Commit c551c169 authored by Tristan Seligmann's avatar Tristan Seligmann

Import python-cryptography_1.5.3.orig.tar.gz

parent 4f82f670
Changelog
=========
1.5.3 - 2016-11-05
~~~~~~~~~~~~~~~~~~
* **SECURITY ISSUE**: Fixed a bug where ``HKDF`` would return an empty
byte-string if used with a ``length`` less than ``algorithm.digest_size``.
Credit to **Markus Döring** for reporting the issue.
1.5.2 - 2016-09-26
~~~~~~~~~~~~~~~~~~
......
Metadata-Version: 1.1
Name: cryptography
Version: 1.5.2
Version: 1.5.3
Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Home-page: https://github.com/pyca/cryptography
Author: The cryptography developers
......
Metadata-Version: 1.1
Name: cryptography
Version: 1.5.2
Version: 1.5.3
Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Home-page: https://github.com/pyca/cryptography
Author: The cryptography developers
......
......@@ -14,7 +14,7 @@ __summary__ = ("cryptography is a package which provides cryptographic recipes"
" and primitives to Python developers.")
__uri__ = "https://github.com/pyca/cryptography"
__version__ = "1.5.2"
__version__ = "1.5.3"
__author__ = "The cryptography developers"
__email__ = "cryptography-dev@python.org"
......
......@@ -91,7 +91,7 @@ class HKDFExpand(object):
output = [b""]
counter = 1
while (self._algorithm.digest_size // 8) * len(output) < self._length:
while self._algorithm.digest_size * (len(output) - 1) < self._length:
h = hmac.HMAC(key_material, self._algorithm, backend=self._backend)
h.update(output[-1])
h.update(self._info)
......
......@@ -142,6 +142,17 @@ class TestHKDF(object):
hkdf.verify(b"foo", u"bar")
def test_derive_short_output(self, backend):
hkdf = HKDF(
hashes.SHA256(),
4,
salt=None,
info=None,
backend=backend
)
assert hkdf.derive(b"\x01" * 16) == b"gJ\xfb{"
@pytest.mark.requires_backend_interface(interface=HMACBackend)
class TestHKDFExpand(object):
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment