aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--cryptography/hazmat/backends/openssl/backend.py3
-rw-r--r--tests/hazmat/primitives/test_dsa.py9
2 files changed, 12 insertions, 0 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index 37d1c35e..37deb2ae 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -1363,6 +1363,9 @@ class _DSAVerificationContext(object):
if res != 1:
errors = self._backend._consume_errors()
assert errors
+ if res == -1:
+ assert errors[0].lib == self._backend._lib.ERR_LIB_ASN1
+
raise InvalidSignature
diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py
index c6642e07..4c3cd58a 100644
--- a/tests/hazmat/primitives/test_dsa.py
+++ b/tests/hazmat/primitives/test_dsa.py
@@ -765,6 +765,15 @@ class TestDSAVerification(object):
else:
verifier.verify()
+ def test_dsa_verify_invalid_asn1(self, backend):
+ parameters = dsa.DSAParameters.generate(1024, backend)
+ private_key = dsa.DSAPrivateKey.generate(parameters, backend)
+ public_key = private_key.public_key()
+ verifier = public_key.verifier(b'fakesig', hashes.SHA1(), backend)
+ verifier.update(b'fakesig')
+ with pytest.raises(InvalidSignature):
+ verifier.verify()
+
def test_use_after_finalize(self, backend):
parameters = dsa.DSAParameters.generate(1024, backend)
private_key = dsa.DSAPrivateKey.generate(parameters, backend)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-12 11:52:13 +0000