LibreSSL compatibility
- code distinguishes between OpenSSL 1.1.x and LibreSSL and works with both
This commit is contained in:
parent
75f715bfe4
commit
a95f4aa255
|
@ -502,7 +502,7 @@ else:
|
|||
sslProtocolVersion = ssl.PROTOCOL_TLSv1
|
||||
|
||||
# ciphers
|
||||
if ssl.OPENSSL_VERSION_NUMBER >= 0x10100000:
|
||||
if ssl.OPENSSL_VERSION_NUMBER >= 0x10100000 and not ssl.OPENSSL_VERSION.startswith("LibreSSL"):
|
||||
sslProtocolCiphers = "AECDH-AES256-SHA@SECLEVEL=0"
|
||||
else:
|
||||
sslProtocolCiphers = "AECDH-AES256-SHA"
|
||||
|
|
|
@ -77,7 +77,7 @@ class Cipher:
|
|||
return buff + self.final()
|
||||
|
||||
def __del__(self):
|
||||
if OpenSSL._hexversion > 0x10100000:
|
||||
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||
OpenSSL.EVP_CIPHER_CTX_reset(self.ctx)
|
||||
else:
|
||||
OpenSSL.EVP_CIPHER_CTX_cleanup(self.ctx)
|
||||
|
|
|
@ -223,7 +223,7 @@ class ECC:
|
|||
if (OpenSSL.EC_KEY_set_private_key(own_key, own_priv_key)) == 0:
|
||||
raise Exception("[OpenSSL] EC_KEY_set_private_key FAIL ...")
|
||||
|
||||
if OpenSSL._hexversion > 0x10100000:
|
||||
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||
OpenSSL.EC_KEY_set_method(own_key, OpenSSL.EC_KEY_OpenSSL())
|
||||
else:
|
||||
OpenSSL.ECDH_set_method(own_key, OpenSSL.ECDH_OpenSSL())
|
||||
|
@ -310,7 +310,7 @@ class ECC:
|
|||
size = len(inputb)
|
||||
buff = OpenSSL.malloc(inputb, size)
|
||||
digest = OpenSSL.malloc(0, 64)
|
||||
if OpenSSL._hexversion > 0x10100000:
|
||||
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||
md_ctx = OpenSSL.EVP_MD_CTX_new()
|
||||
else:
|
||||
md_ctx = OpenSSL.EVP_MD_CTX_create()
|
||||
|
@ -343,7 +343,7 @@ class ECC:
|
|||
if (OpenSSL.EC_KEY_check_key(key)) == 0:
|
||||
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
|
||||
|
||||
if OpenSSL._hexversion > 0x10100000:
|
||||
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||
OpenSSL.EVP_MD_CTX_new(md_ctx)
|
||||
else:
|
||||
OpenSSL.EVP_MD_CTX_init(md_ctx)
|
||||
|
@ -365,7 +365,7 @@ class ECC:
|
|||
OpenSSL.BN_free(pub_key_y)
|
||||
OpenSSL.BN_free(priv_key)
|
||||
OpenSSL.EC_POINT_free(pub_key)
|
||||
if OpenSSL._hexversion > 0x10100000:
|
||||
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||
OpenSSL.EVP_MD_CTX_free(md_ctx)
|
||||
else:
|
||||
OpenSSL.EVP_MD_CTX_destroy(md_ctx)
|
||||
|
@ -381,7 +381,7 @@ class ECC:
|
|||
binputb = OpenSSL.malloc(inputb, len(inputb))
|
||||
digest = OpenSSL.malloc(0, 64)
|
||||
dgst_len = OpenSSL.pointer(OpenSSL.c_int(0))
|
||||
if OpenSSL._hexversion > 0x10100000:
|
||||
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||
md_ctx = OpenSSL.EVP_MD_CTX_new()
|
||||
else:
|
||||
md_ctx = OpenSSL.EVP_MD_CTX_create()
|
||||
|
@ -405,7 +405,7 @@ class ECC:
|
|||
raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
|
||||
if (OpenSSL.EC_KEY_check_key(key)) == 0:
|
||||
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
|
||||
if OpenSSL._hexversion > 0x10100000:
|
||||
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||
OpenSSL.EVP_MD_CTX_new(md_ctx)
|
||||
else:
|
||||
OpenSSL.EVP_MD_CTX_init(md_ctx)
|
||||
|
@ -431,7 +431,7 @@ class ECC:
|
|||
OpenSSL.BN_free(pub_key_x)
|
||||
OpenSSL.BN_free(pub_key_y)
|
||||
OpenSSL.EC_POINT_free(pub_key)
|
||||
if OpenSSL._hexversion > 0x10100000:
|
||||
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||
OpenSSL.EVP_MD_CTX_free(md_ctx)
|
||||
else:
|
||||
OpenSSL.EVP_MD_CTX_destroy(md_ctx)
|
||||
|
|
|
@ -72,6 +72,7 @@ class _OpenSSL:
|
|||
"""
|
||||
self._lib = ctypes.CDLL(library)
|
||||
self._version, self._hexversion, self._cflags = get_version(self._lib)
|
||||
self._libreSSL = self._version.startswith("LibreSSL")
|
||||
|
||||
self.pointer = ctypes.pointer
|
||||
self.c_int = ctypes.c_int
|
||||
|
@ -170,7 +171,7 @@ class _OpenSSL:
|
|||
self.EC_KEY_set_private_key.argtypes = [ctypes.c_void_p,
|
||||
ctypes.c_void_p]
|
||||
|
||||
if self._hexversion >= 0x10100000:
|
||||
if self._hexversion >= 0x10100000 and not self._libreSSL:
|
||||
self.EC_KEY_OpenSSL = self._lib.EC_KEY_OpenSSL
|
||||
self._lib.EC_KEY_OpenSSL.restype = ctypes.c_void_p
|
||||
self._lib.EC_KEY_OpenSSL.argtypes = []
|
||||
|
@ -250,7 +251,7 @@ class _OpenSSL:
|
|||
self.EVP_rc4.restype = ctypes.c_void_p
|
||||
self.EVP_rc4.argtypes = []
|
||||
|
||||
if self._hexversion >= 0x10100000:
|
||||
if self._hexversion >= 0x10100000 and not self._libreSSL:
|
||||
self.EVP_CIPHER_CTX_reset = self._lib.EVP_CIPHER_CTX_reset
|
||||
self.EVP_CIPHER_CTX_reset.restype = ctypes.c_int
|
||||
self.EVP_CIPHER_CTX_reset.argtypes = [ctypes.c_void_p]
|
||||
|
@ -306,7 +307,7 @@ class _OpenSSL:
|
|||
self.ECDSA_verify.argtypes = [ctypes.c_int, ctypes.c_void_p,
|
||||
ctypes.c_int, ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p]
|
||||
|
||||
if self._hexversion >= 0x10100000:
|
||||
if self._hexversion >= 0x10100000 and not self._libreSSL:
|
||||
self.EVP_MD_CTX_new = self._lib.EVP_MD_CTX_new
|
||||
self.EVP_MD_CTX_new.restype = ctypes.c_void_p
|
||||
self.EVP_MD_CTX_new.argtypes = []
|
||||
|
|
Reference in New Issue
Block a user