Raise a validation failure exception instead of asserting when an

ECDSA point is invalid. [Issue #237]
author: Bob Halley <halley@dnspython.org> 2017-02-19 13:56:50 -0800
committer: Bob Halley <halley@dnspython.org> 2017-02-19 13:56:50 -0800
commit: 22e9de1d7957e558ea8f89f24e402cbbc8d50646 (patch)
tree: 497d4e01d369b0ef4d6d0bc946c88e82ae8f721f /dns
parent: b78ccf5a4b774afb2940e9cd78b2b972736885c6 (diff)
download: dnspython-22e9de1d7957e558ea8f89f24e402cbbc8d50646.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/dns/dnssec.py b/dns/dnssec.py
index f316636..b91a64f 100644
--- a/dns/dnssec.py
+++ b/dns/dnssec.py
@@ -364,7 +364,8 @@ def _validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
             keyptr = candidate_key.key
             x = Crypto.Util.number.bytes_to_long(keyptr[0:key_len])
             y = Crypto.Util.number.bytes_to_long(keyptr[key_len:key_len * 2])
-            assert ecdsa.ecdsa.point_is_valid(curve.generator, x, y)
+            if not ecdsa.ecdsa.point_is_valid(curve.generator, x, y):
+                raise ValidationFailure('invalid ECDSA key')
             point = ecdsa.ellipticcurve.Point(curve.curve, x, y, curve.order)
             verifying_key = ecdsa.keys.VerifyingKey.from_public_point(point,
                                                                       curve)
author	Bob Halley <halley@dnspython.org>	2017-02-19 13:56:50 -0800
committer	Bob Halley <halley@dnspython.org>	2017-02-19 13:56:50 -0800
commit	22e9de1d7957e558ea8f89f24e402cbbc8d50646 (patch)
tree	497d4e01d369b0ef4d6d0bc946c88e82ae8f721f /dns
parent	b78ccf5a4b774afb2940e9cd78b2b972736885c6 (diff)
download	dnspython-22e9de1d7957e558ea8f89f24e402cbbc8d50646.tar.gz