diff options
| author | Alex Stapleton <alex@ly.st> | 2014-05-27 12:14:09 +0100 |
|---|---|---|
| committer | Alex Stapleton <alexs@prol.etari.at> | 2014-05-27 21:50:31 +0100 |
| commit | 70ada5893662cae303f716c2e3cac03989c5e2d9 (patch) | |
| tree | 16546fdedeeb61b0933ea2ddff3bd25b7f738c99 | |
| parent | eefc3920d548c7fcee01b898cb9b0705b02e9537 (diff) | |
| download | cryptography-70ada5893662cae303f716c2e3cac03989c5e2d9.tar.gz cryptography-70ada5893662cae303f716c2e3cac03989c5e2d9.tar.bz2 cryptography-70ada5893662cae303f716c2e3cac03989c5e2d9.zip | |
Add unknown cipher test for PKCS8
| -rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py | 25 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_serialization.py | 20 |
2 files changed, 37 insertions, 8 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index d25ac0d1..5529f10c 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -827,20 +827,33 @@ class Backend(object): "Bad decrypt. Incorrect password?" ) - elif errors[0][1:] == ( - self._lib.ERR_LIB_PEM, - self._lib.PEM_F_PEM_GET_EVP_CIPHER_INFO, - self._lib.PEM_R_UNSUPPORTED_ENCRYPTION + elif errors[0][1:] in ( + ( + self._lib.ERR_LIB_PEM, + self._lib.PEM_F_PEM_GET_EVP_CIPHER_INFO, + self._lib.PEM_R_UNSUPPORTED_ENCRYPTION + ), + + ( + self._lib.ERR_LIB_EVP, + self._lib.EVP_F_EVP_PBE_CIPHERINIT, + self._lib.EVP_R_UNKNOWN_PBE_ALGORITHM + ) ): raise UnsupportedAlgorithm( - "PEM data is encrypted with an unsupported cipher") + "PEM data is encrypted with an unsupported cipher", + _Reasons.UNSUPPORTED_CIPHER + ) elif errors[0][1:] == ( self._lib.ERR_LIB_EVP, self._lib.EVP_F_EVP_PKCS82PKEY, self._lib.EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM ): - raise ValueError("Unsupported private key algorithm.") + raise UnsupportedAlgorithm( + "Unsupported public key algorithm.", + _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM + ) else: assert errors[0][1] in ( diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py index b1789631..39d95199 100644 --- a/tests/hazmat/primitives/test_serialization.py +++ b/tests/hazmat/primitives/test_serialization.py @@ -484,8 +484,24 @@ class TestPKCS8Serialisation(object): ] ) def test_load_bad_oid_key(self, key_file, password, backend): - with pytest.raises(ValueError): - key = load_vectors_from_file( + with raises_unsupported_algorithm(None): + load_vectors_from_file( + os.path.join( + "asymmetric", "PKCS8", key_file), + lambda pemfile: load_pem_traditional_openssl_private_key( + pemfile.read().encode(), password, backend + ) + ) + + @pytest.mark.parametrize( + ("key_file", "password"), + [ + ("bad-encryption-oid.pem", b"password"), + ] + ) + def test_load_bad_encryption_oid_key(self, key_file, password, backend): + with raises_unsupported_algorithm(None): + load_vectors_from_file( os.path.join( "asymmetric", "PKCS8", key_file), lambda pemfile: load_pem_traditional_openssl_private_key( |