From 4f852a4d679e6fdf281d5fb58e7a9d3deab935b8 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Thu, 27 Feb 2014 00:00:21 -0400
Subject: assert some things

---
 cryptography/hazmat/backends/openssl/backend.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index 3eec244e..6bb76c47 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -769,7 +769,11 @@ class _RSAVerificationContext(object):
             data_to_verify,
             len(data_to_verify)
         )
-        if res != 1:
+        # The previous call can return negative numbers in the event of an
+        # error. This is not a signature failure but we need to fail if it
+        # occurs.
+        assert res >= 0
+        if res == 0:
             raise InvalidSignature
 
     def _verify_pkcs1(self, rsa_cdata, evp_pkey, evp_md):
@@ -781,7 +785,11 @@ class _RSAVerificationContext(object):
         )
         self._hash_ctx.finalize()
         self._hash_ctx = None
-        if res != 1:
+        # The previous call can return negative numbers in the event of an
+        # error. This is not a signature failure but we need to fail if it
+        # occurs.
+        assert res >= 0
+        if res == 0:
             raise InvalidSignature
 
 
-- 
cgit v1.2.3