diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2016-03-12 16:11:34 -0500 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2016-03-12 16:11:34 -0500 |
commit | c2571094fb9cd5dafcb4324a680743fc0426fd08 (patch) | |
tree | 96f5e63e471bedf430b8923b0f887c4835067a6e | |
parent | 45f1253acc3d94a915d44f0cf855ddafcfe5a630 (diff) | |
parent | bdc066db2551a0e8ded570dbd27640e64f2e6cac (diff) | |
download | cryptography-c2571094fb9cd5dafcb4324a680743fc0426fd08.tar.gz cryptography-c2571094fb9cd5dafcb4324a680743fc0426fd08.tar.bz2 cryptography-c2571094fb9cd5dafcb4324a680743fc0426fd08.zip |
Merge pull request #2815 from reaperhulk/error-on-unusual-encodings
Error on unusual encodings
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/decode_asn1.py | 6 | ||||
-rw-r--r-- | tests/hazmat/backends/test_openssl.py | 21 |
2 files changed, 26 insertions, 1 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/decode_asn1.py b/src/cryptography/hazmat/backends/openssl/decode_asn1.py index 140d3de4..26f56d12 100644 --- a/src/cryptography/hazmat/backends/openssl/decode_asn1.py +++ b/src/cryptography/hazmat/backends/openssl/decode_asn1.py @@ -709,7 +709,11 @@ def _asn1_string_to_ascii(backend, asn1_string): def _asn1_string_to_utf8(backend, asn1_string): buf = backend._ffi.new("unsigned char **") res = backend._lib.ASN1_STRING_to_UTF8(buf, asn1_string) - backend.openssl_assert(res >= 0) + if res == -1: + raise ValueError( + "Unsupported ASN1 string type. Type: {0}".format(asn1_string.type) + ) + backend.openssl_assert(buf[0] != backend._ffi.NULL) buf = backend._ffi.gc( buf, lambda buffer: backend._lib.OPENSSL_free(buffer[0]) diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 072f8be3..52bee7b3 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -31,6 +31,7 @@ from ..primitives.test_ec import _skip_curve_unsupported from ...doubles import ( DummyAsymmetricPadding, DummyCipherAlgorithm, DummyHashAlgorithm, DummyMode ) +from ...test_x509 import _load_cert from ...utils import load_vectors_from_file, raises_unsupported_algorithm @@ -656,3 +657,23 @@ class TestRSAPEMSerialization(object): serialization.PrivateFormat.PKCS8, serialization.BestAvailableEncryption(password) ) + + +class TestGOSTCertificate(object): + @pytest.mark.skipif( + backend._lib.OPENSSL_VERSION_NUMBER < 0x1000000f, + reason="Requires a newer OpenSSL. Must be >= 1.0.0" + ) + def test_numeric_string_x509_name_entry(self): + cert = _load_cert( + os.path.join("x509", "e-trust.ru.der"), + x509.load_der_x509_certificate, + backend + ) + with pytest.raises(ValueError) as exc: + cert.subject + + # We assert on the message in this case because if the certificate + # fails to load it will also raise a ValueError and this test could + # erroneously pass. + assert str(exc.value) == "Unsupported ASN1 string type. Type: 18" |