diff options
| author | Donald Stufft <donald@stufft.io> | 2013-11-22 17:24:23 -0800 |
|---|---|---|
| committer | Donald Stufft <donald@stufft.io> | 2013-11-22 17:24:23 -0800 |
| commit | 8cf523ead464e758d1aa22a7a8abbc2eae2c9404 (patch) | |
| tree | 10e3c439ad53412d1bb2b42c69f7050f25d2cfd7 /cryptography | |
| parent | 838ad7d2f5bb97242a9f75ac9055be5be75a7711 (diff) | |
| parent | b7e8990aabb46ac6c0511530d7a67f69e08f1788 (diff) | |
| download | cryptography-8cf523ead464e758d1aa22a7a8abbc2eae2c9404.tar.gz cryptography-8cf523ead464e758d1aa22a7a8abbc2eae2c9404.tar.bz2 cryptography-8cf523ead464e758d1aa22a7a8abbc2eae2c9404.zip | |
Merge pull request #274 from alex/handle-bad-padding
Raise a correct error when content isn't padded correctly
Diffstat (limited to 'cryptography')
| -rw-r--r-- | cryptography/hazmat/bindings/openssl/backend.py | 31 | ||||
| -rw-r--r-- | cryptography/hazmat/bindings/openssl/err.py | 7 |
2 files changed, 37 insertions, 1 deletions
diff --git a/cryptography/hazmat/bindings/openssl/backend.py b/cryptography/hazmat/bindings/openssl/backend.py index db4d18e7..9f8ea939 100644 --- a/cryptography/hazmat/bindings/openssl/backend.py +++ b/cryptography/hazmat/bindings/openssl/backend.py @@ -193,6 +193,33 @@ class Backend(object): def create_symmetric_decryption_ctx(self, cipher, mode): return _CipherContext(self, cipher, mode, _CipherContext._DECRYPT) + def _handle_error(self): + code = self.lib.ERR_get_error() + assert code != 0 + lib = self.lib.ERR_GET_LIB(code) + func = self.lib.ERR_GET_FUNC(code) + reason = self.lib.ERR_GET_REASON(code) + return self._handle_error_code(lib, func, reason) + + def _handle_error_code(self, lib, func, reason): + if lib == self.lib.ERR_LIB_EVP: + if func == self.lib.EVP_F_EVP_ENCRYPTFINAL_EX: + if reason == self.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH: + raise ValueError( + "The length of the provided data is not a multiple of " + "the block length" + ) + elif func == self.lib.EVP_F_EVP_DECRYPTFINAL_EX: + if reason == self.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH: + raise ValueError( + "The length of the provided data is not a multiple of " + "the block length" + ) + + raise SystemError( + "Unknown error code from OpenSSL, you should probably file a bug." + ) + class GetCipherByName(object): def __init__(self, fmt): @@ -268,7 +295,9 @@ class _CipherContext(object): buf = self._backend.ffi.new("unsigned char[]", self._cipher.block_size) outlen = self._backend.ffi.new("int *") res = self._backend.lib.EVP_CipherFinal_ex(self._ctx, buf, outlen) - assert res != 0 + if res == 0: + self._backend._handle_error() + res = self._backend.lib.EVP_CIPHER_CTX_cleanup(self._ctx) assert res == 1 return self._backend.ffi.buffer(buf)[:outlen[0]] diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/bindings/openssl/err.py index 6a36dee0..3dac6948 100644 --- a/cryptography/hazmat/bindings/openssl/err.py +++ b/cryptography/hazmat/bindings/openssl/err.py @@ -21,6 +21,13 @@ struct ERR_string_data_st { const char *string; }; typedef struct ERR_string_data_st ERR_STRING_DATA; + +static const int ERR_LIB_EVP; + +static const int EVP_F_EVP_ENCRYPTFINAL_EX; +static const int EVP_F_EVP_DECRYPTFINAL_EX; + +static const int EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH; """ FUNCTIONS = """ |