diff options
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/encode_asn1.py | 9 | ||||
| -rw-r--r-- | tests/x509/test_x509.py | 18 |
2 files changed, 25 insertions, 2 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/encode_asn1.py b/src/cryptography/hazmat/backends/openssl/encode_asn1.py index 4bea03e6..a2c7ed73 100644 --- a/src/cryptography/hazmat/backends/openssl/encode_asn1.py +++ b/src/cryptography/hazmat/backends/openssl/encode_asn1.py @@ -14,6 +14,7 @@ from cryptography.hazmat.backends.openssl.decode_asn1 import ( _CRL_ENTRY_REASON_ENUM_TO_CODE, _DISTPOINT_TYPE_FULLNAME, _DISTPOINT_TYPE_RELATIVENAME ) +from cryptography.x509.name import _ASN1Type from cryptography.x509.oid import CRLEntryExtensionOID, ExtensionOID @@ -116,11 +117,15 @@ def _encode_sk_name_entry(backend, attributes): def _encode_name_entry(backend, attribute): - value = attribute.value.encode('utf8') + if attribute._type is _ASN1Type.BMPString: + value = attribute.value.encode('utf_16_be') + else: + value = attribute.value.encode('utf8') + obj = _txt2obj_gc(backend, attribute.oid.dotted_string) name_entry = backend._lib.X509_NAME_ENTRY_create_by_OBJ( - backend._ffi.NULL, obj, attribute._type.value, value, -1 + backend._ffi.NULL, obj, attribute._type.value, value, len(value) ) return name_entry diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py index 7f9f1830..fe57784a 100644 --- a/tests/x509/test_x509.py +++ b/tests/x509/test_x509.py @@ -4092,6 +4092,24 @@ class TestName(object): b"b060355040a0c0450794341" ) + @pytest.mark.requires_backend_interface(interface=X509Backend) + def test_bmpstring_bytes(self, backend): + # For this test we need an odd length string. BMPString is UCS-2 + # encoded so it will always be even length and OpenSSL will error if + # you pass an odd length string without encoding it properly first. + name = x509.Name([ + x509.NameAttribute( + NameOID.COMMON_NAME, + u'cryptography.io', + _ASN1Type.BMPString + ), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'), + ]) + assert name.public_bytes(backend) == binascii.unhexlify( + b"30383127302506035504031e1e00630072007900700074006f00670072006100" + b"7000680079002e0069006f310d300b060355040a0c0450794341" + ) + def test_random_serial_number(monkeypatch): sample_data = os.urandom(20) |