python-cryptography/0003-fixes-6927-handle-negative-return-values-from-openss.patch
Christian Heimes 28cd304e9d Rebase to 36.0.1 + upstream fixes
OpenSSL 3.0 FIPS mode is now detected correctly

Upstream fixes on top of 36.0.1:

- Fix error check from EVP_PKEY_CTX_set_signature_md
- Block 3DES in FIPS mode
- Disable DSA tests in FIPS mode
- Enable SHA1 signatures in test suite
- Fix serialization of keyusage ext with no bits

Related: rhbz#2060787
2022-03-04 13:51:16 +01:00

27 lines
1.1 KiB
Diff

From 20bafea414bcc08bfcb5b669ecbf9a3438ff7b78 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Thu, 3 Mar 2022 15:44:02 -0500
Subject: [PATCH 3/5] fixes #6927 -- handle negative return values from openssl
(#6928)
---
src/cryptography/hazmat/backends/openssl/rsa.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py
index 9bef49d24..dd5d4990b 100644
--- a/src/cryptography/hazmat/backends/openssl/rsa.py
+++ b/src/cryptography/hazmat/backends/openssl/rsa.py
@@ -208,7 +208,7 @@ def _rsa_sig_setup(backend, padding, algorithm, key, init_func):
if algorithm is not None:
evp_md = backend._evp_md_non_null_from_algorithm(algorithm)
res = backend._lib.EVP_PKEY_CTX_set_signature_md(pkey_ctx, evp_md)
- if res == 0:
+ if res <= 0:
backend._consume_errors()
raise UnsupportedAlgorithm(
"{} is not supported by this backend for RSA signing.".format(
--
2.35.1