From f58d1ab6cf5d90ae06a593fca52ab388d75da068 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Thu, 1 May 2014 12:58:16 -0500
Subject: add check to ensure only invalid ASN1 gives InvalidSignature in DSA

---
 tests/hazmat/primitives/test_dsa.py | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'tests/hazmat/primitives/test_dsa.py')

diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py
index c6642e07..4c3cd58a 100644
--- a/tests/hazmat/primitives/test_dsa.py
+++ b/tests/hazmat/primitives/test_dsa.py
@@ -765,6 +765,15 @@ class TestDSAVerification(object):
         else:
             verifier.verify()
 
+    def test_dsa_verify_invalid_asn1(self, backend):
+        parameters = dsa.DSAParameters.generate(1024, backend)
+        private_key = dsa.DSAPrivateKey.generate(parameters, backend)
+        public_key = private_key.public_key()
+        verifier = public_key.verifier(b'fakesig', hashes.SHA1(), backend)
+        verifier.update(b'fakesig')
+        with pytest.raises(InvalidSignature):
+            verifier.verify()
+
     def test_use_after_finalize(self, backend):
         parameters = dsa.DSAParameters.generate(1024, backend)
         private_key = dsa.DSAPrivateKey.generate(parameters, backend)
-- 
cgit v1.2.3