[Cryptech-Commits] [sw/libhal] branch ksng updated: Work around known bugs in PyCrypto ASN.1 code.

git at cryptech.is git at cryptech.is
Wed May 10 23:18:29 UTC 2017


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch ksng
in repository sw/libhal.

The following commit(s) were added to refs/heads/ksng by this push:
     new 052a078  Work around known bugs in PyCrypto ASN.1 code.
052a078 is described below

commit 052a0781ec41780b534aca749540ed5b939a721a
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Wed May 10 19:10:05 2017 -0400

    Work around known bugs in PyCrypto ASN.1 code.
    
    Turns out there are a couple of known minor bugs in PyCrypto's ASN.1
    decoder, simple dumb things that never could have worked.  Debian's
    packaging includes a patch for these bugs, but for some reason the
    patch is marked as not needing to be sent upstream, dunno why.  So
    these methods work fine, but only on Debian.  Feh.
    
    Simplest approach is to work around the bugs on all platforms,
    particularly given that this is just unit test support code.
---
 unit-tests.py | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/unit-tests.py b/unit-tests.py
index f0f5fb2..a3e4282 100644
--- a/unit-tests.py
+++ b/unit-tests.py
@@ -905,11 +905,19 @@ class TestPKeyBackup(TestCaseLoggedIn):
         encryptedPrivateKeyInfo = DerSequence()
         encryptedPrivateKeyInfo.decode(der)
         encryptionAlgorithm = DerSequence()
-        encryptionAlgorithm.decode(encryptedPrivateKeyInfo[0])
         algorithm = DerObjectId()
-        algorithm.decode(encryptionAlgorithm[0])
         encryptedData = DerOctetString()
-        encryptedData.decode(encryptedPrivateKeyInfo[1])
+        encryptionAlgorithm.decode(encryptedPrivateKeyInfo[0])
+        # <kludge>
+        # Sigh, bugs in PyCrypto ASN.1 code.  Should do:
+        #
+        #algorithm.decode(encryptionAlgorithm[0])
+        #encryptedData.decode(encryptedPrivateKeyInfo[1])
+        #
+        # but due to bugs in those methods we must instead do:
+        DerObject.decode(algorithm, encryptionAlgorithm[0])
+        DerObject.decode(encryptedData, encryptedPrivateKeyInfo[1])
+        # </kludge>
         if algorithm.payload != oid:
             raise ValueError
         return encryptedData.payload

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.


More information about the Commits mailing list