diff options
| -rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py | 7 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_serialization.py | 16 |
2 files changed, 23 insertions, 0 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index ce4963be..d25ac0d1 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -835,6 +835,13 @@ class Backend(object): raise UnsupportedAlgorithm( "PEM data is encrypted with an unsupported cipher") + elif errors[0][1:] == ( + self._lib.ERR_LIB_EVP, + self._lib.EVP_F_EVP_PKCS82PKEY, + self._lib.EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM + ): + raise ValueError("Unsupported private key algorithm.") + else: assert errors[0][1] in ( self._lib.ERR_LIB_EVP, diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py index 36dbfcd8..b1789631 100644 --- a/tests/hazmat/primitives/test_serialization.py +++ b/tests/hazmat/primitives/test_serialization.py @@ -476,3 +476,19 @@ class TestPKCS8Serialisation(object): assert key assert isinstance(key, dsa.DSAPrivateKey) + + @pytest.mark.parametrize( + ("key_file", "password"), + [ + ("bad-oid-dsa-key.pem", None), + ] + ) + def test_load_bad_oid_key(self, key_file, password, backend): + with pytest.raises(ValueError): + key = load_vectors_from_file( + os.path.join( + "asymmetric", "PKCS8", key_file), + lambda pemfile: load_pem_traditional_openssl_private_key( + pemfile.read().encode(), password, backend + ) + ) |