From 73251faf2cb043dc9795b46c98c7084482d2aed2 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 6 Dec 2014 23:17:23 -0600 Subject: catch PyAsn1Error when decoding rfc6979 signature --- src/cryptography/hazmat/primitives/asymmetric/utils.py | 7 ++++++- tests/hazmat/primitives/test_asym_utils.py | 5 +++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py index 36b9080d..08bb40c7 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/utils.py +++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py @@ -5,6 +5,7 @@ from __future__ import absolute_import, division, print_function from pyasn1.codec.der import decoder, encoder +from pyasn1.error import PyAsn1Error from pyasn1.type import namedtype, univ @@ -16,7 +17,11 @@ class _DSSSigValue(univ.Sequence): def decode_rfc6979_signature(signature): - data, remaining = decoder.decode(signature, asn1Spec=_DSSSigValue()) + try: + data, remaining = decoder.decode(signature, asn1Spec=_DSSSigValue()) + except PyAsn1Error: + raise ValueError("Invalid signature data. Unable to decode ASN.1") + if remaining: raise ValueError( "The signature contains bytes after the end of the ASN.1 sequence." diff --git a/tests/hazmat/primitives/test_asym_utils.py b/tests/hazmat/primitives/test_asym_utils.py index f8a67b68..640b5b3d 100644 --- a/tests/hazmat/primitives/test_asym_utils.py +++ b/tests/hazmat/primitives/test_asym_utils.py @@ -39,3 +39,8 @@ def test_rfc6979_signature(): def test_decode_rfc6979_trailing_bytes(): with pytest.raises(ValueError): decode_rfc6979_signature(b"0\x06\x02\x01\x01\x02\x01\x01\x00\x00\x00") + + +def test_decode_rfc6979_invalid_asn1(): + with pytest.raises(ValueError): + decode_rfc6979_signature(b"0\x07\x02\x01\x01\x02\x02\x01") -- cgit v1.2.3