diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-07-10 04:55:02 +0530 | 
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-07-09 19:25:02 -0400 | 
| commit | 20ae2c8084812bd218d2b1d2972774963c4d2041 (patch) | |
| tree | b8d38879064f3cc0856b9771a08524d15925d15c /tests | |
| parent | 01c9dac7c0ac33fb3dd73ab32322f7fc1699c059 (diff) | |
| download | cryptography-20ae2c8084812bd218d2b1d2972774963c4d2041.tar.gz cryptography-20ae2c8084812bd218d2b1d2972774963c4d2041.tar.bz2 cryptography-20ae2c8084812bd218d2b1d2972774963c4d2041.zip | |
fix encoding BMPString in x509 name entries (#4321)
Previously we encoded them as UTF-8, but as best I can tell in reality a
BMPString is fixed-width basic multilingual plane big endian encoding.
This is basically UCS-2 (aka original Unicode). However, Python doesn't
support UCS-2 encoding so we need to use utf_16_be. This means you can encode
surrogate code points that are invalid in the context of what a
BMPString is supposed to be, but in reality I strongly suspect the sane
encoding ship has sailed and dozens if not hundreds of implementations
both do this and expect other systems to handle their nonsense.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/x509/test_x509.py | 18 | 
1 files changed, 18 insertions, 0 deletions
| diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py index 7f9f1830..fe57784a 100644 --- a/tests/x509/test_x509.py +++ b/tests/x509/test_x509.py @@ -4092,6 +4092,24 @@ class TestName(object):              b"b060355040a0c0450794341"          ) +    @pytest.mark.requires_backend_interface(interface=X509Backend) +    def test_bmpstring_bytes(self, backend): +        # For this test we need an odd length string. BMPString is UCS-2 +        # encoded so it will always be even length and OpenSSL will error if +        # you pass an odd length string without encoding it properly first. +        name = x509.Name([ +            x509.NameAttribute( +                NameOID.COMMON_NAME, +                u'cryptography.io', +                _ASN1Type.BMPString +            ), +            x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'), +        ]) +        assert name.public_bytes(backend) == binascii.unhexlify( +            b"30383127302506035504031e1e00630072007900700074006f00670072006100" +            b"7000680079002e0069006f310d300b060355040a0c0450794341" +        ) +  def test_random_serial_number(monkeypatch):      sample_data = os.urandom(20) | 
