From cc12beaccae801aa901c1f3dc9c936244633b022 Mon Sep 17 00:00:00 2001 From: mtury Date: Mon, 17 Jul 2017 14:23:04 +0200 Subject: Remove DH generator size constraint (#3364) * Remove DH generator size constraint * Check that g > 1 --- src/cryptography/hazmat/primitives/asymmetric/dh.py | 4 ++-- tests/hazmat/primitives/test_dh.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/cryptography/hazmat/primitives/asymmetric/dh.py b/src/cryptography/hazmat/primitives/asymmetric/dh.py index 92a493a0..4fc99524 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/dh.py +++ b/src/cryptography/hazmat/primitives/asymmetric/dh.py @@ -87,8 +87,8 @@ class DHParameterNumbers(object): if q is not None and not isinstance(q, six.integer_types): raise TypeError("q must be integer or None") - if q is None and g not in (2, 5): - raise ValueError("DH generator must be 2 or 5") + if g < 2: + raise ValueError("DH generator must be 2 or greater") self._p = p self._g = g diff --git a/tests/hazmat/primitives/test_dh.py b/tests/hazmat/primitives/test_dh.py index fa658ae5..25be51c9 100644 --- a/tests/hazmat/primitives/test_dh.py +++ b/tests/hazmat/primitives/test_dh.py @@ -53,7 +53,7 @@ def test_dh_parameternumbers(): with pytest.raises(ValueError): dh.DHParameterNumbers( - 65537, 7 + 65537, 1 ) params = dh.DHParameterNumbers( -- cgit v1.2.3