diff options
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 5 | ||||
-rw-r--r-- | tests/x509/test_x509.py | 8 |
2 files changed, 12 insertions, 1 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 74dedbe0..ee864137 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -334,7 +334,10 @@ class Backend(object): bin_len = self._lib.BN_bn2bin(bn, bin_ptr) # A zero length means the BN has value 0 self.openssl_assert(bin_len >= 0) - return int.from_bytes(self._ffi.buffer(bin_ptr)[:bin_len], "big") + val = int.from_bytes(self._ffi.buffer(bin_ptr)[:bin_len], "big") + if self._lib.BN_is_negative(bn): + val = -val + return val else: # Under Python 2 the best we can do is hex() hex_cdata = self._lib.BN_bn2hex(bn) diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py index 72cd49e7..afca9c5b 100644 --- a/tests/x509/test_x509.py +++ b/tests/x509/test_x509.py @@ -597,6 +597,14 @@ class TestRSACertificate(object): cert.signature_algorithm_oid == SignatureAlgorithmOID.RSA_WITH_SHA1 ) + def test_negative_serial_number(self, backend): + cert = _load_cert( + os.path.join("x509", "custom", "negative_serial.pem"), + x509.load_pem_x509_certificate, + backend, + ) + assert cert.serial_number == -18008675309 + def test_alternate_rsa_with_sha1_oid(self, backend): cert = _load_cert( os.path.join("x509", "alternate-rsa-sha1-oid.pem"), |