diff options
| author | Eli Collins <elic@assurancetechnologies.com> | 2020-05-02 14:14:25 -0400 |
|---|---|---|
| committer | Eli Collins <elic@assurancetechnologies.com> | 2020-05-02 14:14:25 -0400 |
| commit | 18aa5a99271908054b8fc65d79c91c8404d486af (patch) | |
| tree | 9750869367a4290a26857c7500f2ca271deda112 /passlib/exc.py | |
| parent | 61f4f3ba5d520dc5b35415be7c9dae49911429db (diff) | |
| download | passlib-18aa5a99271908054b8fc65d79c91c8404d486af.tar.gz | |
reworked lookup_hash() and create_hex_digest() internals to work better
on FIPS systems (issue 116).
* lookup_hash():
- moved all hash consturctor error checks / handling into HashInfo object,
which simplifies lookup_hash() internals
- [minor] added "required" kwd, inverse of the now-deprecated "return_unknown" kwd
- [minor] now caches unknown/unsupported HashInfo records.
* HashInfo:
- now catches ValueErrors thrown by hash constructor,
and special-cased detection of "disabled for fips" errors.
- stub instances now have constructor that throws UnknownHashError,
instead of being None. calling code should detect stub instances via
the new "not info.supported" instead of testing for "info.const is None".
* create_hex_digest() now defaults to creating handlers w/ mock hash func
when it's not present (e.g. due to FIPS). this should let them be imported;
and defer the errors until they're actually used.
* added _set_mock_fips_mode() and some helps to make lookup_hash()
fake a FIPS mode system (per traceback provided in issue comments).
used this to make some preliminary UTs for the digest & hasher changes above.
Diffstat (limited to 'passlib/exc.py')
| -rw-r--r-- | passlib/exc.py | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/passlib/exc.py b/passlib/exc.py index c4b78b4..335fe91 100644 --- a/passlib/exc.py +++ b/passlib/exc.py @@ -155,14 +155,28 @@ class UsedTokenError(TokenError): class UnknownHashError(ValueError): - """Error raised by :class:`~passlib.crypto.lookup_hash` if hash name is not recognized. + """ + Error raised by :class:`~passlib.crypto.lookup_hash` if hash name is not recognized. This exception derives from :exc:`!ValueError`. + As of version 1.7.3, this may also be raised if hash algorithm is known, + but has been disabled due to FIPS mode (message will include phrase "disabled for fips"). + .. versionadded:: 1.7 + + .. versionchanged: 1.7.3 + added 'message' argument. """ - def __init__(self, name): + def __init__(self, name, message=None): self.name = name - ValueError.__init__(self, "unknown hash algorithm: %r" % name) + if message is None: + message = "unknown hash algorithm: %r" % name + self.message = message + ValueError.__init__(self, name, message) + + def __str__(self): + return self.message + #============================================================================= # warnings |