diff options
| -rw-r--r-- | src/cryptography/hazmat/bindings/openssl/binding.py | 7 | ||||
| -rw-r--r-- | tests/hazmat/bindings/test_openssl.py | 14 |
2 files changed, 19 insertions, 2 deletions
diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py index 6f9359c7..59092c0d 100644 --- a/src/cryptography/hazmat/bindings/openssl/binding.py +++ b/src/cryptography/hazmat/bindings/openssl/binding.py @@ -90,7 +90,12 @@ class Binding(object): @classmethod def _register_osrandom_engine(cls): - _openssl_assert(cls.lib, cls.lib.ERR_peek_error() == 0) + # Clear any errors extant in the queue before we start. In many + # scenarios other things may be interacting with OpenSSL in the same + # process space and it has proven untenable to assume that they will + # reliably clear the error queue. Once we clear it here we will + # error on any subsequent unexpected item in the stack. + cls.lib.ERR_clear_error() cls._osrandom_engine_id = cls.lib.Cryptography_osrandom_engine_id cls._osrandom_engine_name = cls.lib.Cryptography_osrandom_engine_name result = cls.lib.Cryptography_add_osrandom_engine() diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index 85b51725..449e581e 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -8,7 +8,7 @@ import pytest from cryptography.exceptions import InternalError from cryptography.hazmat.bindings.openssl.binding import ( - Binding, _OpenSSLErrorWithText, _openssl_assert + Binding, _OpenSSLErrorWithText, _consume_errors, _openssl_assert ) @@ -110,3 +110,15 @@ class TestOpenSSL(object): b'ex:data not multiple of block length' ) )] + + def test_check_startup_errors_are_allowed(self): + b = Binding() + b.lib.ERR_put_error( + b.lib.ERR_LIB_EVP, + b.lib.EVP_F_EVP_ENCRYPTFINAL_EX, + b.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH, + b"", + -1 + ) + b._register_osrandom_engine() + assert _consume_errors(b.lib) == [] |