From 525f713629a181e7dbaf3e8a84fc4373dbaeb4e4 Mon Sep 17 00:00:00 2001
From: Christopher Grebs <cg@webshox.org>
Date: Fri, 4 Sep 2015 23:46:40 +0200
Subject: Add simple test that would fail on decryption

---
 tests/hazmat/backends/test_openssl.py | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'tests/hazmat')

diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index ad2daf7d..98023e9d 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -456,6 +456,29 @@ class TestOpenSSLRSA(object):
                 )
             )
 
+    def test_supported_oaep_decrypt(self):
+        private_key = RSA_KEY_512.private_key(backend)
+
+        ciphertext = private_key.public_key().encrypt(
+            b'secure data',
+            padding.OAEP(
+                mgf=padding.MGF1(algorithm=hashes.SHA1()),
+                algorithm=hashes.SHA1(),
+                label=None
+            )
+        )
+
+        decrypted = private_key.decrypt(
+            ciphertext,
+            padding.OAEP(
+                mgf=padding.MGF1(algorithm=hashes.SHA1()),
+                algorithm=hashes.SHA1(),
+                label=None
+            )
+        )
+
+        assert decrypted == b'secure data'
+
 
 @pytest.mark.skipif(
     backend._lib.OPENSSL_VERSION_NUMBER <= 0x10001000,
-- 
cgit v1.2.3