diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2013-11-24 12:17:51 -0600 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2013-11-29 17:19:46 -0600 |
| commit | 86699be866b1ef3390da31f74a63980e4d2b7d99 (patch) | |
| tree | cb2fcf0b03c88f176c29ad4361b2c58289a31eb4 | |
| parent | a8b35f4a882ddd02fefed69163e9f226eab99ce9 (diff) | |
| download | cryptography-86699be866b1ef3390da31f74a63980e4d2b7d99.tar.gz cryptography-86699be866b1ef3390da31f74a63980e4d2b7d99.tar.bz2 cryptography-86699be866b1ef3390da31f74a63980e4d2b7d99.zip | |
narrow the potential cases where invalidtag can be raised
| -rw-r--r-- | cryptography/hazmat/bindings/openssl/backend.py | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/cryptography/hazmat/bindings/openssl/backend.py b/cryptography/hazmat/bindings/openssl/backend.py index 4d9a8ce5..e9ecc800 100644 --- a/cryptography/hazmat/bindings/openssl/backend.py +++ b/cryptography/hazmat/bindings/openssl/backend.py @@ -198,10 +198,11 @@ class Backend(object): def create_symmetric_decryption_ctx(self, cipher, mode): return _CipherContext(self, cipher, mode, _CipherContext._DECRYPT) - def _handle_error(self): + def _handle_error(self, mode): code = self.lib.ERR_get_error() - if not code: + if not code and isinstance(mode, GCM): raise InvalidTag + assert code != 0 lib = self.lib.ERR_GET_LIB(code) func = self.lib.ERR_GET_FUNC(code) reason = self.lib.ERR_GET_REASON(code) @@ -320,7 +321,7 @@ class _CipherContext(object): outlen = self._backend.ffi.new("int *") res = self._backend.lib.EVP_CipherFinal_ex(self._ctx, buf, outlen) if res == 0: - self._backend._handle_error() + self._backend._handle_error(self._mode) if (isinstance(self._mode, GCM) and self._operation == self._ENCRYPT): |