From 2c8dead51a5f96eb89b93c2e116a621e447410b5 Mon Sep 17 00:00:00 2001
From: Vladimir Diaz <vladimir.v.diaz@gmail.com>
Date: Mon, 25 Jan 2016 11:17:21 -0500
Subject: [PATCH] Do not store exception messages in a temp variable

---
 tuf/pyca_crypto_keys.py | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/tuf/pyca_crypto_keys.py b/tuf/pyca_crypto_keys.py
index c7647247..c40b95f1 100755
--- a/tuf/pyca_crypto_keys.py
+++ b/tuf/pyca_crypto_keys.py
@@ -536,8 +536,8 @@ def create_rsa_encrypted_pem(private_key, passphrase):
                                                passphrase=passphrase) 
     
     except (ValueError, IndexError, TypeError) as e:
-      message = 'An encrypted RSA key in PEM format cannot be generated: ' + str(e)
-      raise tuf.CryptoError(message)
+      raise tuf.CryptoError('An encrypted RSA key in PEM format cannot be'
+        ' generated: ' + str(e))
   
   else:
     raise TypeError('The required private key is unset.')
@@ -640,12 +640,11 @@ def create_rsa_public_and_private_from_encrypted_pem(encrypted_pem, passphrase):
   # UnsupportedAlgorithm: If the private key (or if the key is encrypted with
   # an unsupported symmetric cipher) is not supported by the backend.
   except (ValueError, TypeError, cryptography.exceptions.UnsupportedAlgorithm) as e:
-    message = 'RSA (public, private) tuple cannot be generated from the' +\
-      ' encrypted PEM string: ' + str(e)
     # Raise 'tuf.CryptoError' and pyca/cryptography's exception message.  Avoid
     # propogating pyca/cryptography's exception trace to avoid revealing
     # sensitive error.
-    raise tuf.CryptoError(message)
+    raise tuf.CryptoError('RSA (public, private) tuple cannot be generated'
+      ' from the encrypted PEM string: ' + str(e))
   
   # Export the public and private halves of the pyca/cryptography RSA key
   # object.  The (public, private) tuple returned contains the public and
@@ -739,8 +738,7 @@ def encrypt_key(key_object, password):
 
   # Ensure the private portion of the key is included in 'key_object'.
   if not key_object['keyval']['private']:
-    message = 'Key object does not contain a private part.'
-    raise tuf.FormatError(message)
+    raise tuf.FormatError('Key object does not contain a private part.')
 
   # Derive a key (i.e., an appropriate encryption key and not the
   # user's password) from the given 'password'.  Strengthen 'password' with