diff options
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 34 | ||||
| -rw-r--r-- | src/cryptography/hazmat/bindings/openssl/binding.py | 51 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_openssl.py | 3 |
3 files changed, 50 insertions, 38 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index a476b1e9..a8f639d5 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -42,7 +42,7 @@ from cryptography.hazmat.backends.openssl.x509 import ( _Certificate, _CertificateSigningRequest, _DISTPOINT_TYPE_FULLNAME, _DISTPOINT_TYPE_RELATIVENAME ) -from cryptography.hazmat.bindings.openssl.binding import Binding +from cryptography.hazmat.bindings.openssl import binding from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa from cryptography.hazmat.primitives.asymmetric.padding import ( @@ -58,14 +58,6 @@ from cryptography.x509.oid import ExtensionOID _MemoryBIO = collections.namedtuple("_MemoryBIO", ["bio", "char_ptr"]) -_OpenSSLError = collections.namedtuple("_OpenSSLError", - ["code", "lib", "func", "reason"]) - - -class UnhandledOpenSSLError(Exception): - def __init__(self, msg, errors): - super(UnhandledOpenSSLError, self).__init__(msg) - self.errors = errors def _encode_asn1_int(backend, x): @@ -524,7 +516,7 @@ class Backend(object): name = "openssl" def __init__(self): - self._binding = Binding() + self._binding = binding.Binding() self._ffi = self._binding.ffi self._lib = self._binding.lib @@ -541,14 +533,7 @@ class Backend(object): self.activate_osrandom_engine() def openssl_assert(self, ok): - if not ok: - errors = self._consume_errors() - raise UnhandledOpenSSLError( - "Unknown OpenSSL error. Please file an issue at https://github" - ".com/pyca/cryptography/issues with information on how to " - "reproduce this.", - errors - ) + return binding._openssl_assert(self._lib, ok) def activate_builtin_random(self): # Obtain a new structural reference. @@ -759,18 +744,7 @@ class Backend(object): return self._ffi.string(err_buf, 256)[:] def _consume_errors(self): - errors = [] - while True: - code = self._lib.ERR_get_error() - if code == 0: - break - - lib = self._lib.ERR_GET_LIB(code) - func = self._lib.ERR_GET_FUNC(code) - reason = self._lib.ERR_GET_REASON(code) - - errors.append(_OpenSSLError(code, lib, func, reason)) - return errors + return binding._consume_errors(self._lib) def _unknown_error(self, error): return InternalError( diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py index 50d7f6d5..a5635f7d 100644 --- a/src/cryptography/hazmat/bindings/openssl/binding.py +++ b/src/cryptography/hazmat/bindings/openssl/binding.py @@ -4,6 +4,7 @@ from __future__ import absolute_import, division, print_function +import collections import os import threading import types @@ -12,6 +13,42 @@ from cryptography.hazmat.bindings._openssl import ffi, lib from cryptography.hazmat.bindings.openssl._conditional import CONDITIONAL_NAMES +_OpenSSLError = collections.namedtuple("_OpenSSLError", + ["code", "lib", "func", "reason"]) + + +class UnhandledOpenSSLError(Exception): + def __init__(self, msg, errors): + super(UnhandledOpenSSLError, self).__init__(msg) + self.errors = errors + + +def _consume_errors(lib): + errors = [] + while True: + code = lib.ERR_get_error() + if code == 0: + break + + err_lib = lib.ERR_GET_LIB(code) + err_func = lib.ERR_GET_FUNC(code) + err_reason = lib.ERR_GET_REASON(code) + + errors.append(_OpenSSLError(code, err_lib, err_func, err_reason)) + return errors + + +def _openssl_assert(lib, ok): + if not ok: + errors = _consume_errors(lib) + raise UnhandledOpenSSLError( + "Unknown OpenSSL error. Please file an issue at https://github.com" + "/pyca/cryptography/issues with information on how to reproduce " + "this.", + errors + ) + + @ffi.callback("int (*)(unsigned char *, int)", error=-1) def _osrandom_rand_bytes(buf, size): signed = ffi.cast("char *", buf) @@ -64,7 +101,7 @@ class Binding(object): @classmethod def _register_osrandom_engine(cls): - assert cls.lib.ERR_peek_error() == 0 + _openssl_assert(cls.lib, cls.lib.ERR_peek_error() == 0) looked_up_engine = cls.lib.ENGINE_by_id(cls._osrandom_engine_id) if looked_up_engine != ffi.NULL: raise RuntimeError("osrandom engine already registered") @@ -72,19 +109,19 @@ class Binding(object): cls.lib.ERR_clear_error() engine = cls.lib.ENGINE_new() - assert engine != cls.ffi.NULL + _openssl_assert(cls.lib, engine != cls.ffi.NULL) try: result = cls.lib.ENGINE_set_id(engine, cls._osrandom_engine_id) - assert result == 1 + _openssl_assert(cls.lib, result == 1) result = cls.lib.ENGINE_set_name(engine, cls._osrandom_engine_name) - assert result == 1 + _openssl_assert(cls.lib, result == 1) result = cls.lib.ENGINE_set_RAND(engine, cls._osrandom_method) - assert result == 1 + _openssl_assert(cls.lib, result == 1) result = cls.lib.ENGINE_add(engine) - assert result == 1 + _openssl_assert(cls.lib, result == 1) finally: result = cls.lib.ENGINE_free(engine) - assert result == 1 + _openssl_assert(cls.lib, result == 1) @classmethod def _ensure_ffi_initialized(cls): diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 5264ba55..abd707ca 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -17,9 +17,10 @@ from cryptography import utils from cryptography.exceptions import InternalError, _Reasons from cryptography.hazmat.backends.interfaces import RSABackend from cryptography.hazmat.backends.openssl.backend import ( - Backend, UnhandledOpenSSLError, backend + Backend, backend ) from cryptography.hazmat.backends.openssl.ec import _sn_to_elliptic_curve +from cryptography.hazmat.bindings.openssl.binding import UnhandledOpenSSLError from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import dsa, ec, padding from cryptography.hazmat.primitives.ciphers import ( |