aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/cryptography/hazmat/backends/openssl/backend.py63
-rw-r--r--src/cryptography/hazmat/backends/openssl/ciphers.py6
-rw-r--r--src/cryptography/hazmat/backends/openssl/dh.py10
-rw-r--r--src/cryptography/hazmat/bindings/openssl/binding.py19
4 files changed, 54 insertions, 44 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index a259d668..9900d053 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -710,10 +710,13 @@ class Backend(object):
)
if res == 0:
errors = self._consume_errors()
- self.openssl_assert(errors[0][1] == self._lib.ERR_LIB_RSA)
self.openssl_assert(
- errors[0][3] == self._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY
+ errors[0]._lib_reason_match(
+ self._lib.ERR_LIB_RSA,
+ self._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY
+ )
)
+
raise ValueError("Digest too big for RSA key")
return _CertificateSigningRequest(self, x509_req)
@@ -792,9 +795,11 @@ class Backend(object):
)
if res == 0:
errors = self._consume_errors()
- self.openssl_assert(errors[0][1] == self._lib.ERR_LIB_RSA)
self.openssl_assert(
- errors[0][3] == self._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY
+ errors[0]._lib_reason_match(
+ self._lib.ERR_LIB_RSA,
+ self._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY
+ )
)
raise ValueError("Digest too big for RSA key")
@@ -802,9 +807,11 @@ class Backend(object):
def _raise_time_set_error(self):
errors = self._consume_errors()
- self.openssl_assert(errors[0][1] == self._lib.ERR_LIB_ASN1)
self.openssl_assert(
- errors[0][3] == self._lib.ASN1_R_ERROR_GETTING_TIME
+ errors[0]._lib_reason_match(
+ self._lib.ERR_LIB_ASN1,
+ self._lib.ASN1_R_ERROR_GETTING_TIME
+ )
)
raise ValueError(
"Invalid time. This error can occur if you set a time too far in "
@@ -879,9 +886,11 @@ class Backend(object):
)
if res == 0:
errors = self._consume_errors()
- self.openssl_assert(errors[0][1] == self._lib.ERR_LIB_RSA)
self.openssl_assert(
- errors[0][3] == self._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY
+ errors[0]._lib_reason_match(
+ self._lib.ERR_LIB_RSA,
+ self._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY
+ )
)
raise ValueError("Digest too big for RSA key")
@@ -1173,31 +1182,21 @@ class Backend(object):
if not errors:
raise ValueError("Could not deserialize key data.")
- elif errors[0][1:] in (
- (
- self._lib.ERR_LIB_EVP,
- self._lib.EVP_F_EVP_DECRYPTFINAL_EX,
- self._lib.EVP_R_BAD_DECRYPT
- ),
- (
+ elif (
+ errors[0]._lib_reason_match(
+ self._lib.ERR_LIB_EVP, self._lib.EVP_R_BAD_DECRYPT
+ ) or errors[0]._lib_reason_match(
self._lib.ERR_LIB_PKCS12,
- self._lib.PKCS12_F_PKCS12_PBE_CRYPT,
- self._lib.PKCS12_R_PKCS12_CIPHERFINAL_ERROR,
+ self._lib.PKCS12_R_PKCS12_CIPHERFINAL_ERROR
)
):
raise ValueError("Bad decrypt. Incorrect password?")
- elif errors[0][1:] in (
- (
- self._lib.ERR_LIB_PEM,
- self._lib.PEM_F_PEM_GET_EVP_CIPHER_INFO,
- self._lib.PEM_R_UNSUPPORTED_ENCRYPTION
- ),
-
- (
- self._lib.ERR_LIB_EVP,
- self._lib.EVP_F_EVP_PBE_CIPHERINIT,
- self._lib.EVP_R_UNKNOWN_PBE_ALGORITHM
+ elif (
+ errors[0]._lib_reason_match(
+ self._lib.ERR_LIB_EVP, self._lib.EVP_R_UNKNOWN_PBE_ALGORITHM
+ ) or errors[0]._lib_reason_match(
+ self._lib.ERR_LIB_PEM, self._lib.PEM_R_UNSUPPORTED_ENCRYPTION
)
):
raise UnsupportedAlgorithm(
@@ -1206,9 +1205,8 @@ class Backend(object):
)
elif any(
- error[1:] == (
+ error._lib_reason_match(
self._lib.ERR_LIB_EVP,
- self._lib.EVP_F_EVP_PKCS82PKEY,
self._lib.EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM
)
for error in errors
@@ -1216,7 +1214,7 @@ class Backend(object):
raise ValueError("Unsupported public key algorithm.")
