diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-03-06 10:45:29 -0400 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-03-06 10:45:29 -0400 |
| commit | b6916ba91753a7ac8961efb8732354dca429e3d3 (patch) | |
| tree | 6a748d75421bf9ea0dde74749739818ac7786e5f /src | |
| parent | 6960600f111de1710b01cc4f4ffc6c023d742cd7 (diff) | |
| parent | af5036666cb3b596050b53c8eed17ef5b143ab9f (diff) | |
| download | cryptography-b6916ba91753a7ac8961efb8732354dca429e3d3.tar.gz cryptography-b6916ba91753a7ac8961efb8732354dca429e3d3.tar.bz2 cryptography-b6916ba91753a7ac8961efb8732354dca429e3d3.zip | |
Merge pull request #2761 from alex/oaep-decrypt-payload-too-large
Fixed #2760 -- handle more types of bad RSA decrypts
Diffstat (limited to 'src')
| -rw-r--r-- | src/_cffi_src/openssl/err.py | 1 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/rsa.py | 4 |
2 files changed, 5 insertions, 0 deletions
diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py index 9d97be16..4ba90662 100644 --- a/src/_cffi_src/openssl/err.py +++ b/src/_cffi_src/openssl/err.py @@ -226,6 +226,7 @@ static const int PKCS12_F_PKCS12_PBE_CRYPT; static const int PKCS12_R_PKCS12_CIPHERFINAL_ERROR; static const int RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; +static const int RSA_R_DATA_TOO_LARGE_FOR_MODULUS; static const int RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY; static const int RSA_R_BLOCK_TYPE_IS_NOT_01; static const int RSA_R_BLOCK_TYPE_IS_NOT_02; diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py index a48b167d..ba9c5ab6 100644 --- a/src/cryptography/hazmat/backends/openssl/rsa.py +++ b/src/cryptography/hazmat/backends/openssl/rsa.py @@ -139,6 +139,10 @@ def _handle_rsa_enc_dec_error(backend, key): backend._lib.RSA_R_BLOCK_TYPE_IS_NOT_01, backend._lib.RSA_R_BLOCK_TYPE_IS_NOT_02, backend._lib.RSA_R_OAEP_DECODING_ERROR, + # Though this error looks similar to the + # RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE, this occurs on decrypts, + # rather then on encrypts + backend._lib.RSA_R_DATA_TOO_LARGE_FOR_MODULUS, ] if backend._lib.Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR: decoding_errors.append(backend._lib.RSA_R_PKCS_DECODING_ERROR) |