2 files changed, 48 insertions, 37 deletions

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index a476b1e9..a8f639d5 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -42,7 +42,7 @@ from cryptography.hazmat.backends.openssl.x509 import (
     _Certificate, _CertificateSigningRequest, _DISTPOINT_TYPE_FULLNAME,
     _DISTPOINT_TYPE_RELATIVENAME
 )
-from cryptography.hazmat.bindings.openssl.binding import Binding
+from cryptography.hazmat.bindings.openssl import binding
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
 from cryptography.hazmat.primitives.asymmetric.padding import (
@@ -58,14 +58,6 @@ from cryptography.x509.oid import ExtensionOID
 
 
 _MemoryBIO = collections.namedtuple("_MemoryBIO", ["bio", "char_ptr"])
-_OpenSSLError = collections.namedtuple("_OpenSSLError",
-                                       ["code", "lib", "func", "reason"])
-
-
-class UnhandledOpenSSLError(Exception):
-    def __init__(self, msg, errors):
-        super(UnhandledOpenSSLError, self).__init__(msg)
-        self.errors = errors
 
 
 def _encode_asn1_int(backend, x):
@@ -524,7 +516,7 @@ class Backend(object):
     name = "openssl"
 
     def __init__(self):
-        self._binding = Binding()
+        self._binding = binding.Binding()
         self._ffi = self._binding.ffi
         self._lib = self._binding.lib
 
@@ -541,14 +533,7 @@ class Backend(object):
         self.activate_osrandom_engine()
 
     def openssl_assert(self, ok):
-        if not ok:
-            errors = self._consume_errors()
-            raise UnhandledOpenSSLError(
-                "Unknown OpenSSL error. Please file an issue at https://github"
-                ".com/pyca/cryptography/issues with information on how to "
-                "reproduce this.",
-                errors
-            )
+        return binding._openssl_assert(self._lib, ok)
 
     def activate_builtin_random(self):
         # Obtain a new structural reference.
@@ -759,18 +744,7 @@ class Backend(object):
         return self._ffi.string(err_buf, 256)[:]
 
     def _consume_errors(self):
-        errors = []
-        while True:
-            code = self._lib.ERR_get_error()
-            if code == 0:
-                break
-
-            lib = self._lib.ERR_GET_LIB(code)
-            func = self._lib.ERR_GET_FUNC(code)
-            reason = self._lib.ERR_GET_REASON(code)
-
-            errors.append(_OpenSSLError(code, lib, func, reason))
-        return errors
+        return binding._consume_errors(self._lib)
 
     def _unknown_error(self, error):
         return InternalError(
diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py
index 50d7f6d5..a5635f7d 100644
--- a/src/cryptography/hazmat/bindings/openssl/binding.py
+++ b/src/cryptography/hazmat/bindings/openssl/binding.py
@@ -4,6 +4,7 @@
 
 from __future__ import absolute_import, division, print_function
 
+import collections
 import os
 import threading
 import types
@@ -12,6 +13,42 @@ from cryptography.hazmat.bindings._openssl import ffi, lib
 from cryptography.hazmat.bindings.openssl._conditional import CONDITIONAL_NAMES
 
 
+_OpenSSLError = collections.namedtuple("_OpenSSLError",
+                                       ["code", "lib", "func", "reason"])
+
+
+class UnhandledOpenSSLError(Exception):
+    def __init__(self, msg, errors):
+        super(UnhandledOpenSSLError, self).__init__(msg)
+        self.errors = errors
+
+
+def _consume_errors(lib):
+    errors = []
+    while True:
+        code = lib.ERR_get_error()
+        if code == 0:
+            break
+
+        err_lib = lib.ERR_GET_LIB(code)
+        err_func = lib.ERR_GET_FUNC(code)
+        err_reason = lib.ERR_GET_REASON(code)
+
+        errors.append(_OpenSSLError(code, err_lib, err_func, err_reason))
+    return errors
+
+
+def _openssl_assert(lib, ok):
+    if not ok:
+        errors = _consume_errors(lib)
+        raise UnhandledOpenSSLError(
+            "Unknown OpenSSL error. Please file an issue at https://github.com"
+            "/pyca/cryptography/issues with information on how to reproduce "
+            "this.",
+            errors
+        )
+
+
 @ffi.callback("int (*)(unsigned char *, int)", error=-1)
 def _osrandom_rand_bytes(buf, size):
     signed = ffi.cast("char *", buf)
@@ -64,7 +101,7 @@ class Binding(object):
 
     @classmethod
     def _register_osrandom_engine(cls):
-        assert cls.lib.ERR_peek_error() == 0
+        _openssl_assert(cls.lib, cls.lib.ERR_peek_error() == 0)
         looked_up_engine = cls.lib.ENGINE_by_id(cls._osrandom_engine_id)
         if looked_up_engine != ffi.NULL:
             raise RuntimeError("osrandom engine already registered")
@@ -72,19 +109,19 @@ class Binding(object):
         cls.lib.ERR_clear_error()
 
         engine = cls.lib.ENGINE_new()
-        assert engine != cls.ffi.NULL
+        _openssl_assert(cls.lib, engine != cls.ffi.NULL)
         try:
             result = cls.lib.ENGINE_set_id(engine, cls._osrandom_engine_id)
-            assert result == 1
+            _openssl_assert(cls.lib, result == 1)
             result = cls.lib.ENGINE_set_name(engine, cls._osrandom_engine_name)
-            assert result == 1
+            _openssl_assert(cls.lib, result == 1)
             result = cls.lib.ENGINE_set_RAND(engine, cls._osrandom_method)
-            assert result == 1
+            _openssl_assert(cls.lib, result == 1)
             result = cls.lib.ENGINE_add(engine)
-            assert result == 1
+            _openssl_assert(cls.lib, result == 1)
         finally:
             result = cls.lib.ENGINE_free(engine)
-            assert result == 1
+            _openssl_assert(cls.lib, result == 1)
 
     @classmethod
     def _ensure_ffi_initialized(cls):