diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2014-10-15 16:49:30 -0700 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2014-10-15 16:49:30 -0700 |
| commit | f741920e7e6028e4ba98b9ec892d7db5d57e4d25 (patch) | |
| tree | 22af48dd43894a0518beed850c2611b990cf3026 | |
| parent | b2ab5ef112f8de507d2db72fdf4a5fa698a954e0 (diff) | |
| parent | e538acbcc76e337af6b129288396b7cc137fd42b (diff) | |
| download | cryptography-f741920e7e6028e4ba98b9ec892d7db5d57e4d25.tar.gz | |
Merge pull request #1406 from reaperhulk/backport-101j-fixes
backport 1.0.1j fixes to 0.6.x
| -rwxr-xr-x | .travis/install.sh | 12 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py | 15 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/rsa.py | 12 | ||||
| -rw-r--r-- | cryptography/hazmat/bindings/openssl/err.py | 18 |
4 files changed, 43 insertions, 14 deletions
diff --git a/.travis/install.sh b/.travis/install.sh index 0c64ba93a..01affab4c 100755 --- a/.travis/install.sh +++ b/.travis/install.sh @@ -10,16 +10,16 @@ else fi if [[ "${OPENSSL}" == "0.9.8" ]]; then - if [[ "$DARWIN" = true ]]; then - # travis has openssl installed via brew already, but let's be sure - if [[ "$(brew list | grep openssl)" != "openssl" ]]; then - brew install openssl - fi - else + if [[ "$DARWIN" = false ]]; then sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu/ lucid main" sudo apt-get -y update sudo apt-get install -y --force-yes libssl-dev/lucid fi +else + if [[ "$DARWIN" = true ]]; then + brew update + brew upgrade openssl + fi fi if [[ "${TOX_ENV}" == "docs" ]]; then diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 9a36674a1..c73e88073 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -880,10 +880,17 @@ class Backend(object): if not errors: raise ValueError("Could not unserialize key data.") - elif errors[0][1:] == ( - self._lib.ERR_LIB_EVP, - self._lib.EVP_F_EVP_DECRYPTFINAL_EX, - self._lib.EVP_R_BAD_DECRYPT + elif errors[0][1:] in ( + ( + self._lib.ERR_LIB_EVP, + self._lib.EVP_F_EVP_DECRYPTFINAL_EX, + self._lib.EVP_R_BAD_DECRYPT + ), + ( + self._lib.ERR_LIB_PKCS12, + self._lib.PKCS12_F_PKCS12_PBE_CRYPT, + self._lib.PKCS12_R_PKCS12_CIPHERFINAL_ERROR, + ) ): raise ValueError("Bad decrypt. Incorrect password?") diff --git a/cryptography/hazmat/backends/openssl/rsa.py b/cryptography/hazmat/backends/openssl/rsa.py index d24bea578..7312fcb23 100644 --- a/cryptography/hazmat/backends/openssl/rsa.py +++ b/cryptography/hazmat/backends/openssl/rsa.py @@ -142,10 +142,14 @@ def _handle_rsa_enc_dec_error(backend, key): "larger key size." ) else: - assert ( - errors[0].reason == backend._lib.RSA_R_BLOCK_TYPE_IS_NOT_01 or - errors[0].reason == backend._lib.RSA_R_BLOCK_TYPE_IS_NOT_02 - ) + decoding_errors = [ + backend._lib.RSA_R_BLOCK_TYPE_IS_NOT_01, + backend._lib.RSA_R_BLOCK_TYPE_IS_NOT_02, + ] + if backend._lib.Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR: + decoding_errors.append(backend._lib.RSA_R_PKCS_DECODING_ERROR) + + assert errors[0].reason in decoding_errors raise ValueError("Decryption failed.") diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/bindings/openssl/err.py index 232060a22..4e44a2eb8 100644 --- a/cryptography/hazmat/bindings/openssl/err.py +++ b/cryptography/hazmat/bindings/openssl/err.py @@ -22,6 +22,7 @@ static const int Cryptography_HAS_REMOVE_THREAD_STATE; static const int Cryptography_HAS_098H_ERROR_CODES; static const int Cryptography_HAS_098C_CAMELLIA_CODES; static const int Cryptography_HAS_EC_CODES; +static const int Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR; struct ERR_string_data_st { unsigned long error; @@ -34,6 +35,7 @@ static const int ERR_LIB_EC; static const int ERR_LIB_PEM; static const int ERR_LIB_ASN1; static const int ERR_LIB_RSA; +static const int ERR_LIB_PKCS12; static const int ASN1_F_ASN1_ENUMERATED_TO_BN; static const int ASN1_F_ASN1_EX_C2I; @@ -76,6 +78,7 @@ static const int ASN1_F_OID_MODULE_INIT; static const int ASN1_F_PARSE_TAGGING; static const int ASN1_F_PKCS5_PBE_SET; static const int ASN1_F_X509_CINF_NEW; + static const int ASN1_R_BOOLEAN_IS_WRONG_LENGTH; static const int ASN1_R_BUFFER_TOO_SMALL; static const int ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER; @@ -222,10 +225,15 @@ static const int PEM_R_SHORT_HEADER; static const int PEM_R_UNSUPPORTED_CIPHER; static const int PEM_R_UNSUPPORTED_ENCRYPTION; +static const int PKCS12_F_PKCS12_PBE_CRYPT; + +static const int PKCS12_R_PKCS12_CIPHERFINAL_ERROR; + static const int RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; static const int RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY; static const int RSA_R_BLOCK_TYPE_IS_NOT_01; static const int RSA_R_BLOCK_TYPE_IS_NOT_02; +static const int RSA_R_PKCS_DECODING_ERROR; """ FUNCTIONS = """ @@ -321,6 +329,13 @@ static const long Cryptography_HAS_EC_CODES = 0; static const int EC_R_UNKNOWN_GROUP = 0; static const int EC_F_EC_GROUP_NEW_BY_CURVE_NAME = 0; #endif + +#ifdef RSA_R_PKCS_DECODING_ERROR +static const long Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR = 1; +#else +static const long Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR = 0; +static const long RSA_R_PKCS_DECODING_ERROR = 0; +#endif """ CONDITIONAL_NAMES = { @@ -343,5 +358,8 @@ CONDITIONAL_NAMES = { "Cryptography_HAS_EC_CODES": [ "EC_R_UNKNOWN_GROUP", "EC_F_EC_GROUP_NEW_BY_CURVE_NAME" + ], + "Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR": [ + "RSA_R_PKCS_DECODING_ERROR" ] } |