diff options
Diffstat (limited to 'src/cryptography/x509/extensions.py')
-rw-r--r-- | src/cryptography/x509/extensions.py | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py index d25131b8..c78c76c2 100644 --- a/src/cryptography/x509/extensions.py +++ b/src/cryptography/x509/extensions.py @@ -11,11 +11,12 @@ import ipaddress import warnings from enum import Enum -from asn1crypto.keys import PublicKeyInfo - import six from cryptography import utils +from cryptography.hazmat._der import ( + BIT_STRING, DERReader, OBJECT_IDENTIFIER, SEQUENCE +) from cryptography.hazmat.primitives import constant_time, serialization from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePublicKey from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicKey @@ -47,7 +48,24 @@ def _key_identifier_from_public_key(public_key): serialization.PublicFormat.SubjectPublicKeyInfo ) - data = bytes(PublicKeyInfo.load(serialized)['public_key']) + public_key_info = DERReader(serialized).read_single_element(SEQUENCE) + algorithm = public_key_info.read_element(SEQUENCE) + public_key = public_key_info.read_element(BIT_STRING) + public_key_info.check_empty() + + # Double-check the algorithm structure. + algorithm.read_element(OBJECT_IDENTIFIER) + if not algorithm.is_empty(): + # Skip the optional parameters field. + algorithm.read_any_element() + algorithm.check_empty() + + # BIT STRING contents begin with the number of padding bytes added. It + # must be zero for SubjectPublicKeyInfo structures. + if public_key.read_byte() != 0: + raise ValueError('Invalid public key encoding') + + data = public_key.data return hashlib.sha1(data).digest() |