diff options
-rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py | 4 | ||||
-rw-r--r-- | tests/hazmat/primitives/test_ec.py | 14 |
2 files changed, 17 insertions, 1 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index eadea50e..a449a55e 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -1007,7 +1007,9 @@ class Backend(object): assert res == 1 res = self._lib.EC_KEY_check_key(ctx) - assert res == 1 + if res != 1: + self._consume_errors() + raise ValueError("Invalid EC key.") return ctx diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py index c53a0cb6..887520de 100644 --- a/tests/hazmat/primitives/test_ec.py +++ b/tests/hazmat/primitives/test_ec.py @@ -260,6 +260,20 @@ class TestECDSAVectors(object): ec.SECP192R1() ) is False + def test_load_invalid_ec_key_from_numbers(self, backend): + _skip_curve_unsupported(backend, ec.SECP256R1()) + + numbers = ec.EllipticCurvePrivateNumbers( + 357646505660320080863666618182642070958081774038609089496899025506, + ec.EllipticCurvePublicNumbers( + 47250808410327023131573602008345894927686381772325561185532964, + 1120253292479243545483756778742719537373113335231773536789915, + ec.SECP256R1(), + ) + ) + with pytest.raises(ValueError): + numbers.private_key(backend) + @pytest.mark.parametrize( "vector", load_vectors_from_file( |