Merge pull request #1321 from alex/check-padding

Verify that padding is an instance of AsymmetircPadding before trying to use it; fixes #1318

2 files changed, 5 insertions, 0 deletions

diff --git a/cryptography/hazmat/backends/openssl/rsa.py b/cryptography/hazmat/backends/openssl/rsa.py
index 21ac1573..d24bea57 100644
--- a/cryptography/hazmat/backends/openssl/rsa.py
+++ b/cryptography/hazmat/backends/openssl/rsa.py
@@ -43,6 +43,9 @@ def _get_rsa_pss_salt_length(pss, key_size, digest_size):
 
 
 def _enc_dec_rsa(backend, key, data, padding):
+    if not isinstance(padding, interfaces.AsymmetricPadding):
+        raise TypeError("Padding must be an instance of AsymmetricPadding.")
+
     if isinstance(padding, PKCS1v15):
         padding_enum = backend._lib.RSA_PKCS1_PADDING
     elif isinstance(padding, OAEP):
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index e53ff06b..88b30d61 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -1616,6 +1616,8 @@ class TestRSAEncryption(object):
 
         with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_PADDING):
             public_key.encrypt(b"somedata", DummyPadding())
+        with pytest.raises(TypeError):
+            public_key.encrypt(b"somedata", padding=object())
 
     def test_unsupported_oaep_mgf(self, backend):
         private_key = RSA_KEY_512.private_key(backend)