Invalid DSA key can cause cryptography.exceptions.InternalError / internal OpenSSL error

[hannob]

Code example:

#!/usr/bin/python3

from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import dsa
from cryptography.hazmat.primitives.serialization import load_pem_private_key

pem = b"""-----BEGIN DSA PRIVATE KEY-----
MGECAQACFQHH+MnFXh4NNlZiV/zUVb5a5ib3kwIVAOP8ZOKvDwabKzEr/moq3y1z
E3vJAhUAl/2Ylx9fWbzHdh1URsc/c6IM/TECAQECFCsjU4AZRcuks45g1NMOUeCB
Epvg
-----END DSA PRIVATE KEY-----"""
key = load_pem_private_key(pem, password=None)
sig = key.sign(b"test", hashes.SHA256())

The key here is an invalid DSA key, it is a test case from boringssl: https://github.com/google/boringssl/blob/master/crypto/dsa/dsa_test.cc

Python cryptography successfully imports this key, but attempting to sign with it leads to InternalError exception:

Traceback (most recent call last):
  File "/tmp/dsafail", line 13, in <module>
    sig = key.sign(b"test", hashes.SHA256())
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cryptography.exceptions.InternalError: Unknown OpenSSL error. This error is commonly encountered
                        when another library is not cleaning up the OpenSSL error
                        stack. If you are using cryptography with another library
                        that uses OpenSSL try disabling it before reporting a bug.
                        Otherwise please file an issue at
                        https://github.com/pyca/cryptography/issues with
                        information on how to reproduce this. ([<OpenSSLError(code=83886196, lib=10, reason=116, reason_text=too many retries)>])

[alex]

How fun. Nice find.