def test_no_salt_length_supplied_pss_or_mgf1(self):
- with pytest.raises(ValueError):
- padding.PSS(mgf=padding.MGF1(hashes.SHA1()))
-
def test_valid_pss_parameters(self):
algorithm = hashes.SHA1()
salt_length = algorithm.digest_size
@@ -1352,35 +1314,14 @@ class TestPSS(object):
class TestMGF1(object):
- def test_deprecation_warning(self):
- pytest.deprecated_call(
- padding.MGF1, algorithm=hashes.SHA1(), salt_length=20
- )
-
def test_invalid_hash_algorithm(self):
with pytest.raises(TypeError):
- padding.MGF1(b"not_a_hash", 0)
-
- def test_invalid_salt_length_not_integer(self):
- with pytest.raises(TypeError):
- padding.MGF1(hashes.SHA1(), b"not_a_length")
-
- def test_invalid_salt_length_negative_integer(self):
- with pytest.raises(ValueError):
- padding.MGF1(hashes.SHA1(), -1)
+ padding.MGF1(b"not_a_hash")
def test_valid_mgf1_parameters(self):
algorithm = hashes.SHA1()
- salt_length = algorithm.digest_size
- mgf = padding.MGF1(algorithm, salt_length)
- assert mgf._algorithm == algorithm
- assert mgf._salt_length == salt_length
-
- def test_valid_mgf1_parameters_maximum(self):
- algorithm = hashes.SHA1()
- mgf = padding.MGF1(algorithm, padding.MGF1.MAX_LENGTH)
+ mgf = padding.MGF1(algorithm)
assert mgf._algorithm == algorithm
- assert mgf._salt_length == padding.MGF1.MAX_LENGTH
class TestOAEP(object):
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-29 20:01:43 +0000