diff options
Diffstat (limited to 'src/cryptography/hazmat/backends')
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/ciphers.py | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py index b6058150..739ae19a 100644 --- a/src/cryptography/hazmat/backends/openssl/ciphers.py +++ b/src/cryptography/hazmat/backends/openssl/ciphers.py @@ -78,8 +78,11 @@ class _CipherContext(object): len(iv_nonce), self._backend._ffi.NULL ) self._backend.openssl_assert(res != 0) - if operation == self._DECRYPT and \ - self._backend.openssl_version_number() < 0x10002000: + if ( + self._operation == self._DECRYPT and + self._backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 and + not self._backend._lib.CRYPTOGRAPHY_IS_LIBRESSL + ): if mode.tag is None: raise NotImplementedError( "delayed passing of GCM tag requires OpenSSL >= 1.0.2." @@ -140,9 +143,14 @@ class _CipherContext(object): if isinstance(self._mode, modes.GCM): self.update(b"") - if self._operation == self._DECRYPT and \ - isinstance(self._mode, modes.ModeWithAuthenticationTag) and \ - self._backend.openssl_version_number() >= 0x10002000: + if ( + self._operation == self._DECRYPT and + isinstance(self._mode, modes.ModeWithAuthenticationTag) and + ( + not self._backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 or + self._backend._lib.CRYPTOGRAPHY_IS_LIBRESSL + ) + ): tag = self._mode.tag if tag is None: raise ValueError( |