diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-05-03 16:41:30 -0500 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2017-05-03 17:41:30 -0400 |
| commit | 92f570eabe713653e5fe2dc9ba666493df047ccb (patch) | |
| tree | ccc909d2897e0943a676f4e77bb5a9ec8ef4fcd8 /src | |
| parent | 5fb10210276a10f104318504aa81d2ba9c42cba8 (diff) | |
| download | cryptography-92f570eabe713653e5fe2dc9ba666493df047ccb.tar.gz cryptography-92f570eabe713653e5fe2dc9ba666493df047ccb.tar.bz2 cryptography-92f570eabe713653e5fe2dc9ba666493df047ccb.zip | |
use openssl constants (#3534)
Diffstat (limited to 'src')
| -rw-r--r-- | src/_cffi_src/openssl/cryptography.py | 2 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/ciphers.py | 18 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/ciphers/base.py | 7 |
3 files changed, 20 insertions, 7 deletions
diff --git a/src/_cffi_src/openssl/cryptography.py b/src/_cffi_src/openssl/cryptography.py index 8372055b..aa01c833 100644 --- a/src/_cffi_src/openssl/cryptography.py +++ b/src/_cffi_src/openssl/cryptography.py @@ -51,6 +51,8 @@ static const int CRYPTOGRAPHY_OPENSSL_110_OR_GREATER; static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I; +static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_102; + static const int CRYPTOGRAPHY_IS_LIBRESSL; """ diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py index b6058150..739ae19a 100644 --- a/src/cryptography/hazmat/backends/openssl/ciphers.py +++ b/src/cryptography/hazmat/backends/openssl/ciphers.py @@ -78,8 +78,11 @@ class _CipherContext(object): len(iv_nonce), self._backend._ffi.NULL ) self._backend.openssl_assert(res != 0) - if operation == self._DECRYPT and \ - self._backend.openssl_version_number() < 0x10002000: + if ( + self._operation == self._DECRYPT and + self._backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 and + not self._backend._lib.CRYPTOGRAPHY_IS_LIBRESSL + ): if mode.tag is None: raise NotImplementedError( "delayed passing of GCM tag requires OpenSSL >= 1.0.2." @@ -140,9 +143,14 @@ class _CipherContext(object): if isinstance(self._mode, modes.GCM): self.update(b"") - if self._operation == self._DECRYPT and \ - isinstance(self._mode, modes.ModeWithAuthenticationTag) and \ - self._backend.openssl_version_number() >= 0x10002000: + if ( + self._operation == self._DECRYPT and + isinstance(self._mode, modes.ModeWithAuthenticationTag) and + ( + not self._backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 or + self._backend._lib.CRYPTOGRAPHY_IS_LIBRESSL + ) + ): tag = self._mode.tag if tag is None: raise ValueError( diff --git a/src/cryptography/hazmat/primitives/ciphers/base.py b/src/cryptography/hazmat/primitives/ciphers/base.py index 9e0d0051..dd024fb9 100644 --- a/src/cryptography/hazmat/primitives/ciphers/base.py +++ b/src/cryptography/hazmat/primitives/ciphers/base.py @@ -221,8 +221,11 @@ class _AEADCipherContext(object): return data def finalize_with_tag(self, tag): - if self._ctx._backend.name == "openssl" and \ - self._ctx._backend.openssl_version_number() < 0x10002000: + if ( + self._ctx._backend.name == "openssl" and + self._ctx._backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 and + not self._ctx._backend._lib.CRYPTOGRAPHY_IS_LIBRESSL + ): raise NotImplementedError( "finalize_with_tag requires OpenSSL >= 1.0.2. To use this " "method please update OpenSSL" |