From 19f5a49d413bd9c7b81f29511f4c983bb9408968 Mon Sep 17 00:00:00 2001 From: Ian Cordasco Date: Sat, 1 Aug 2015 11:06:17 -0500 Subject: Add check for an RSA Key being too small - Remove outdated/unnecessary/illegitimate TODOs - Fix up test for an RSA key that is too small --- src/cryptography/hazmat/backends/openssl/backend.py | 6 +++++- src/cryptography/x509.py | 2 -- 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 3beb716d..eae31cd1 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -1081,7 +1081,11 @@ class Backend(object): res = self._lib.X509_sign( x509_cert, private_key._evp_pkey, evp_md ) - assert res > 0 + if res == 0: + errors = self._consume_errors() + assert errors[0][1] == self._lib.ERR_LIB_RSA + assert errors[0][3] == self._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY + raise ValueError("Digest too big for RSA key") return _Certificate(self, x509_cert) diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index 11ce6cf0..5760aae7 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -1680,7 +1680,6 @@ class CertificateBuilder(object): """ Sets the certificate activation time. """ - # TODO: require UTC datetime? if not isinstance(time, datetime.datetime): raise TypeError('Expecting datetime object.') if self._not_valid_before is not None: @@ -1698,7 +1697,6 @@ class CertificateBuilder(object): """ Sets the certificate expiration time. """ - # TODO: require UTC datetime? if not isinstance(time, datetime.datetime): raise TypeError('Expecting datetime object.') if self._not_valid_after is not None: -- cgit v1.2.3