Skip to content

Commit

Permalink
fixes #12257 -- raise the correct error on an unsupported curve (#12271)
Browse files Browse the repository at this point in the history
  • Loading branch information
alex authored Jan 12, 2025
1 parent b1535a0 commit d7596d0
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 2 deletions.
10 changes: 8 additions & 2 deletions src/rust/src/backend/ec.rs
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,8 @@ fn curve_from_py_curve(
}

let py_curve_name = py_curve.getattr(pyo3::intern!(py, "name"))?;
let nid = match &*py_curve_name.extract::<pyo3::pybacked::PyBackedStr>()? {
let curve_name = &*py_curve_name.extract::<pyo3::pybacked::PyBackedStr>()?;
let nid = match curve_name {
"secp192r1" => openssl::nid::Nid::X9_62_PRIME192V1,
"secp224r1" => openssl::nid::Nid::SECP224R1,
"secp256r1" => openssl::nid::Nid::X9_62_PRIME256V1,
Expand Down Expand Up @@ -84,7 +85,12 @@ fn curve_from_py_curve(
}
};

Ok(openssl::ec::EcGroup::from_curve_name(nid)?)
Ok(openssl::ec::EcGroup::from_curve_name(nid).map_err(|_| {
exceptions::UnsupportedAlgorithm::new_err((
format!("Curve {curve_name} is not supported"),
exceptions::Reasons::UNSUPPORTED_ELLIPTIC_CURVE,
))
})?)
}

fn py_curve_from_curve<'p>(
Expand Down
15 changes: 15 additions & 0 deletions tests/hazmat/primitives/test_ec.py
Original file line number Diff line number Diff line change
Expand Up @@ -331,6 +331,21 @@ def test_generate_unknown_curve(self, backend):
is False
)

@pytest.mark.skip_fips(
reason="Some FIPS curves aren't supported but work anyways"
)
@pytest.mark.parametrize("curve", ec._CURVE_TYPES.values())
def test_generate_unsupported_curve(
self, backend, curve: ec.EllipticCurve
):
if backend.elliptic_curve_supported(curve):
return

with raises_unsupported_algorithm(
exceptions._Reasons.UNSUPPORTED_ELLIPTIC_CURVE
):
ec.generate_private_key(curve)

def test_unknown_signature_algoritm(self, backend):
_skip_curve_unsupported(backend, ec.SECP192R1())

Expand Down

0 comments on commit d7596d0

Please sign in to comment.