diff options
author | Casey Deccio <casey@deccio.net> | 2016-11-09 18:53:18 +0300 |
---|---|---|
committer | Casey Deccio <casey@deccio.net> | 2016-11-09 18:53:18 +0300 |
commit | d953c7c6756390a9c8a8a4f207b96d501a5be71d (patch) | |
tree | 0a7ae04bbb23e2b86cdb8b6b3993def94f3ca3d6 | |
parent | c07ff152168cf2e2e6628ae3dfe2954b7c2058ca (diff) |
Check for invalid ECDSA key
-rw-r--r-- | dnsviz/crypto.py | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/dnsviz/crypto.py b/dnsviz/crypto.py index ee4978c..9e502f4 100644 --- a/dnsviz/crypto.py +++ b/dnsviz/crypto.py @@ -244,7 +244,10 @@ def _dnskey_to_ec(alg, key): else: raise ValueError('Algorithm not supported') - return EC.pub_key_from_params(curve, EC_NOCOMPRESSION + key) + try: + return EC.pub_key_from_params(curve, EC_NOCOMPRESSION + key) + except ValueError: + return None def _validate_rrsig_rsa(alg, sig, msg, key): pubkey = _dnskey_to_rsa(key) @@ -314,6 +317,10 @@ def _validate_rrsig_gost(alg, sig, msg, key): def _validate_rrsig_ec(alg, sig, msg, key): pubkey = _dnskey_to_ec(alg, key) + # if the key is invalid, then the signature is also invalid + if pubkey is None: + return False + if alg in (13,): alg='sha256' sigsize = 64 |