diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-10-12 21:30:20 -0400 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2015-10-12 21:30:20 -0400 |
| commit | 9adf8c6a55dbf2a6a286324fb381bc4941558739 (patch) | |
| tree | 458e16dbab0a3f7e377f7b064dbe998c5879a40e | |
| parent | 8005a5161cc6e5ba96ceabd9335ebefa373a2736 (diff) | |
| parent | 00f94097219d14036d7172994e54dc6a6d2fa8f3 (diff) | |
| download | cryptography-9adf8c6a55dbf2a6a286324fb381bc4941558739.tar.gz cryptography-9adf8c6a55dbf2a6a286324fb381bc4941558739.tar.bz2 cryptography-9adf8c6a55dbf2a6a286324fb381bc4941558739.zip | |
Merge pull request #2409 from simo5/InvalidECfix
Catch Invalid X or Y points and raise a ValueError
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 8 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_ec.py | 29 |
2 files changed, 35 insertions, 2 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index ac025e95..0d3b3dd4 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -1776,9 +1776,13 @@ class Backend(object): self.openssl_assert(res == 1) res = self._lib.BN_cmp(bn_x, check_x) - self.openssl_assert(res == 0) + if res != 0: + self._consume_errors() + raise ValueError("Invalid EC Key X point.") res = self._lib.BN_cmp(bn_y, check_y) - self.openssl_assert(res == 0) + if res != 0: + self._consume_errors() + raise ValueError("Invalid EC Key Y point.") res = self._lib.EC_KEY_set_public_key(ctx, point) self.openssl_assert(res == 1) diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py index 59bdc525..5467464a 100644 --- a/tests/hazmat/primitives/test_ec.py +++ b/tests/hazmat/primitives/test_ec.py @@ -285,6 +285,35 @@ class TestECDSAVectors(object): with pytest.raises(ValueError): numbers.private_key(backend) + def test_load_invalid_public_ec_key_from_numbers(self, backend): + _skip_curve_unsupported(backend, ec.SECP521R1()) + + # Bad X coordinate + numbers = ec.EllipticCurvePublicNumbers( + int("000003647356b91f8ace114c7247ecf4f4a622553fc025e04a178f179ef27" + "9090c184af678a4c78f635483bdd8aa544851c6ef291c1f0d6a241ebfd145" + "77d1d30d9903ce", 16), + int("000001499bc7e079322ea0fcfbd6b40103fa6a1536c2257b182db0df4b369" + "6ec643adf100eb4f2025d1b873f82e5a475d6e4400ba777090eeb4563a115" + "09e4c87319dc26", 16), + ec.SECP521R1() + ) + with pytest.raises(ValueError): + numbers.public_key(backend) + + # Bad Y coordinate + numbers = ec.EllipticCurvePublicNumbers( + int("0000019aadc221cc0525118ab6d5aa1f64720603de0be128cbfea0b381ad8" + "02a2facc6370bb58cf88b3f0c692bc654ee19d6cad198f10d4b681b396f20" + "d2e40603fa945b", 16), + int("0000025da392803a320717a08d4cb3dea932039badff363b71bdb8064e726" + "6c7f4f4b748d4d425347fc33e3885d34b750fa7fcd5691f4d90c89522ce33" + "feff5db10088a5", 16), + ec.SECP521R1() + ) + with pytest.raises(ValueError): + numbers.public_key(backend) + @pytest.mark.parametrize( "vector", itertools.chain( |