From 290272717c6d5fbdf074e72b9a444f7862c75f76 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 7 Mar 2016 21:41:34 -0400 Subject: improve the messages from openssl InternalError --- src/cryptography/hazmat/bindings/openssl/binding.py | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py index b2215de3..d8fd74db 100644 --- a/src/cryptography/hazmat/bindings/openssl/binding.py +++ b/src/cryptography/hazmat/bindings/openssl/binding.py @@ -15,8 +15,9 @@ from cryptography.exceptions import InternalError from cryptography.hazmat.bindings._openssl import ffi, lib from cryptography.hazmat.bindings.openssl._conditional import CONDITIONAL_NAMES -_OpenSSLError = collections.namedtuple("_OpenSSLError", - ["code", "lib", "func", "reason"]) +_OpenSSLError = collections.namedtuple( + "_OpenSSLError", ["code", "lib", "func", "reason", "reason_text"] +) def _consume_errors(lib): @@ -29,8 +30,12 @@ def _consume_errors(lib): err_lib = lib.ERR_GET_LIB(code) err_func = lib.ERR_GET_FUNC(code) err_reason = lib.ERR_GET_REASON(code) + err_text_reason = ffi.string(lib.ERR_error_string(code, ffi.NULL)) + + errors.append( + _OpenSSLError(code, err_lib, err_func, err_reason, err_text_reason) + ) - errors.append(_OpenSSLError(code, err_lib, err_func, err_reason)) return errors @@ -38,8 +43,12 @@ def _openssl_assert(lib, ok): if not ok: errors = _consume_errors(lib) raise InternalError( - "Unknown OpenSSL error. Please file an issue at https://github.com" - "/pyca/cryptography/issues with information on how to reproduce " + "Unknown OpenSSL error. This error is commonly encountered when " + "another library is not cleaning up the OpenSSL error stack. If " + "you are using cryptography with another Python library that " + "uses OpenSSL try disabling it before reporting a bug. Otherwise " + "iplease file an issue at https://github.com/pyca/cryptography/" + "issues with information on how to reproduce " "this. ({0!r})".format(errors), errors ) -- cgit v1.2.3 From d76bd668dc4b59c037771ed5619f939d65ca9905 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 7 Mar 2016 22:49:43 -0400 Subject: only call ERR_error_string if we're going to raise InternalError --- .../hazmat/bindings/openssl/binding.py | 32 ++++++++++++++-------- tests/hazmat/bindings/test_openssl.py | 22 ++++++++++++++- 2 files changed, 42 insertions(+), 12 deletions(-) diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py index d8fd74db..47e64191 100644 --- a/src/cryptography/hazmat/bindings/openssl/binding.py +++ b/src/cryptography/hazmat/bindings/openssl/binding.py @@ -15,8 +15,10 @@ from cryptography.exceptions import InternalError from cryptography.hazmat.bindings._openssl import ffi, lib from cryptography.hazmat.bindings.openssl._conditional import CONDITIONAL_NAMES -_OpenSSLError = collections.namedtuple( - "_OpenSSLError", ["code", "lib", "func", "reason", "reason_text"] +_OpenSSLError = collections.namedtuple("_OpenSSLError", + ["code", "lib", "func", "reason"]) +_OpenSSLErrorText = collections.namedtuple( + "_OpenSSLErrorText", ["code", "lib", "func", "reason", "reason_text"] ) @@ -30,11 +32,8 @@ def _consume_errors(lib): err_lib = lib.ERR_GET_LIB(code) err_func = lib.ERR_GET_FUNC(code) err_reason = lib.ERR_GET_REASON(code) - err_text_reason = ffi.string(lib.ERR_error_string(code, ffi.NULL)) - errors.append( - _OpenSSLError(code, err_lib, err_func, err_reason, err_text_reason) - ) + errors.append(_OpenSSLError(code, err_lib, err_func, err_reason)) return errors @@ -42,15 +41,26 @@ def _consume_errors(lib): def _openssl_assert(lib, ok): if not ok: errors = _consume_errors(lib) + errors_with_text = [] + for err in errors: + err_text_reason = ffi.string( + lib.ERR_error_string(err.code, ffi.NULL) + ) + errors_with_text.append( + _OpenSSLErrorText( + err.code, err.lib, err.func, err.reason, err_text_reason + ) + ) + raise InternalError( "Unknown OpenSSL error. This error is commonly encountered when " "another library is not cleaning up the OpenSSL error stack. If " - "you are using cryptography with another Python library that " - "uses OpenSSL try disabling it before reporting a bug. Otherwise " - "iplease file an issue at https://github.com/pyca/cryptography/" + "you are using cryptography with another library that uses " + "OpenSSL try disabling it before reporting a bug. Otherwise " + "please file an issue at https://github.com/pyca/cryptography/" "issues with information on how to reproduce " - "this. ({0!r})".format(errors), - errors + "this. ({0!r})".format(errors_with_text), + errors_with_text ) diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index 76a9218b..73f61257 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -6,7 +6,10 @@ from __future__ import absolute_import, division, print_function import