From 305bee427aa5bf5908b74f384d90a29879ac7f6a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stanis=C5=82aw=20Pitucha?= <stanislaw.pitucha@hp.com>
Date: Tue, 11 Aug 2015 15:17:05 +1000
Subject: Ensure early exeption on non-bytes signature

Signature must be in bytes. If the check is skipped, verify() can
explode later in cffi call in _verify_pkey_ctx() for example.
---
 src/cryptography/hazmat/backends/openssl/dsa.py | 3 +++
 src/cryptography/hazmat/backends/openssl/rsa.py | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/src/cryptography/hazmat/backends/openssl/dsa.py b/src/cryptography/hazmat/backends/openssl/dsa.py
index f84857ff..f1bb6d9b 100644
--- a/src/cryptography/hazmat/backends/openssl/dsa.py
+++ b/src/cryptography/hazmat/backends/openssl/dsa.py
@@ -29,6 +29,9 @@ def _truncate_digest_for_dsa(dsa_cdata, digest, backend):
 @utils.register_interface(AsymmetricVerificationContext)
 class _DSAVerificationContext(object):
     def __init__(self, backend, public_key, signature, algorithm):
+        if not isinstance(signature, bytes):
+            raise TypeError("signature must be bytes.")
+
         self._backend = backend
         self._public_key = public_key
         self._signature = signature
diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py
index 822c7304..8e32eb02 100644
--- a/src/cryptography/hazmat/backends/openssl/rsa.py
+++ b/src/cryptography/hazmat/backends/openssl/rsa.py
@@ -337,6 +337,9 @@ class _RSASignatureContext(object):
 @utils.register_interface(AsymmetricVerificationContext)
 class _RSAVerificationContext(object):
     def __init__(self, backend, public_key, signature, padding, algorithm):
+        if not isinstance(signature, bytes):
+            raise TypeError("signature must be bytes.")
+
         self._backend = backend
         self._public_key = public_key
         self._signature = signature
-- 
cgit v1.2.3