From 5b3e735253d4cc1c7f51dedc11c9ca5eeb6f451f Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 21 Jan 2019 21:17:19 -0600 Subject: bind EVP_R_MEMORY_LIMIT_EXCEEDED and update a test (#4726) * bind EVP_R_MEMORY_LIMIT_EXCEEDED and update a test This will allow OpenSSL 1.1.1 on 32-bit (including our Windows 32-bit builders) to fail as expected. Technically this isn't a malloc error, but rather failing because the allocation requested is larger than 32-bits, but raising a MemoryError still seems appropriate * what you want an endif too? --- src/_cffi_src/openssl/err.py | 9 +++++++++ src/cryptography/hazmat/backends/openssl/backend.py | 4 ++++ src/cryptography/hazmat/bindings/openssl/_conditional.py | 9 +++++++++ 3 files changed, 22 insertions(+) diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py index b4d053c6..d4033f5a 100644 --- a/src/_cffi_src/openssl/err.py +++ b/src/_cffi_src/openssl/err.py @@ -11,6 +11,7 @@ INCLUDES = """ TYPES = """ static const int Cryptography_HAS_EC_CODES; static const int Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR; +static const int Cryptography_HAS_EVP_R_MEMORY_LIMIT_EXCEEDED; static const int ERR_LIB_DH; static const int ERR_LIB_EVP; @@ -23,6 +24,7 @@ static const int ERR_LIB_SSL; static const int ERR_LIB_X509; static const int ERR_R_MALLOC_FAILURE; +static const int EVP_R_MEMORY_LIMIT_EXCEEDED; static const int ASN1_R_BOOLEAN_IS_WRONG_LENGTH; static const int ASN1_R_BUFFER_TOO_SMALL; @@ -170,4 +172,11 @@ static const long Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR = 1; static const long Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR = 0; static const long RSA_R_PKCS_DECODING_ERROR = 0; #endif + +#ifdef EVP_R_MEMORY_LIMIT_EXCEEDED +static const long Cryptography_HAS_EVP_R_MEMORY_LIMIT_EXCEEDED = 1; +#else +static const long EVP_R_MEMORY_LIMIT_EXCEEDED = 0; +static const long Cryptography_HAS_EVP_R_MEMORY_LIMIT_EXCEEDED = 0; +#endif """ diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 64a91f03..1d1e0446 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -2210,6 +2210,10 @@ class Backend(object): errors[0]._lib_reason_match( self._lib.ERR_LIB_EVP, self._lib.ERR_R_MALLOC_FAILURE + ) or + errors[0]._lib_reason_match( + self._lib.ERR_LIB_EVP, + self._lib.EVP_R_MEMORY_LIMIT_EXCEEDED ) ) diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py index 76417934..c0238dcc 100644 --- a/src/cryptography/hazmat/bindings/openssl/_conditional.py +++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py @@ -335,6 +335,12 @@ def cryptography_has_raw_key(): ] +def cryptography_has_evp_r_memory_limit_exceeded(): + return [ + "EVP_R_MEMORY_LIMIT_EXCEEDED", + ] + + # This is a mapping of # {condition: function-returning-names-dependent-on-that-condition} so we can # loop over them and delete unsupported names at runtime. It will be removed @@ -403,4 +409,7 @@ CONDITIONAL_NAMES = { "Cryptography_HAS_EVP_DIGESTFINAL_XOF": ( cryptography_has_evp_digestfinal_xof ), + "Cryptography_HAS_EVP_R_MEMORY_LIMIT_EXCEEDED": ( + cryptography_has_evp_r_memory_limit_exceeded + ), } -- cgit v1.2.3