diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-07-10 18:44:45 +0530 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-07-10 09:14:45 -0400 |
| commit | 43d02e7eabc13ed5f01a1e68aa595fd597d91729 (patch) | |
| tree | 47f780bc3cc3ec683b95833c37c6cbbf457847bf /src | |
| parent | 40baa274f979d29310ef54493d05cd2e52043417 (diff) | |
| download | cryptography-43d02e7eabc13ed5f01a1e68aa595fd597d91729.tar.gz cryptography-43d02e7eabc13ed5f01a1e68aa595fd597d91729.tar.bz2 cryptography-43d02e7eabc13ed5f01a1e68aa595fd597d91729.zip | |
we don't actually care about the errstack here, it's an invalid signature (#4325)
* we don't actually care about the errstack here, it's an invalid signature
We previously had no cases where we could error without getting errors
on the error stack, but wycheproof contains test cases that can error
without adding anything to the stack. Accordingly, we should clear the
stack but raise InvalidSignature no matter what (rather than
InternalError if we have no error msgs)
* add a test
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/rsa.py | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py index e7a77312..9a7bfaa5 100644 --- a/src/cryptography/hazmat/backends/openssl/rsa.py +++ b/src/cryptography/hazmat/backends/openssl/rsa.py @@ -264,8 +264,7 @@ def _rsa_sig_verify(backend, padding, algorithm, public_key, signature, data): # occurs. backend.openssl_assert(res >= 0) if res == 0: - errors = backend._consume_errors() - backend.openssl_assert(errors) + backend._consume_errors() raise InvalidSignature |