From 305bee427aa5bf5908b74f384d90a29879ac7f6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stanis=C5=82aw=20Pitucha?= Date: Tue, 11 Aug 2015 15:17:05 +1000 Subject: Ensure early exeption on non-bytes signature Signature must be in bytes. If the check is skipped, verify() can explode later in cffi call in _verify_pkey_ctx() for example. --- src/cryptography/hazmat/backends/openssl/dsa.py | 3 +++ src/cryptography/hazmat/backends/openssl/rsa.py | 3 +++ 2 files changed, 6 insertions(+) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/dsa.py b/src/cryptography/hazmat/backends/openssl/dsa.py index f84857ff..f1bb6d9b 100644 --- a/src/cryptography/hazmat/backends/openssl/dsa.py +++ b/src/cryptography/hazmat/backends/openssl/dsa.py @@ -29,6 +29,9 @@ def _truncate_digest_for_dsa(dsa_cdata, digest, backend): @utils.register_interface(AsymmetricVerificationContext) class _DSAVerificationContext(object): def __init__(self, backend, public_key, signature, algorithm): + if not isinstance(signature, bytes): + raise TypeError("signature must be bytes.") + self._backend = backend self._public_key = public_key self._signature = signature diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py index 822c7304..8e32eb02 100644 --- a/src/cryptography/hazmat/backends/openssl/rsa.py +++ b/src/cryptography/hazmat/backends/openssl/rsa.py @@ -337,6 +337,9 @@ class _RSASignatureContext(object): @utils.register_interface(AsymmetricVerificationContext) class _RSAVerificationContext(object): def __init__(self, backend, public_key, signature, padding, algorithm): + if not isinstance(signature, bytes): + raise TypeError("signature must be bytes.") + self._backend = backend self._public_key = public_key self._signature = signature -- cgit v1.2.3 From 38df44151cdc6591385c4ec1691e782d05c8aec7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stanis=C5=82aw=20Pitucha?= Date: Wed, 12 Aug 2015 15:30:25 +1000 Subject: Enforce signature type in ECDSA and add tests Ensure that ECDSA signatures are bytes to match RSA/DSA and add tests for all three. --- src/cryptography/hazmat/backends/openssl/ec.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py index 7d3afb94..b8692e49 100644 --- a/src/cryptography/hazmat/backends/openssl/ec.py +++ b/src/cryptography/hazmat/backends/openssl/ec.py @@ -119,6 +119,8 @@ class _ECDSASignatureContext(object): @utils.register_interface(AsymmetricVerificationContext) class _ECDSAVerificationContext(object): def __init__(self, backend, public_key, signature, algorithm): + if not isinstance(signature, bytes): + raise TypeError("signature must be bytes.") self._backend = backend self._public_key = public_key self._signature = signature -- cgit v1.2.3