From 92f570eabe713653e5fe2dc9ba666493df047ccb Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Wed, 3 May 2017 16:41:30 -0500
Subject: use openssl constants (#3534)

---
 src/_cffi_src/openssl/cryptography.py               |  2 ++
 src/cryptography/hazmat/backends/openssl/ciphers.py | 18 +++++++++++++-----
 src/cryptography/hazmat/primitives/ciphers/base.py  |  7 +++++--
 3 files changed, 20 insertions(+), 7 deletions(-)

(limited to 'src')

diff --git a/src/_cffi_src/openssl/cryptography.py b/src/_cffi_src/openssl/cryptography.py
index 8372055b..aa01c833 100644
--- a/src/_cffi_src/openssl/cryptography.py
+++ b/src/_cffi_src/openssl/cryptography.py
@@ -51,6 +51,8 @@ static const int CRYPTOGRAPHY_OPENSSL_110_OR_GREATER;
 
 static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I;
 
+static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_102;
+
 static const int CRYPTOGRAPHY_IS_LIBRESSL;
 """
 
diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py
index b6058150..739ae19a 100644
--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
@@ -78,8 +78,11 @@ class _CipherContext(object):
                 len(iv_nonce), self._backend._ffi.NULL
             )
             self._backend.openssl_assert(res != 0)
-            if operation == self._DECRYPT and \
-                    self._backend.openssl_version_number() < 0x10002000:
+            if (
+                self._operation == self._DECRYPT and
+                self._backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 and
+                not self._backend._lib.CRYPTOGRAPHY_IS_LIBRESSL
+            ):
                 if mode.tag is None:
                     raise NotImplementedError(
                         "delayed passing of GCM tag requires OpenSSL >= 1.0.2."
@@ -140,9 +143,14 @@ class _CipherContext(object):
         if isinstance(self._mode, modes.GCM):
             self.update(b"")
 
-        if self._operation == self._DECRYPT and \
-                isinstance(self._mode, modes.ModeWithAuthenticationTag) and \
-                self._backend.openssl_version_number() >= 0x10002000:
+        if (
+            self._operation == self._DECRYPT and
+            isinstance(self._mode, modes.ModeWithAuthenticationTag) and
+            (
+                not self._backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 or
+                self._backend._lib.CRYPTOGRAPHY_IS_LIBRESSL
+            )
+        ):
             tag = self._mode.tag
             if tag is None:
                 raise ValueError(
diff --git a/src/cryptography/hazmat/primitives/ciphers/base.py b/src/cryptography/hazmat/primitives/ciphers/base.py
index 9e0d0051..dd024fb9 100644
--- a/src/cryptography/hazmat/primitives/ciphers/base.py
+++ b/src/cryptography/hazmat/primitives/ciphers/base.py
@@ -221,8 +221,11 @@ class _AEADCipherContext(object):
         return data
 
     def finalize_with_tag(self, tag):
-        if self._ctx._backend.name == "openssl" and \
-                self._ctx._backend.openssl_version_number() < 0x10002000:
+        if (
+            self._ctx._backend.name == "openssl" and
+            self._ctx._backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 and
+            not self._ctx._backend._lib.CRYPTOGRAPHY_IS_LIBRESSL
+        ):
             raise NotImplementedError(
                 "finalize_with_tag requires OpenSSL >= 1.0.2. To use this "
                 "method please update OpenSSL"
-- 
cgit v1.2.3