From 87d9c706dae2ce46f0191ae5aa3097fe7bbbc204 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sun, 1 Jun 2014 14:47:08 -0500
Subject: add some complexity back to handle 0.9.8 annoyances

---
 cryptography/hazmat/backends/openssl/backend.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index b5000d2e..4112f0e5 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -21,7 +21,8 @@ import six
 
 from cryptography import utils
 from cryptography.exceptions import (
-    InternalError, InvalidSignature, InvalidTag, UnsupportedAlgorithm, _Reasons
+    AlreadyFinalized, InternalError, InvalidSignature, InvalidTag,
+    UnsupportedAlgorithm, _Reasons
 )
 from cryptography.hazmat.backends.interfaces import (
     CMACBackend, CipherBackend, DSABackend, HMACBackend, HashBackend,
@@ -1341,6 +1342,9 @@ class _RSASignatureContext(object):
         return self._backend._ffi.buffer(buf)[:]
 
     def _finalize_pkcs1(self, evp_pkey, pkey_size, evp_md):
+        if self._hash_ctx._ctx is None:
+            raise AlreadyFinalized("Context has already been finalized.")
+
         sig_buf = self._backend._ffi.new("char[]", pkey_size)
         sig_len = self._backend._ffi.new("unsigned int *")
         res = self._backend._lib.EVP_SignFinal(
@@ -1520,6 +1524,9 @@ class _RSAVerificationContext(object):
             raise InvalidSignature
 
     def _verify_pkcs1(self, evp_pkey, evp_md):
+        if self._hash_ctx._ctx is None:
+            raise AlreadyFinalized("Context has already been finalized.")
+
         res = self._backend._lib.EVP_VerifyFinal(
             self._hash_ctx._ctx._ctx,
             self._signature,
-- 
cgit v1.2.3