pytest -from cryptography.hazmat.bindings.openssl.binding import Binding +from cryptography.exceptions import InternalError +from cryptography.hazmat.bindings.openssl.binding import ( + Binding, _OpenSSLErrorText, _openssl_assert +) class TestOpenSSL(object): @@ -149,3 +152,20 @@ class TestOpenSSL(object): else: with pytest.raises(AttributeError): b.lib.CMAC_Init + + def test_openssl_assert_error_on_stack(self): + b = Binding() + b.lib.ERR_put_error(4, 160, 110, b"", -1) + with pytest.raises(InternalError) as exc_info: + _openssl_assert(b.lib, False) + + exc_info.value.err_code == _OpenSSLErrorText( + code=67764334, + lib=4, + func=160, + reason=110, + reason_text=( + b'error:040A006E:rsa routines:RSA_padding_add_PKCS1_OAEP_mgf1' + b':data too large for key size' + ) + ) -- cgit v1.2.3 From 73672c7c12d9dc17621ef7b54a0d94db59d0b453 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 7 Mar 2016 23:06:19 -0400 Subject: review feedback + make the test actually test a thing --- src/cryptography/hazmat/bindings/openssl/binding.py | 6 +++--- tests/hazmat/bindings/test_openssl.py | 21 +++++++++++++++------ 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py index 47e64191..5d7466f9 100644 --- a/src/cryptography/hazmat/bindings/openssl/binding.py +++ b/src/cryptography/hazmat/bindings/openssl/binding.py @@ -17,8 +17,8 @@ from cryptography.hazmat.bindings.openssl._conditional import CONDITIONAL_NAMES _OpenSSLError = collections.namedtuple("_OpenSSLError", ["code", "lib", "func", "reason"]) -_OpenSSLErrorText = collections.namedtuple( - "_OpenSSLErrorText", ["code", "lib", "func", "reason", "reason_text"] +_OpenSSLErrorWithText = collections.namedtuple( + "_OpenSSLErrorWithText", ["code", "lib", "func", "reason", "reason_text"] ) @@ -47,7 +47,7 @@ def _openssl_assert(lib, ok): lib.ERR_error_string(err.code, ffi.NULL) ) errors_with_text.append( - _OpenSSLErrorText( + _OpenSSLErrorWithText( err.code, err.lib, err.func, err.reason, err_text_reason ) ) diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index 73f61257..517f2420 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -8,7 +8,7 @@ import pytest from cryptography.exceptions import InternalError from cryptography.hazmat.bindings.openssl.binding import ( - Binding, _OpenSSLErrorText, _openssl_assert + Binding, _OpenSSLErrorWithText, _openssl_assert ) @@ -155,17 +155,26 @@ class TestOpenSSL(object): def test_openssl_assert_error_on_stack(self): b = Binding() - b.lib.ERR_put_error(4, 160, 110, b"", -1) + b.lib.ERR_put_error( + b.lib.ERR_LIB_RSA, + # the following value corresponds to + # RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 but we don't really bind + # func codes in our bindings. + 160, + b.lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE, + b"", + -1 + ) with pytest.raises(InternalError) as exc_info: _openssl_assert(b.lib, False) - exc_info.value.err_code == _OpenSSLErrorText( + assert exc_info.value.err_code == [_OpenSSLErrorWithText( code=67764334, - lib=4, + lib=b.lib.ERR_LIB_RSA, func=160, - reason=110, + reason=b.lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE, reason_text=( b'error:040A006E:rsa routines:RSA_padding_add_PKCS1_OAEP_mgf1' b':data too large for key size' ) - ) + )] -- cgit v1.2.3 From 1783335b8fb5dc7be3a1214ff4825eaec318b12a Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 8 Mar 2016 10:16:22 -0400 Subject: use an error that's likely to be in all openssls we support --- tests/hazmat/bindings/test_openssl.py | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index 517f2420..457799d3 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -156,12 +156,9 @@ class TestOpenSSL(object): def test_openssl_assert_error_on_stack(self): b = Binding() b.lib.ERR_put_error( - b.lib.ERR_LIB_RSA, - # the following value corresponds to - # RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 but we don't really bind - # func codes in our bindings. - 160, - b.lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE, + b.lib.ERR_LIB_EVP, + b.lib.EVP_F_EVP_ENCRYPTFINAL_EX, + b.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH, b"", -1 ) @@ -169,12 +166,12 @@ class TestOpenSSL(object): _openssl_assert(b.lib, False) assert exc_info.value.err_code == [_OpenSSLErrorWithText( - code=67764334, - lib=b.lib.ERR_LIB_RSA, - func=160, - reason=b.lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE, + code=101183626, + lib=b.lib.ERR_LIB_EVP, + func=b.lib.EVP_F_EVP_ENCRYPTFINAL_EX, + reason=b.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH, reason_text=( - b'error:040A006E:rsa routines:RSA_padding_add_PKCS1_OAEP_mgf1' - b':data too large for key size' + b'error:0607F08A:digital envelope routines:EVP_EncryptFinal_' + b'ex:data not multiple of block length' ) )] -- cgit v1.2.3