From ab973321f6012626e63420603c34e2975f42f237 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 11 Mar 2016 23:40:12 -0400 Subject: raise type error rather than internalerror w/ unsupported asn1 in subject --- src/cryptography/hazmat/backends/openssl/decode_asn1.py | 6 +++++- tests/test_x509.py | 12 ++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/src/cryptography/hazmat/backends/openssl/decode_asn1.py b/src/cryptography/hazmat/backends/openssl/decode_asn1.py index 140d3de4..67586c22 100644 --- a/src/cryptography/hazmat/backends/openssl/decode_asn1.py +++ b/src/cryptography/hazmat/backends/openssl/decode_asn1.py @@ -709,7 +709,11 @@ def _asn1_string_to_ascii(backend, asn1_string): def _asn1_string_to_utf8(backend, asn1_string): buf = backend._ffi.new("unsigned char **") res = backend._lib.ASN1_STRING_to_UTF8(buf, asn1_string) - backend.openssl_assert(res >= 0) + if res == -1: + raise TypeError( + "Unsupported ASN1 string type. Type: {0}".format(asn1_string.type) + ) + backend.openssl_assert(buf[0] != backend._ffi.NULL) buf = backend._ffi.gc( buf, lambda buffer: backend._lib.OPENSSL_free(buffer[0]) diff --git a/tests/test_x509.py b/tests/test_x509.py index c042169c..8a801f2d 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -3157,6 +3157,18 @@ class TestDSACertificateRequest(object): verifier.verify() +@pytest.mark.requires_backend_interface(interface=X509Backend) +class TestGOSTCertificate(object): + def test_numeric_string_x509_name_entry(self, backend): + cert = _load_cert( + os.path.join("x509", "e-trust.ru.der"), + x509.load_der_x509_certificate, + backend + ) + with pytest.raises(TypeError): + cert.subject + + @pytest.mark.requires_backend_interface(interface=EllipticCurveBackend) @pytest.mark.requires_backend_interface(interface=X509Backend) class TestECDSACertificate(object): -- cgit v1.2.3 From 83457cf270fef19446d7bead3b0eb86f6d04c4f5 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 12 Mar 2016 12:44:24 -0400 Subject: move NUMERICSTRING certificate test to test_openssl & make it more specific --- .../hazmat/backends/openssl/decode_asn1.py | 2 +- tests/hazmat/backends/test_openssl.py | 21 +++++++++++++++++++++ tests/test_x509.py | 12 ------------ 3 files changed, 22 insertions(+), 13 deletions(-) diff --git a/src/cryptography/hazmat/backends/openssl/decode_asn1.py b/src/cryptography/hazmat/backends/openssl/decode_asn1.py index 67586c22..26f56d12 100644 --- a/src/cryptography/hazmat/backends/openssl/decode_asn1.py +++ b/src/cryptography/hazmat/backends/openssl/decode_asn1.py @@ -710,7 +710,7 @@ def _asn1_string_to_utf8(backend, asn1_string): buf = backend._ffi.new("unsigned char **") res = backend._lib.ASN1_STRING_to_UTF8(buf, asn1_string) if res == -1: - raise TypeError( + raise ValueError( "Unsupported ASN1 string type. Type: {0}".format(asn1_string.type) ) diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 072f8be3..b9db3071 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -31,6 +31,7 @@ from ..primitives.test_ec import _skip_curve_unsupported from ...doubles import ( DummyAsymmetricPadding, DummyCipherAlgorithm, DummyHashAlgorithm, DummyMode ) +from ...test_x509 import _load_cert from ...utils import load_vectors_from_file, raises_unsupported_algorithm @@ -656,3 +657,23 @@ class TestRSAPEMSerialization(object): serialization.PrivateFormat.PKCS8, serialization.BestAvailableEncryption(password) ) + + +class TestGOSTCertificate(object): + @pytest.mark.skipif( + backend._lib.OPENSSL_VERSION_NUMBER < 0x1000000f, + reason="Requires a newer OpenSSL. Must be >= 1.0.0" + ) + def test_numeric_string_x509_name_entry(self): + cert = _load_cert( + os.path.join("x509", "e-trust.ru.der"), + x509.load_der_x509_certificate, + backend + ) + with pytest.raises(ValueError) as exc: + cert.subject + + # We assert on the message in this case because if the certificate + # fails to load it will also raise a ValueError and this test could + # erroneously pass. + assert exc.value.message == "Unsupported ASN1 string type. Type: 18" diff --git a/tests/test_x509.py b/tests/test_x509.py index 8a801f2d..c042169c 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -3157,18 +3157,6 @@ class TestDSACertificateRequest(object): verifier.verify() -@pytest.mark.requires_backend_interface(interface=X509Backend) -class TestGOSTCertificate(object): - def test_numeric_string_x509_name_entry(self, backend): - cert = _load_cert( - os.path.join("x509", "e-trust.ru.der"), - x509.load_der_x509_certificate, - backend - ) - with pytest.raises(TypeError): - cert.subject - - @pytest.mark.requires_backend_interface(interface=EllipticCurveBackend) @pytest.mark.requires_backend_interface(interface=X509Backend) class TestECDSACertificate(object): -- cgit v1.2.3 From bdc066db2551a0e8ded570dbd27640e64f2e6cac Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 12 Mar 2016 15:27:51 -0400 Subject: py3 is a thing --- tests/hazmat/backends/test_openssl.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index b9db3071..52bee7b3 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -676,4 +676,4 @@ class TestGOSTCertificate(object): # We assert on the message in this case because if the certificate # fails to load it will also raise a ValueError and this test could # erroneously pass. - assert exc.value.message == "Unsupported ASN1 string type. Type: 18" + assert str(exc.value) == "Unsupported ASN1 string type. Type: 18" -- cgit v1.2.3