diff options
| -rw-r--r-- | setup.py | 4 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/asymmetric/utils.py | 6 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_asym_utils.py | 4 |
3 files changed, 4 insertions, 10 deletions
@@ -33,9 +33,9 @@ VECTORS_DEPENDENCY = "cryptography_vectors=={0}".format(about['__version__']) requirements = [ "idna>=2.0", - "pyasn1", + "pyasn1>=0.1.8", "six>=1.4.1", - "setuptools" + "setuptools", ] setup_requirements = [] diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py index 29390e40..a03025bb 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/utils.py +++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py @@ -4,7 +4,6 @@ from __future__ import absolute_import, division, print_function -from pyasn1.codec.ber import eoo from pyasn1.codec.der import decoder, encoder from pyasn1.error import PyAsn1Error from pyasn1.type import namedtype, univ @@ -29,11 +28,6 @@ def decode_rfc6979_signature(signature): raise ValueError( "The signature contains bytes after the end of the ASN.1 sequence." ) - # pyasn1 can erroneously return this from top-level DER decoding. - # It's intended as a sentinel in recursive BER decoding, so it's - # returned even though an asn1Spec is provided. - if eoo.endOfOctets.isSameTypeWith(data) and data == eoo.endOfOctets: - raise ValueError("Invalid signature data. Unable to decode ASN.1") r = int(data.getComponentByName('r')) s = int(data.getComponentByName('s')) diff --git a/tests/hazmat/primitives/test_asym_utils.py b/tests/hazmat/primitives/test_asym_utils.py index c3fbedf9..35b77ca4 100644 --- a/tests/hazmat/primitives/test_asym_utils.py +++ b/tests/hazmat/primitives/test_asym_utils.py @@ -65,6 +65,6 @@ def test_decode_rfc6979_invalid_asn1(): decode_rfc6979_signature(b"0\x07\x02\x01\x01\x02\x02\x01") with pytest.raises(ValueError): - # This is the BER "end-of-contents octets," which pyasn1 is - # wrongly willing to return from top-level DER decoding. + # This is the BER "end-of-contents octets," which older versions of + # pyasn1 are wrongly willing to return from top-level DER decoding. decode_rfc6979_signature(b"\x00\x00") |