diff options
author | Bob Halley <halley@dnspython.org> | 2017-02-19 13:56:50 -0800 |
---|---|---|
committer | Bob Halley <halley@dnspython.org> | 2017-02-19 13:56:50 -0800 |
commit | 22e9de1d7957e558ea8f89f24e402cbbc8d50646 (patch) | |
tree | 497d4e01d369b0ef4d6d0bc946c88e82ae8f721f /dns | |
parent | b78ccf5a4b774afb2940e9cd78b2b972736885c6 (diff) | |
download | dnspython-22e9de1d7957e558ea8f89f24e402cbbc8d50646.tar.gz |
Raise a validation failure exception instead of asserting when an
ECDSA point is invalid.
[Issue #237]
Diffstat (limited to 'dns')
-rw-r--r-- | dns/dnssec.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/dns/dnssec.py b/dns/dnssec.py index f316636..b91a64f 100644 --- a/dns/dnssec.py +++ b/dns/dnssec.py @@ -364,7 +364,8 @@ def _validate_rrsig(rrset, rrsig, keys, origin=None, now=None): keyptr = candidate_key.key x = Crypto.Util.number.bytes_to_long(keyptr[0:key_len]) y = Crypto.Util.number.bytes_to_long(keyptr[key_len:key_len * 2]) - assert ecdsa.ecdsa.point_is_valid(curve.generator, x, y) + if not ecdsa.ecdsa.point_is_valid(curve.generator, x, y): + raise ValidationFailure('invalid ECDSA key') point = ecdsa.ellipticcurve.Point(curve.curve, x, y, curve.order) verifying_key = ecdsa.keys.VerifyingKey.from_public_point(point, curve) |