diff options
| -rw-r--r-- | src/cryptography/hazmat/bindings/openssl/binding.py | 32 | ||||
| -rw-r--r-- | tests/hazmat/bindings/test_openssl.py | 22 |
2 files changed, 42 insertions, 12 deletions
diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py index d8fd74db..47e64191 100644 --- a/src/cryptography/hazmat/bindings/openssl/binding.py +++ b/src/cryptography/hazmat/bindings/openssl/binding.py @@ -15,8 +15,10 @@ from cryptography.exceptions import InternalError from cryptography.hazmat.bindings._openssl import ffi, lib from cryptography.hazmat.bindings.openssl._conditional import CONDITIONAL_NAMES -_OpenSSLError = collections.namedtuple( - "_OpenSSLError", ["code", "lib", "func", "reason", "reason_text"] +_OpenSSLError = collections.namedtuple("_OpenSSLError", + ["code", "lib", "func", "reason"]) +_OpenSSLErrorText = collections.namedtuple( + "_OpenSSLErrorText", ["code", "lib", "func", "reason", "reason_text"] ) @@ -30,11 +32,8 @@ def _consume_errors(lib): err_lib = lib.ERR_GET_LIB(code) err_func = lib.ERR_GET_FUNC(code) err_reason = lib.ERR_GET_REASON(code) - err_text_reason = ffi.string(lib.ERR_error_string(code, ffi.NULL)) - errors.append( - _OpenSSLError(code, err_lib, err_func, err_reason, err_text_reason) - ) + errors.append(_OpenSSLError(code, err_lib, err_func, err_reason)) return errors @@ -42,15 +41,26 @@ def _consume_errors(lib): def _openssl_assert(lib, ok): if not ok: errors = _consume_errors(lib) + errors_with_text = [] + for err in errors: + err_text_reason = ffi.string( + lib.ERR_error_string(err.code, ffi.NULL) + ) + errors_with_text.append( + _OpenSSLErrorText( + err.code, err.lib, err.func, err.reason, err_text_reason + ) + ) + raise InternalError( "Unknown OpenSSL error. This error is commonly encountered when " "another library is not cleaning up the OpenSSL error stack. If " - "you are using cryptography with another Python library that " - "uses OpenSSL try disabling it before reporting a bug. Otherwise " - "iplease file an issue at https://github.com/pyca/cryptography/" + "you are using cryptography with another library that uses " + "OpenSSL try disabling it before reporting a bug. Otherwise " + "please file an issue at https://github.com/pyca/cryptography/" "issues with information on how to reproduce " - "this. ({0!r})".format(errors), - errors + "this. ({0!r})".format(errors_with_text), + errors_with_text ) diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index 76a9218b..73f61257 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -6,7 +6,10 @@ from __future__ import absolute_import, division, print_function import pytest -from cryptography.hazmat.bindings.openssl.binding import Binding +from cryptography.exceptions import InternalError +from cryptography.hazmat.bindings.openssl.binding import ( + Binding, _OpenSSLErrorText, _openssl_assert +) class TestOpenSSL(object): @@ -149,3 +152,20 @@ class TestOpenSSL(object): else: with pytest.raises(AttributeError): b.lib.CMAC_Init + + def test_openssl_assert_error_on_stack(self): + b = Binding() + b.lib.ERR_put_error(4, 160, 110, b"", -1) + with pytest.raises(InternalError) as exc_info: + _openssl_assert(b.lib, False) + + exc_info.value.err_code == _OpenSSLErrorText( + code=67764334, + lib=4, + func=160, + reason=110, + reason_text=( + b'error:040A006E:rsa routines:RSA_padding_add_PKCS1_OAEP_mgf1' + b':data too large for key size' + ) + ) |