diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-05-01 12:58:16 -0500 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-05-01 12:58:16 -0500 |
commit | f58d1ab6cf5d90ae06a593fca52ab388d75da068 (patch) | |
tree | 443c51197ea62afa34810a161d2d815d177bdd4b | |
parent | e0aeaf8c7b4191c231f2c3d651e899f49331ca69 (diff) | |
download | cryptography-f58d1ab6cf5d90ae06a593fca52ab388d75da068.tar.gz cryptography-f58d1ab6cf5d90ae06a593fca52ab388d75da068.tar.bz2 cryptography-f58d1ab6cf5d90ae06a593fca52ab388d75da068.zip |
add check to ensure only invalid ASN1 gives InvalidSignature in DSA
-rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py | 3 | ||||
-rw-r--r-- | tests/hazmat/primitives/test_dsa.py | 9 |
2 files changed, 12 insertions, 0 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 37d1c35e..37deb2ae 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -1363,6 +1363,9 @@ class _DSAVerificationContext(object): if res != 1: errors = self._backend._consume_errors() assert errors + if res == -1: + assert errors[0].lib == self._backend._lib.ERR_LIB_ASN1 + raise InvalidSignature diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py index c6642e07..4c3cd58a 100644 --- a/tests/hazmat/primitives/test_dsa.py +++ b/tests/hazmat/primitives/test_dsa.py @@ -765,6 +765,15 @@ class TestDSAVerification(object): else: verifier.verify() + def test_dsa_verify_invalid_asn1(self, backend): + parameters = dsa.DSAParameters.generate(1024, backend) + private_key = dsa.DSAPrivateKey.generate(parameters, backend) + public_key = private_key.public_key() + verifier = public_key.verifier(b'fakesig', hashes.SHA1(), backend) + verifier.update(b'fakesig') + with pytest.raises(InvalidSignature): + verifier.verify() + def test_use_after_finalize(self, backend): parameters = dsa.DSAParameters.generate(1024, backend) private_key = dsa.DSAPrivateKey.generate(parameters, backend) |