diff options
| -rw-r--r-- | cryptography/hazmat/backends/openssl/rsa.py | 12 | ||||
| -rw-r--r-- | cryptography/hazmat/bindings/openssl/err.py | 12 |
2 files changed, 20 insertions, 4 deletions
diff --git a/cryptography/hazmat/backends/openssl/rsa.py b/cryptography/hazmat/backends/openssl/rsa.py index d24bea57..7312fcb2 100644 --- a/cryptography/hazmat/backends/openssl/rsa.py +++ b/cryptography/hazmat/backends/openssl/rsa.py @@ -142,10 +142,14 @@ def _handle_rsa_enc_dec_error(backend, key): "larger key size." ) else: - assert ( - errors[0].reason == backend._lib.RSA_R_BLOCK_TYPE_IS_NOT_01 or - errors[0].reason == backend._lib.RSA_R_BLOCK_TYPE_IS_NOT_02 - ) + decoding_errors = [ + backend._lib.RSA_R_BLOCK_TYPE_IS_NOT_01, + backend._lib.RSA_R_BLOCK_TYPE_IS_NOT_02, + ] + if backend._lib.Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR: + decoding_errors.append(backend._lib.RSA_R_PKCS_DECODING_ERROR) + + assert errors[0].reason in decoding_errors raise ValueError("Decryption failed.") diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/bindings/openssl/err.py index 431cc057..627b8a68 100644 --- a/cryptography/hazmat/bindings/openssl/err.py +++ b/cryptography/hazmat/bindings/openssl/err.py @@ -22,6 +22,7 @@ static const int Cryptography_HAS_REMOVE_THREAD_STATE; static const int Cryptography_HAS_098H_ERROR_CODES; static const int Cryptography_HAS_098C_CAMELLIA_CODES; static const int Cryptography_HAS_EC_CODES; +static const int Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR; struct ERR_string_data_st { unsigned long error; @@ -232,6 +233,7 @@ static const int RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; static const int RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY; static const int RSA_R_BLOCK_TYPE_IS_NOT_01; static const int RSA_R_BLOCK_TYPE_IS_NOT_02; +static const int RSA_R_PKCS_DECODING_ERROR; """ FUNCTIONS = """ @@ -327,6 +329,13 @@ static const long Cryptography_HAS_EC_CODES = 0; static const int EC_R_UNKNOWN_GROUP = 0; static const int EC_F_EC_GROUP_NEW_BY_CURVE_NAME = 0; #endif + +#ifdef RSA_R_PKCS_DECODING_ERROR +static const long Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR = 1; +#else +static const long Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR = 0; +static const int RSA_R_PKCS_DECODING_ERROR = 0; +#endif """ CONDITIONAL_NAMES = { @@ -349,5 +358,8 @@ CONDITIONAL_NAMES = { "Cryptography_HAS_EC_CODES": [ "EC_R_UNKNOWN_GROUP", "EC_F_EC_GROUP_NEW_BY_CURVE_NAME" + ], + "Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR": [ + "RSA_R_PKCS_DECODING_ERROR" ] } |