diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-07-25 18:49:35 +0100 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-07-25 18:53:50 +0100 |
| commit | 4e4a9ba524efe4963961c62c6da915a834ca185c (patch) | |
| tree | 300c48657e11c23997a3b0b6cc53b9d7c896a69d /src | |
| parent | 268b0ed4b9518604ca28b40a30488ff989932017 (diff) | |
| download | cryptography-4e4a9ba524efe4963961c62c6da915a834ca185c.tar.gz cryptography-4e4a9ba524efe4963961c62c6da915a834ca185c.tar.bz2 cryptography-4e4a9ba524efe4963961c62c6da915a834ca185c.zip | |
handle RSA key too small and consume errors on CSR signature failure
Diffstat (limited to 'src')
| -rw-r--r-- | src/_cffi_src/openssl/err.py | 1 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 11 |
2 files changed, 11 insertions, 1 deletions
diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py index eebf19ba..73ce4e3c 100644 --- a/src/_cffi_src/openssl/err.py +++ b/src/_cffi_src/openssl/err.py @@ -230,6 +230,7 @@ static const int RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY; static const int RSA_R_BLOCK_TYPE_IS_NOT_01; static const int RSA_R_BLOCK_TYPE_IS_NOT_02; static const int RSA_R_PKCS_DECODING_ERROR; +static const int RSA_F_RSA_SIGN; """ FUNCTIONS = """ diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 2d2ecc81..dd89623e 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -1055,7 +1055,16 @@ class Backend(object): res = self._lib.X509_REQ_sign( x509_req, private_key._evp_pkey, evp_md ) - assert res > 0 + if res == 0: + errors = self._consume_errors() + assert errors[0][1:] in ( + ( + self._lib.ERR_LIB_RSA, + self._lib.RSA_F_RSA_SIGN, + self._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY + ), + ) + raise ValueError("Digest too big for RSA key") return _CertificateSigningRequest(self, x509_req) |