5 files changed, 86 insertions, 3 deletions
diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py
index 59bdc525..5467464a 100644
--- a/tests/hazmat/primitives/test_ec.py
+++ b/tests/hazmat/primitives/test_ec.py
@@ -285,6 +285,35 @@ class TestECDSAVectors(object):
         with pytest.raises(ValueError):
             numbers.private_key(backend)
 
+    def test_load_invalid_public_ec_key_from_numbers(self, backend):
+        _skip_curve_unsupported(backend, ec.SECP521R1())
+
+        # Bad X coordinate
+        numbers = ec.EllipticCurvePublicNumbers(
+            int("000003647356b91f8ace114c7247ecf4f4a622553fc025e04a178f179ef27"
+                "9090c184af678a4c78f635483bdd8aa544851c6ef291c1f0d6a241ebfd145"
+                "77d1d30d9903ce", 16),
+            int("000001499bc7e079322ea0fcfbd6b40103fa6a1536c2257b182db0df4b369"
+                "6ec643adf100eb4f2025d1b873f82e5a475d6e4400ba777090eeb4563a115"
+                "09e4c87319dc26", 16),
+            ec.SECP521R1()
+        )
+        with pytest.raises(ValueError):
+            numbers.public_key(backend)
+
+        # Bad Y coordinate
+        numbers = ec.EllipticCurvePublicNumbers(
+            int("0000019aadc221cc0525118ab6d5aa1f64720603de0be128cbfea0b381ad8"
+                "02a2facc6370bb58cf88b3f0c692bc654ee19d6cad198f10d4b681b396f20"
+                "d2e40603fa945b", 16),
+            int("0000025da392803a320717a08d4cb3dea932039badff363b71bdb8064e726"
+                "6c7f4f4b748d4d425347fc33e3885d34b750fa7fcd5691f4d90c89522ce33"
+                "feff5db10088a5", 16),
+            ec.SECP521R1()
+        )
+        with pytest.raises(ValueError):
+            numbers.public_key(backend)
+
     @pytest.mark.parametrize(
         "vector",
         itertools.chain(
diff --git a/tests/test_utils.py b/tests/test_utils.py
index 04182a06..72e20725 100644
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@@ -3363,7 +3363,7 @@ def test_load_kasvs_ecdh_kdf_vectors():
     [EB - SHA224]
 
 
-    COUNT = 0
+    COUNT = 50
     dsCAVS = 540904b67b3716823dd621ed72ad3dbc615887b4f56f910b78a57199
     QsCAVSx = 28e5f3a72d8f6b8499dd1bcdfceafcecec68a0d715789bcf4b55fe15
     QsCAVSy = 8c8006a7da7c1a19f5328d7e865522b0c0dfb9a29b2c46dc96590d2a
@@ -3385,7 +3385,7 @@ ffdfa60dd7
     expected = [
         {'errno': 12,
          'fail': True,
-         'COUNT': 0,
+         'COUNT': 50,
          'CAVS': {
              'd': int("540904b67b3716823dd621ed72ad3dbc615887b4f56f910b"
                       "78a57199", 16),
diff --git a/tests/test_x509.py b/tests/test_x509.py
index 0c022df1..8035886c 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -2395,6 +2395,21 @@ class TestECDSACertificate(object):
         ]
 
 
+@pytest.mark.requires_backend_interface(interface=X509Backend)
+class TestOtherCertificate(object):
+    def test_unsupported_subject_public_key_info(self, backend):
+        cert = _load_cert(
+            os.path.join(
+                "x509", "custom", "unsupported_subject_public_key_info.pem"
+            ),
+            x509.load_pem_x509_certificate,
+            backend,
+        )
+
+        with pytest.raises(ValueError):
+            cert.public_key()
+
+
 class TestNameAttribute(object):
     def test_init_bad_oid(self):
         with pytest.raises(TypeError):
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index 85373973..1bc14620 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -1555,6 +1555,21 @@ class TestRSASubjectAlternativeNameExtension(object):
             u'saseliminator.com'
         ]
 
+    def test_san_empty_hostname(self, backend):
+        cert = _load_cert(
+            os.path.join(
+                "x509", "custom", "san_empty_hostname.pem"
+            ),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        san = cert.extensions.get_extension_for_oid(
+            ExtensionOID.SUBJECT_ALTERNATIVE_NAME
+        )
+
+        dns = san.value.get_values_for_type(x509.DNSName)
+        assert dns == [u'']
+
     def test_san_wildcard_idna_dns_name(self, backend):
         cert = _load_cert(
             os.path.join("x509", "custom", "san_wildcard_idna.pem"),
@@ -2903,6 +2918,30 @@ class TestCRLDistributionPointsExtension(object):
             )
         ])
 
+    def test_crl_empty_hostname(self, backend):
+        cert = _load_cert(
+            os.path.join(
+                "x509", "custom", "cdp_empty_hostname.pem"
+            ),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+
+        cdps = cert.extensions.get_extension_for_oid(
+            ExtensionOID.CRL_DISTRIBUTION_POINTS
+        ).value
+
+        assert cdps == x509.CRLDistributionPoints([
+            x509.DistributionPoint(
+                full_name=[x509.UniformResourceIdentifier(
+                    u"ldap:/CN=A,OU=B,dc=C,DC=D?E?F?G?H=I"
+                )],
+                relative_name=None,
+                reasons=None,
+                crl_issuer=None
+            )
+        ])
+
 
 @pytest.mark.requires_backend_interface(interface=RSABackend)
 @pytest.mark.requires_backend_interface(interface=X509Backend)
diff --git a/tests/utils.py b/tests/utils.py
index cc3f9fcc..3970109e 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -722,7 +722,7 @@ def load_kasvs_ecdh_vectors(vector_data):
         if line.startswith("["):
             tag = line.split()[0][1:]
         elif line.startswith("COUNT = "):
-            data["COUNT"] = int(line.split("=")[1], 16)
+            data["COUNT"] = int(line.split("=")[1])
         elif line.startswith("dsCAVS = "):
             data["CAVS"]["d"] = int(line.split("=")[1], 16)
         elif line.startswith("QsCAVSx = "):