From a39b20d6fff2c943cca15139605c73ded0d070f0 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 13 Feb 2017 21:28:02 -0600 Subject: Refactor binding initialization to allow specified errors (#3278) If pyca/cryptography sees any errors on the error stack during its own initialization it immediately raises InternalError and refuses to proceed. This was a safety measure since we weren't sure if it was safe to proceed. However, reality has intervened and we have to bow to the god of pragmatism and just clear the error queue. In practice this is safe since we religiously check the error queue in operation. --- src/cryptography/hazmat/bindings/openssl/binding.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py index 6f9359c7..59092c0d 100644 --- a/src/cryptography/hazmat/bindings/openssl/binding.py +++ b/src/cryptography/hazmat/bindings/openssl/binding.py @@ -90,7 +90,12 @@ class Binding(object): @classmethod def _register_osrandom_engine(cls): - _openssl_assert(cls.lib, cls.lib.ERR_peek_error() == 0) + # Clear any errors extant in the queue before we start. In many + # scenarios other things may be interacting with OpenSSL in the same + # process space and it has proven untenable to assume that they will + # reliably clear the error queue. Once we clear it here we will + # error on any subsequent unexpected item in the stack. + cls.lib.ERR_clear_error() cls._osrandom_engine_id = cls.lib.Cryptography_osrandom_engine_id cls._osrandom_engine_name = cls.lib.Cryptography_osrandom_engine_name result = cls.lib.Cryptography_add_osrandom_engine() -- cgit v1.2.3