Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport signature decode #124

Merged
merged 10 commits into from Oct 7, 2019
Merged

Backport signature decode #124

merged 10 commits into from Oct 7, 2019

Commits on Oct 7, 2019

  1. strict error checking in DER decoding of integers and sequences 

    backport of 50e6d9f
    @tomato42
    tomato42 committed Oct 7, 2019
    Copy the full SHA
    b0ea52b View commit details
    Browse the repository at this point in the history

  2. translate the UnexpectedDER exception to BadSignatureError 

    the users of VerifyingKey.verify() and VerifyingKey.verify_digest()
should not need to use multiple exceptions to correctly catch invalid
signatures

backport of 487f6d3
    @tomato42
    tomato42 committed Oct 7, 2019
    Copy the full SHA
    20b3774 View commit details
    Browse the repository at this point in the history

  3. give the same handling to string encoded signatures as to DER 

    Verify that strings of unexpected lengths are rejected with the
same BadSignatureError exception

backport of 8533e51
    @tomato42
    tomato42 committed Oct 7, 2019
    Copy the full SHA
    897178c View commit details
    Browse the repository at this point in the history

  4. fix length decoding 

    the same issues as with decoding integers happen with the NIST521p curve
as it's large enough that the length encoding of some fields needs
to use multi-byte encoding

backport of a655d6f
    @tomato42
    tomato42 committed Oct 7, 2019
    Copy the full SHA
    9080d1d View commit details
    Browse the repository at this point in the history

  5. explicitly specify the distro to get py26 and py33 

    backport of 091ca06
    @tomato42
    tomato42 committed Oct 7, 2019
    Copy the full SHA
    14abfe0 View commit details
    Browse the repository at this point in the history

  6. make variable names in remove_integer more aproppriate 

    backport of 710e7c8
    @tomato42
    tomato42 committed Oct 7, 2019
    Copy the full SHA
    563d2ee View commit details
    Browse the repository at this point in the history

  7. ensure that the encoding is actually the minimal one for length and i… 

    …nteger

backport of 2c3db7c
    @tomato42
    tomato42 committed Oct 7, 2019
    Copy the full SHA
    3427fa2 View commit details
    Browse the repository at this point in the history

  8. harden also key decoding 

    as assert statements will be removed in optimised build, do use a custom
exception that inherits from AssertionError so that the failures are
caught

this is reworking of d47a238 to implement the same checks but
without implementing support for SEC1/X9.62 formatted keys
    @tomato42
    tomato42 committed Oct 7, 2019
    Copy the full SHA
    99c907d View commit details
    Browse the repository at this point in the history

  9. execute also new tests in Travis 

    not a backport, necessary to make the tests runnable on 0.13 branch
    @tomato42
    tomato42 committed Oct 7, 2019
    Copy the full SHA
    b95be03 View commit details
    Browse the repository at this point in the history

  10. update README with error handling of from_string() and from_der() 

    proposed for master in tlsfuzzer#132
    @tomato42
    tomato42 committed Oct 7, 2019
    Copy the full SHA
    1eb2c04 View commit details
    Browse the repository at this point in the history