aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Gaynor <alex.gaynor@gmail.com>2015-12-28 07:35:34 -0500
committerAlex Gaynor <alex.gaynor@gmail.com>2015-12-28 07:35:34 -0500
commit42e0c790c5150bec47add345065929ca7df8e6ff (patch)
tree82a4420511ddab15d1667cb8095266b5bdeb4920
parentfb7659c5db43dd1e53d0934f27a3937bb4af3663 (diff)
parentc809360573fc2ef659c154740c32e98f35fc5da9 (diff)
downloadcryptography-42e0c790c5150bec47add345065929ca7df8e6ff.tar.gz
cryptography-42e0c790c5150bec47add345065929ca7df8e6ff.tar.bz2
cryptography-42e0c790c5150bec47add345065929ca7df8e6ff.zip
Merge pull request #2599 from reaperhulk/oaep-fix
Handle RSA_R_OAEP_DECODING_ERROR
Diffstat
-rw-r--r--src/_cffi_src/openssl/err.py1
-rw-r--r--src/cryptography/hazmat/backends/openssl/rsa.py1
-rw-r--r--tests/hazmat/primitives/test_rsa.py37
3 files changed, 39 insertions, 0 deletions
diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py
index 6ec13775..9d97be16 100644
--- a/src/_cffi_src/openssl/err.py
+++ b/src/_cffi_src/openssl/err.py
@@ -230,6 +230,7 @@ static const int RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY;
static const int RSA_R_BLOCK_TYPE_IS_NOT_01;
static const int RSA_R_BLOCK_TYPE_IS_NOT_02;
static const int RSA_R_PKCS_DECODING_ERROR;
+static const int RSA_R_OAEP_DECODING_ERROR;
static const int RSA_F_RSA_SIGN;
"""
diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py
index 664f6d35..033cd3b1 100644
--- a/src/cryptography/hazmat/backends/openssl/rsa.py
+++ b/src/cryptography/hazmat/backends/openssl/rsa.py
@@ -138,6 +138,7 @@ def _handle_rsa_enc_dec_error(backend, key):
decoding_errors = [
backend._lib.RSA_R_BLOCK_TYPE_IS_NOT_01,
backend._lib.RSA_R_BLOCK_TYPE_IS_NOT_02,
+ backend._lib.RSA_R_OAEP_DECODING_ERROR,
]
if backend._lib.Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR:
decoding_errors.append(backend._lib.RSA_R_PKCS_DECODING_ERROR)
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 0b83fd65..b6213d6d 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -1194,6 +1194,43 @@ class TestRSADecryption(object):
)
assert message == binascii.unhexlify(example["message"])
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.OAEP(
+ mgf=padding.MGF1(algorithm=hashes.SHA1()),
+ algorithm=hashes.SHA1(),
+ label=None
+ )
+ ),
+ skip_message="Does not support OAEP."
+ )
+ def test_invalid_oaep_decryption(self, backend):
+ # More recent versions of OpenSSL may raise RSA_R_OAEP_DECODING_ERROR
+ # This test triggers it and confirms that we properly handle it. Other
+ # backends should also return the proper ValueError.
+ private_key = RSA_KEY_512.private_key(backend)
+
+ ciphertext = private_key.public_key().encrypt(
+ b'secure data',
+ padding.OAEP(
+ mgf=padding.MGF1(algorithm=hashes.SHA1()),
+ algorithm=hashes.SHA1(),
+ label=None
+ )
+ )
+
+ private_key_alt = RSA_KEY_512_ALT.private_key(backend)
+
+ with pytest.raises(ValueError):
+ private_key_alt.decrypt(
+ ciphertext,
+ padding.OAEP(
+ mgf=padding.MGF1(algorithm=hashes.SHA1()),
+ algorithm=hashes.SHA1(),
+ label=None
+ )
+ )
+
def test_unsupported_oaep_mgf(self, backend):
private_key = RSA_KEY_512.private_key(backend)
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF):
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-16 15:23:16 +0000