Merge pull request #2599 from reaperhulk/oaep-fix Handle RSA_R_OAEP_DECODING_ERROR

commit: 42e0c790c5150bec47add345065929ca7df8e6ff [log] [tgz]
author: Alex Gaynor <alex.gaynor@gmail.com> Mon Dec 28 07:35:34 2015 -0500
committer: Alex Gaynor <alex.gaynor@gmail.com> Mon Dec 28 07:35:34 2015 -0500
tree: 82a4420511ddab15d1667cb8095266b5bdeb4920
parent: fb7659c5db43dd1e53d0934f27a3937bb4af3663 [diff]
parent: c809360573fc2ef659c154740c32e98f35fc5da9 [diff]
diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py
index 6ec1377..9d97be1 100644
--- a/src/_cffi_src/openssl/err.py
+++ b/src/_cffi_src/openssl/err.py

@@ -230,6 +230,7 @@
 static const int RSA_R_BLOCK_TYPE_IS_NOT_01;
 static const int RSA_R_BLOCK_TYPE_IS_NOT_02;
 static const int RSA_R_PKCS_DECODING_ERROR;
+static const int RSA_R_OAEP_DECODING_ERROR;
 static const int RSA_F_RSA_SIGN;
 """
 

diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py
index 664f6d3..033cd3b 100644
--- a/src/cryptography/hazmat/backends/openssl/rsa.py
+++ b/src/cryptography/hazmat/backends/openssl/rsa.py

@@ -138,6 +138,7 @@
         decoding_errors = [
             backend._lib.RSA_R_BLOCK_TYPE_IS_NOT_01,
             backend._lib.RSA_R_BLOCK_TYPE_IS_NOT_02,
+            backend._lib.RSA_R_OAEP_DECODING_ERROR,
         ]
         if backend._lib.Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR:
             decoding_errors.append(backend._lib.RSA_R_PKCS_DECODING_ERROR)

diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 0b83fd6..b6213d6 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py

@@ -1194,6 +1194,43 @@
         )
         assert message == binascii.unhexlify(example["message"])
 
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.rsa_padding_supported(
+            padding.OAEP(
+                mgf=padding.MGF1(algorithm=hashes.SHA1()),
+                algorithm=hashes.SHA1(),
+                label=None
+            )
+        ),
+        skip_message="Does not support OAEP."
+    )
+    def test_invalid_oaep_decryption(self, backend):
+        # More recent versions of OpenSSL may raise RSA_R_OAEP_DECODING_ERROR
+        # This test triggers it and confirms that we properly handle it. Other
+        # backends should also return the proper ValueError.
+        private_key = RSA_KEY_512.private_key(backend)
+
+        ciphertext = private_key.public_key().encrypt(
+            b'secure data',
+            padding.OAEP(
+                mgf=padding.MGF1(algorithm=hashes.SHA1()),
+                algorithm=hashes.SHA1(),
+                label=None
+            )
+        )
+
+        private_key_alt = RSA_KEY_512_ALT.private_key(backend)
+
+        with pytest.raises(ValueError):
+            private_key_alt.decrypt(
+                ciphertext,
+                padding.OAEP(
+                    mgf=padding.MGF1(algorithm=hashes.SHA1()),
+                    algorithm=hashes.SHA1(),
+                    label=None
+                )
+            )
+
     def test_unsupported_oaep_mgf(self, backend):
         private_key = RSA_KEY_512.private_key(backend)
         with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_MGF):
commit	42e0c790c5150bec47add345065929ca7df8e6ff	[log] [tgz]
author	Alex Gaynor <alex.gaynor@gmail.com>	Mon Dec 28 07:35:34 2015 -0500
committer	Alex Gaynor <alex.gaynor@gmail.com>	Mon Dec 28 07:35:34 2015 -0500
tree	82a4420511ddab15d1667cb8095266b5bdeb4920
parent	fb7659c5db43dd1e53d0934f27a3937bb4af3663 [diff]
parent	c809360573fc2ef659c154740c32e98f35fc5da9 [diff]