else:
- assert errors[0][1] in (
+ assert errors[0].lib in (
self._lib.ERR_LIB_EVP,
self._lib.ERR_LIB_PEM,
self._lib.ERR_LIB_ASN1,
@@ -1235,9 +1233,8 @@ class Backend(object):
errors = self._consume_errors()
self.openssl_assert(
curve_nid == self._lib.NID_undef or
- errors[0][1:] == (
+ errors[0]._lib_reason_match(
self._lib.ERR_LIB_EC,
- self._lib.EC_F_EC_GROUP_NEW_BY_CURVE_NAME,
self._lib.EC_R_UNKNOWN_GROUP
)
)
diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py
index 13c9fa52..4ca2fee6 100644
--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
@@ -160,13 +160,11 @@ class _CipherContext(object):
raise InvalidTag
self._backend.openssl_assert(
- errors[0][1:] == (
+ errors[0]._lib_reason_match(
self._backend._lib.ERR_LIB_EVP,
- self._backend._lib.EVP_F_EVP_ENCRYPTFINAL_EX,
self._backend._lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH
- ) or errors[0][1:] == (
+ ) or errors[0]._lib_reason_match(
self._backend._lib.ERR_LIB_EVP,
- self._backend._lib.EVP_F_EVP_DECRYPTFINAL_EX,
self._backend._lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH
)
)
diff --git a/src/cryptography/hazmat/backends/openssl/dh.py b/src/cryptography/hazmat/backends/openssl/dh.py
index 88c876fc..456e9bea 100644
--- a/src/cryptography/hazmat/backends/openssl/dh.py
+++ b/src/cryptography/hazmat/backends/openssl/dh.py
@@ -63,11 +63,11 @@ class _DHParameters(object):
def _handle_dh_compute_key_error(errors, backend):
lib = backend._lib
- backend.openssl_assert(errors[0][1:] == (
- lib.ERR_LIB_DH,
- lib.DH_F_COMPUTE_KEY,
- lib.DH_R_INVALID_PUBKEY
- ))
+ backend.openssl_assert(
+ errors[0]._lib_reason_match(
+ lib.ERR_LIB_DH, lib.DH_R_INVALID_PUBKEY
+ )
+ )
raise ValueError("Public key value is invalid for this exchange.")
diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py
index 6b3d50c4..d00fc794 100644
--- a/src/cryptography/hazmat/bindings/openssl/binding.py
+++ b/src/cryptography/hazmat/bindings/openssl/binding.py
@@ -8,17 +8,32 @@ import collections
import threading
import types
+from cryptography import utils
from cryptography.exceptions import InternalError
from cryptography.hazmat.bindings._openssl import ffi, lib
from cryptography.hazmat.bindings.openssl._conditional import CONDITIONAL_NAMES
-_OpenSSLError = collections.namedtuple("_OpenSSLError",
- ["code", "lib", "func", "reason"])
_OpenSSLErrorWithText = collections.namedtuple(
"_OpenSSLErrorWithText", ["code", "lib", "func", "reason", "reason_text"]
)
+class _OpenSSLError(object):
+ def __init__(self, code, lib, func, reason):
+ self._code = code
+ self._lib = lib
+ self._func = func
+ self._reason = reason
+
+ def _lib_reason_match(self, lib, reason):
+ return lib == self.lib and reason == self.reason
+
+ code = utils.read_only_property("_code")
+ lib = utils.read_only_property("_lib")
+ func = utils.read_only_property("_func")
+ reason = utils.read_only_property("_reason")
+
+
def _consume_errors(lib):
errors = []
while True:
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-29 02:08:12 +0000