Removed some code that existed for OpenSSL 0.9.8 (#2983)

Refs #2982

3 files changed, 6 insertions, 22 deletions

diff --git a/.travis/install.sh b/.travis/install.sh
index b05ff7be..cdfbace6 100755
--- a/.travis/install.sh
+++ b/.travis/install.sh
@@ -57,14 +57,8 @@ else
         pyenv install "pypy-$PYPY_VERSION"
         pyenv global "pypy-$PYPY_VERSION"
     fi
-    if [[ "${OPENSSL}" == "0.9.8" ]]; then
-        # We use 0.9.8l rather than zh because we have some branches for
-        # handling < 0.9.8m that won't be exercised with a newer OpenSSL.
-        # (RHEL5 is 0.9.8e with patches, but while that's in jenkins we don't
-        # get coverage data from it).
-        OPENSSL_VERSION_NUMBER="0.9.8l"
-        OPENSSL_DIR="ossl-098l"
-    elif [[ "${OPENSSL}" == "1.0.0" ]]; then
+
+    if [[ "${OPENSSL}" == "1.0.0" ]]; then
         OPENSSL_VERSION_NUMBER="1.0.0t"
         OPENSSL_DIR="ossl-100t"
     fi
diff --git a/.travis/run.sh b/.travis/run.sh
index 9619c24a..5c8b53f9 100755
--- a/.travis/run.sh
+++ b/.travis/run.sh
@@ -26,9 +26,7 @@ else
         PATH="$PYENV_ROOT/bin:$PATH"
         eval "$(pyenv init -)"
     fi
-    if [[ "${OPENSSL}" == "0.9.8" ]]; then
-        OPENSSL_DIR="ossl-098l"
-    elif [[ "${OPENSSL}" == "1.0.0" ]]; then
+    if [[ "${OPENSSL}" == "1.0.0" ]]; then
         OPENSSL_DIR="ossl-100t"
     fi
 
diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py
index a80708aa..9e074dba 100644
--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
@@ -101,15 +101,6 @@ class _CipherContext(object):
         self._ctx = ctx
 
     def update(self, data):
-        # OpenSSL 0.9.8e has an assertion in its EVP code that causes it
-        # to SIGABRT if you call update with an empty byte string. This can be
-        # removed when we drop support for 0.9.8e (CentOS/RHEL 5). This branch
-        # should be taken only when length is zero and mode is not GCM because
-        # AES GCM can return improper tag values if you don't call update
-        # with empty plaintext when authenticating AAD for ...reasons.
-        if len(data) == 0 and not isinstance(self._mode, modes.GCM):
-            return b""
-
         buf = self._backend._ffi.new("unsigned char[]",
                                      len(data) + self._block_size - 1)
         outlen = self._backend._ffi.new("int *")
@@ -182,8 +173,9 @@ class _CipherContext(object):
 @utils.register_interface(ciphers.CipherContext)
 class _AESCTRCipherContext(object):
     """
-    This is needed to provide support for AES CTR mode in OpenSSL 0.9.8. It can
-    be removed when we drop 0.9.8 support (RHEL5 extended life ends 2020).
+    This is needed to provide support for AES CTR mode in OpenSSL 1.0.0. It can
+    be removed when we drop 1.0.0 support (RHEL 6.4 is the only thing that
+    ships it).
     """
     def __init__(self, backend, cipher, mode):
         self._backend = backend