diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2014-10-14 10:18:27 -0700 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2014-10-14 10:18:27 -0700 |
| commit | b38ae0a5e3117eaa5c73e0bd1a34e5a5981b162b (patch) | |
| tree | 3621be53d19a979a60775e822d558e3e6bab3bb9 | |
| parent | c97992640a13c6fa654954c801988c2dc401c0f5 (diff) | |
| parent | 26c5c42edde913f9146de5553af1414640115a49 (diff) | |
| download | cryptography-b38ae0a5e3117eaa5c73e0bd1a34e5a5981b162b.tar.gz cryptography-b38ae0a5e3117eaa5c73e0bd1a34e5a5981b162b.tar.bz2 cryptography-b38ae0a5e3117eaa5c73e0bd1a34e5a5981b162b.zip | |
Merge pull request #1398 from reaperhulk/fix-1389
if EC_KEY_check_key fails consume errors off stack (+ add test)
| -rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py | 4 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_ec.py | 14 |
2 files changed, 17 insertions, 1 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index eadea50e..a449a55e 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -1007,7 +1007,9 @@ class Backend(object): assert res == 1 res = self._lib.EC_KEY_check_key(ctx) - assert res == 1 + if res != 1: + self._consume_errors() + raise ValueError("Invalid EC key.") return ctx diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py index c53a0cb6..887520de 100644 --- a/tests/hazmat/primitives/test_ec.py +++ b/tests/hazmat/primitives/test_ec.py @@ -260,6 +260,20 @@ class TestECDSAVectors(object): ec.SECP192R1() ) is False + def test_load_invalid_ec_key_from_numbers(self, backend): + _skip_curve_unsupported(backend, ec.SECP256R1()) + + numbers = ec.EllipticCurvePrivateNumbers( + 357646505660320080863666618182642070958081774038609089496899025506, + ec.EllipticCurvePublicNumbers( + 47250808410327023131573602008345894927686381772325561185532964, + 1120253292479243545483756778742719537373113335231773536789915, + ec.SECP256R1(), + ) + ) + with pytest.raises(ValueError): + numbers.private_key(backend) + @pytest.mark.parametrize( "vector", load_vectors_from_file( |