From 95e993cf4eb3ded8e3d98a703b0f902821aeec0e Mon Sep 17 00:00:00 2001 From: mtu Date: Mon, 23 Jan 2017 11:04:33 +0100 Subject: [PATCH 1/2] Remove DH generator size constraint --- src/cryptography/hazmat/primitives/asymmetric/dh.py | 3 --- tests/hazmat/primitives/test_dh.py | 5 ----- 2 files changed, 8 deletions(-) diff --git a/src/cryptography/hazmat/primitives/asymmetric/dh.py b/src/cryptography/hazmat/primitives/asymmetric/dh.py index 92a493a082cb..e19572db0df8 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/dh.py +++ b/src/cryptography/hazmat/primitives/asymmetric/dh.py @@ -87,9 +87,6 @@ def __init__(self, p, g, q=None): if q is not None and not isinstance(q, six.integer_types): raise TypeError("q must be integer or None") - if q is None and g not in (2, 5): - raise ValueError("DH generator must be 2 or 5") - self._p = p self._g = g self._q = q diff --git a/tests/hazmat/primitives/test_dh.py b/tests/hazmat/primitives/test_dh.py index fa658ae5ed66..3178d67a5de6 100644 --- a/tests/hazmat/primitives/test_dh.py +++ b/tests/hazmat/primitives/test_dh.py @@ -51,11 +51,6 @@ def test_dh_parameternumbers(): None, None ) - with pytest.raises(ValueError): - dh.DHParameterNumbers( - 65537, 7 - ) - params = dh.DHParameterNumbers( 65537, 7, 1245 ) From 1d999b8a1e652d6360b494a1a6212acc32c1bdc5 Mon Sep 17 00:00:00 2001 From: mtu Date: Mon, 17 Jul 2017 10:56:51 +0200 Subject: [PATCH 2/2] Check that g > 1 --- src/cryptography/hazmat/primitives/asymmetric/dh.py | 3 +++ tests/hazmat/primitives/test_dh.py | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/src/cryptography/hazmat/primitives/asymmetric/dh.py b/src/cryptography/hazmat/primitives/asymmetric/dh.py index e19572db0df8..4fc995245d95 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/dh.py +++ b/src/cryptography/hazmat/primitives/asymmetric/dh.py @@ -87,6 +87,9 @@ def __init__(self, p, g, q=None): if q is not None and not isinstance(q, six.integer_types): raise TypeError("q must be integer or None") + if g < 2: + raise ValueError("DH generator must be 2 or greater") + self._p = p self._g = g self._q = q diff --git a/tests/hazmat/primitives/test_dh.py b/tests/hazmat/primitives/test_dh.py index 3178d67a5de6..25be51c9200c 100644 --- a/tests/hazmat/primitives/test_dh.py +++ b/tests/hazmat/primitives/test_dh.py @@ -51,6 +51,11 @@ def test_dh_parameternumbers(): None, None ) + with pytest.raises(ValueError): + dh.DHParameterNumbers( + 65537, 1 + ) + params = dh.DHParameterNumbers( 65537, 7, 1245 )