diff options
| -rw-r--r-- | cryptography/hazmat/backends/openssl/ciphers.py | 8 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_aes.py | 8 |
2 files changed, 12 insertions, 4 deletions
diff --git a/cryptography/hazmat/backends/openssl/ciphers.py b/cryptography/hazmat/backends/openssl/ciphers.py index c3a5499a..d37bb014 100644 --- a/cryptography/hazmat/backends/openssl/ciphers.py +++ b/cryptography/hazmat/backends/openssl/ciphers.py @@ -128,6 +128,14 @@ class _CipherContext(object): return self._backend._ffi.buffer(buf)[:outlen[0]] def finalize(self): + # OpenSSL 1.0.1 on Ubuntu 12.04 (and possibly other distributions) + # appears to have a bug where you must make at least one call to update + # even if you are only using authenticate_additional_data or the + # GCM tag will be wrong. An (empty) call to update resolves this + # and is harmless for all other versions of OpenSSL. + if isinstance(self._mode, GCM): + self.update(b"") + buf = self._backend._ffi.new("unsigned char[]", self._block_size) outlen = self._backend._ffi.new("int *") res = self._backend._lib.EVP_CipherFinal_ex(self._ctx, buf, outlen) diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py index 13682753..e8e0eee4 100644 --- a/tests/hazmat/primitives/test_aes.py +++ b/tests/hazmat/primitives/test_aes.py @@ -230,10 +230,10 @@ class TestAESModeGCM(object): ) def test_gcm_tag_with_only_aad(self, backend): - key = binascii.unhexlify(b"1dde380d6b04fdcb004005b8a77bd5e3") - iv = binascii.unhexlify(b"5053bf901463f97decd88c33") - aad = binascii.unhexlify(b"f807f5f6133021d15cb6434d5ad95cf7d8488727") - tag = binascii.unhexlify(b"4bebf3ff2cb67bb5444dda53bd039e22") + key = binascii.unhexlify(b"5211242698bed4774a090620a6ca56f3") + iv = binascii.unhexlify(b"b1e1349120b6e832ef976f5d") + aad = binascii.unhexlify(b"b6d729aab8e6416d7002b9faa794c410d8d2f193") + tag = binascii.unhexlify(b"0f247e7f9c2505de374006738018493b") cipher = base.Cipher( algorithms.AES(key), |