diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-10-11 11:36:05 -0500 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-10-11 11:36:05 -0500 |
| commit | 1ec38f6c1ca84014646d760754482ad7467f5b17 (patch) | |
| tree | 5997643f12385f8fdc79db64597500b20978e5dc | |
| parent | 450d9797a2320f85aff317e5cab39cc2339eabec (diff) | |
| parent | 79bee4ac1bed42e8df47dcaa11c83e1a55bd0b6f (diff) | |
| download | cryptography-1ec38f6c1ca84014646d760754482ad7467f5b17.tar.gz cryptography-1ec38f6c1ca84014646d760754482ad7467f5b17.tar.bz2 cryptography-1ec38f6c1ca84014646d760754482ad7467f5b17.zip | |
Merge pull request #2405 from alex/unkonwn-public-key
Fixed #2404 -- handle a certificate with an unknown public key
| -rw-r--r-- | docs/development/test-vectors.rst | 2 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 6 | ||||
| -rw-r--r-- | tests/test_x509.py | 15 | ||||
| -rw-r--r-- | vectors/cryptography_vectors/x509/custom/unsupported_subject_public_key_info.pem | 28 |
4 files changed, 50 insertions, 1 deletions
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index 15c3be96..81998f77 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -248,6 +248,8 @@ Custom X.509 Vectors policy constraints extension with an inhibit policy mapping element. * ``pc_require.pem`` - An RSA 2048 bit self-signed certificate containing a policy constraints extension with a require explicit policy element. +* ``unsupported_subject_public_key_info.pem`` - A certificate whose public key + is an unknown OID (``1.3.6.1.4.1.8432.1.1.2``). Custom X.509 Request Vectors ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 80f32e29..cfde4a73 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -260,7 +260,11 @@ class _Certificate(object): def public_key(self): pkey = self._backend._lib.X509_get_pubkey(self._x509) - self._backend.openssl_assert(pkey != self._backend._ffi.NULL) + if pkey == self._backend._ffi.NULL: + # Remove errors from the stack. + self._backend._consume_errors() + raise ValueError("Certificate public key is of an unknown type") + pkey = self._backend._ffi.gc(pkey, self._backend._lib.EVP_PKEY_free) return self._backend._evp_pkey_to_public_key(pkey) diff --git a/tests/test_x509.py b/tests/test_x509.py index 0c022df1..8035886c 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -2395,6 +2395,21 @@ class TestECDSACertificate(object): ] +@pytest.mark.requires_backend_interface(interface=X509Backend) +class TestOtherCertificate(object): + def test_unsupported_subject_public_key_info(self, backend): + cert = _load_cert( + os.path.join( + "x509", "custom", "unsupported_subject_public_key_info.pem" + ), + x509.load_pem_x509_certificate, + backend, + ) + + with pytest.raises(ValueError): + cert.public_key() + + class TestNameAttribute(object): def test_init_bad_oid(self): with pytest.raises(TypeError): diff --git a/vectors/cryptography_vectors/x509/custom/unsupported_subject_public_key_info.pem b/vectors/cryptography_vectors/x509/custom/unsupported_subject_public_key_info.pem new file mode 100644 index 00000000..aa06dfb7 --- /dev/null +++ b/vectors/cryptography_vectors/x509/custom/unsupported_subject_public_key_info.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEyTCCA7GgAwIBAgIIASZ+ezr7rN0wDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNV +BAYTAlVTMRAwDgYDVQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYD +VQQKEwhTYXd0b290aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3 +Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wIhgPMjAx +MTEyMDUwMDE2MzdaGA8yMDEzMDQxOTAxMTYzN1owgYoxCzAJBgNVBAYTAlVTMQsw +CQYDVQQIEwJPUjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRQw +EgYDVQQLEwtEZXZlbG9wbWVudDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsG +CSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggJLMBgGCisGAQQBwXABAQIGCisG +AQQBwXABAi4DggItAASCAihFDRAy0fOBZth/IRQFJeuEUgrViJfGvKOUuNW6yYmn +9/YXT2I3/aiBZ/udSehoEFVPNgLs/ZWwNrsIuETH5TPkS1e9Ig4I5G839deKT89M +Qpq7GiKLwlLY3He/a6O+/UMEFH4ShdhDopsH2+IsWCX0H7Lvp8L8RqURrQNFXvlr +xRAFiBixEQNry2HyEcVz/9TQSdifE4KGUtneErqsk1/Sms1m1/NqW30H77YerJfs +QWsOEgasoJnYWS6knJC4XsUbJKqKcHRc6XeODOyf72J3ESvES2C+cqEsShxVP7zG +hDiHurwfyvIAUL4bZSBtlAqt60iOEsXScXwdbNrj+4iuFAyjX8+JrxGMbDNi3X5l +L2RLUiEIKUSGUozbDlR3jU2WoHUm76mZwjGe1+vOKpvqh5yrRoyqiDERj8wsGrDO +MdoheW1xSjQ3p5fQ/UOtagWA5Lh/MqbCIHdMzMLpbOmfhFJA5BXaNg/qThhjpmvf +csYfwWCWukKKbjfY7cxOVMuUN0VvoYBjOxt5UQhXuPjH/+5s4J7E/IxQrWz6fhcG +wfvJjWJjedfhP23Jm4zodbwtU6MgPF641DcAwcnBqSi/Ugi7d0YeHMqTJkSnIJZV +r3v1YLuqiFDzB6bx69DGpCxFMxIpdOPq4a9WpeQQ9H7cBK0HFl4tRPNnQ2XCrKMc +86gQ35aaM2vPvgj0d/zgC0AG8WFQEG1wYBvLEgfiQsi7auXoScYZA8AwDQYJKoZI +hvcNAQEFBQADggEBAJ7eyiJIGiyyrhAdaYOit3U3CUkGSatNXTkn8PRO8SwzPWCi +FQ+4AePYV+/ovtNZiqLwm7mVa3s2CS8LCk2s9/ld22cDJNV+gDkzrelUyTLUi0jr +zZJwEiaNXIEkYrLGifSzoNUgQBTzDmOSkm2UpIX70GTsXF73FKdqonf1VTnopVKa +XZDpIG3/TKyh8jCwowMrkxnHS886FhXiHGCBzM1rnp3S+r3b+rTqoKoeuZQnDgJP +IZwnZL6agtwbUfmZj6/868irlsLtC9M5nKBtj/U/tQIrW52XEhBqChmTXIq0JNL1 +++kWLLeu9t0T53Pth3VxMT/ePV0aURQvjINm60o= +-----END CERTIFICATE----- |