Skip to content

Commit 3ff5218

Browse files
authored
Backport tlv fix, 38.0.1 bump (#7576)
* fix parsing for CRLs with TLVs > 65535 bytes (#7575) * add CRL test vector with 9,999 revoked items * bump rust-asn1 * add large CRL test this tests CRLs larger than 65535 bytes in size. rust-asn1 supports up to 4GiB TLVs now, but we'll avoid putting a test vector that big for now * changelog and 38.0.1 bump
1 parent 52d6f1a commit 3ff5218

File tree

8 files changed

+4406
-7
lines changed

8 files changed

+4406
-7
lines changed

CHANGELOG.rst

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,14 @@
11
Changelog
22
=========
33

4+
.. _v38-0-1:
5+
6+
38.0.0 - 2022-09-07
7+
~~~~~~~~~~~~~~~~~~~
8+
9+
* Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically
10+
seen in large CRLs).
11+
412
.. _v38-0-0:
513

614
38.0.0 - 2022-09-06

docs/development/test-vectors.rst

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -597,6 +597,7 @@ Custom X.509 Certificate Revocation List Vectors
597597
* ``crl_no_next_time.pem`` - Contains a CRL with no ``nextUpdate`` value. The
598598
signature on this CRL is invalid.
599599
* ``crl_bad_version.pem`` - Contains a CRL with an invalid version.
600+
* ``crl_almost_10k.pem`` - Contains a CRL with 9,999 entries.
600601

601602
X.509 OCSP Test Vectors
602603
~~~~~~~~~~~~~~~~~~~~~~~

src/cryptography/__about__.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
"__copyright__",
1010
]
1111

12-
__version__ = "38.0.0"
12+
__version__ = "38.0.1"
1313

1414
__author__ = "The Python Cryptographic Authority and individual contributors"
1515
__copyright__ = "Copyright 2013-2022 {}".format(__author__)

src/rust/Cargo.lock

Lines changed: 4 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/rust/Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ publish = false
88
[dependencies]
99
once_cell = "1"
1010
pyo3 = { version = "0.15.2" }
11-
asn1 = { version = "0.12.1", default-features = false, features = ["derive"] }
11+
asn1 = { version = "0.12.2", default-features = false, features = ["derive"] }
1212
pem = "1.1"
1313
chrono = { version = "0.4.22", default-features = false, features = ["alloc", "clock"] }
1414
ouroboros = "0.15"

tests/x509/test_x509.py

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -107,6 +107,14 @@ def test_load_der_crl(self, backend):
107107
assert fingerprint == b"dd3db63c50f4c4a13e090f14053227cb1011a5ad"
108108
assert isinstance(crl.signature_hash_algorithm, hashes.SHA256)
109109

110+
def test_load_large_crl(self, backend):
111+
crl = _load_cert(
112+
os.path.join("x509", "custom", "crl_almost_10k.pem"),
113+
x509.load_pem_x509_crl,
114+
backend,
115+
)
116+
assert len(crl) == 9999
117+
110118
def test_empty_crl_no_sequence(self, backend):
111119
# The SEQUENCE for revoked certificates is optional so let's
112120
# test that we handle it properly.

vectors/cryptography_vectors/__about__.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,4 +6,4 @@
66
"__version__",
77
]
88

9-
__version__ = "38.0.0"
9+
__version__ = "38.0.1"

vectors/cryptography_vectors/x509/custom/crl_almost_10k.pem

Lines changed: 4382 additions & 0 deletions
Large diffs are not rendered by default.

0 commit comments

Comments
 (0)