diff options
-rw-r--r-- | src/cryptography/hazmat/primitives/asymmetric/utils.py | 7 | ||||
-rw-r--r-- | tests/hazmat/primitives/test_asym_utils.py | 5 |
2 files changed, 11 insertions, 1 deletions
diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py index 36b9080d..08bb40c7 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/utils.py +++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py @@ -5,6 +5,7 @@ from __future__ import absolute_import, division, print_function from pyasn1.codec.der import decoder, encoder +from pyasn1.error import PyAsn1Error from pyasn1.type import namedtype, univ @@ -16,7 +17,11 @@ class _DSSSigValue(univ.Sequence): def decode_rfc6979_signature(signature): - data, remaining = decoder.decode(signature, asn1Spec=_DSSSigValue()) + try: + data, remaining = decoder.decode(signature, asn1Spec=_DSSSigValue()) + except PyAsn1Error: + raise ValueError("Invalid signature data. Unable to decode ASN.1") + if remaining: raise ValueError( "The signature contains bytes after the end of the ASN.1 sequence." diff --git a/tests/hazmat/primitives/test_asym_utils.py b/tests/hazmat/primitives/test_asym_utils.py index f8a67b68..640b5b3d 100644 --- a/tests/hazmat/primitives/test_asym_utils.py +++ b/tests/hazmat/primitives/test_asym_utils.py @@ -39,3 +39,8 @@ def test_rfc6979_signature(): def test_decode_rfc6979_trailing_bytes(): with pytest.raises(ValueError): decode_rfc6979_signature(b"0\x06\x02\x01\x01\x02\x01\x01\x00\x00\x00") + + +def test_decode_rfc6979_invalid_asn1(): + with pytest.raises(ValueError): + decode_rfc6979_signature(b"0\x07\x02\x01\x01\x02\x02\x01") |