From 4e4a9ba524efe4963961c62c6da915a834ca185c Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sat, 25 Jul 2015 18:49:35 +0100
Subject: handle RSA key too small and consume errors on CSR signature failure

---
 src/_cffi_src/openssl/err.py                        |  1 +
 src/cryptography/hazmat/backends/openssl/backend.py | 11 ++++++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py
index eebf19ba..73ce4e3c 100644
--- a/src/_cffi_src/openssl/err.py
+++ b/src/_cffi_src/openssl/err.py
@@ -230,6 +230,7 @@ static const int RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY;
 static const int RSA_R_BLOCK_TYPE_IS_NOT_01;
 static const int RSA_R_BLOCK_TYPE_IS_NOT_02;
 static const int RSA_R_PKCS_DECODING_ERROR;
+static const int RSA_F_RSA_SIGN;
 """
 
 FUNCTIONS = """
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 2d2ecc81..dd89623e 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -1055,7 +1055,16 @@ class Backend(object):
         res = self._lib.X509_REQ_sign(
             x509_req, private_key._evp_pkey, evp_md
         )
-        assert res > 0
+        if res == 0:
+            errors = self._consume_errors()
+            assert errors[0][1:] in (
+                (
+                    self._lib.ERR_LIB_RSA,
+                    self._lib.RSA_F_RSA_SIGN,
+                    self._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY
+                ),
+            )
+            raise ValueError("Digest too big for RSA key")
 
         return _CertificateSigningRequest(self, x509_req)
 
-- 
cgit v1.2.3