From a95f4aa2550315ca8c4ac6cdb7b453dff4a35ffa Mon Sep 17 00:00:00 2001 From: Peter Surda Date: Sat, 18 Feb 2017 17:22:17 +0100 Subject: [PATCH] LibreSSL compatibility - code distinguishes between OpenSSL 1.1.x and LibreSSL and works with both --- src/protocol.py | 2 +- src/pyelliptic/cipher.py | 2 +- src/pyelliptic/ecc.py | 14 +++++++------- src/pyelliptic/openssl.py | 7 ++++--- 4 files changed, 13 insertions(+), 12 deletions(-) diff --git a/src/protocol.py b/src/protocol.py index 2268ac9d..4b1c67ff 100644 --- a/src/protocol.py +++ b/src/protocol.py @@ -502,7 +502,7 @@ else: sslProtocolVersion = ssl.PROTOCOL_TLSv1 # ciphers -if ssl.OPENSSL_VERSION_NUMBER >= 0x10100000: +if ssl.OPENSSL_VERSION_NUMBER >= 0x10100000 and not ssl.OPENSSL_VERSION.startswith("LibreSSL"): sslProtocolCiphers = "AECDH-AES256-SHA@SECLEVEL=0" else: sslProtocolCiphers = "AECDH-AES256-SHA" diff --git a/src/pyelliptic/cipher.py b/src/pyelliptic/cipher.py index 4d932210..b597cafa 100644 --- a/src/pyelliptic/cipher.py +++ b/src/pyelliptic/cipher.py @@ -77,7 +77,7 @@ class Cipher: return buff + self.final() def __del__(self): - if OpenSSL._hexversion > 0x10100000: + if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL: OpenSSL.EVP_CIPHER_CTX_reset(self.ctx) else: OpenSSL.EVP_CIPHER_CTX_cleanup(self.ctx) diff --git a/src/pyelliptic/ecc.py b/src/pyelliptic/ecc.py index 7b5a07d2..bea645db 100644 --- a/src/pyelliptic/ecc.py +++ b/src/pyelliptic/ecc.py @@ -223,7 +223,7 @@ class ECC: if (OpenSSL.EC_KEY_set_private_key(own_key, own_priv_key)) == 0: raise Exception("[OpenSSL] EC_KEY_set_private_key FAIL ...") - if OpenSSL._hexversion > 0x10100000: + if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL: OpenSSL.EC_KEY_set_method(own_key, OpenSSL.EC_KEY_OpenSSL()) else: OpenSSL.ECDH_set_method(own_key, OpenSSL.ECDH_OpenSSL()) @@ -310,7 +310,7 @@ class ECC: size = len(inputb) buff = OpenSSL.malloc(inputb, size) digest = OpenSSL.malloc(0, 64) - if OpenSSL._hexversion > 0x10100000: + if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL: md_ctx = OpenSSL.EVP_MD_CTX_new() else: md_ctx = OpenSSL.EVP_MD_CTX_create() @@ -343,7 +343,7 @@ class ECC: if (OpenSSL.EC_KEY_check_key(key)) == 0: raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...") - if OpenSSL._hexversion > 0x10100000: + if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL: OpenSSL.EVP_MD_CTX_new(md_ctx) else: OpenSSL.EVP_MD_CTX_init(md_ctx) @@ -365,7 +365,7 @@ class ECC: OpenSSL.BN_free(pub_key_y) OpenSSL.BN_free(priv_key) OpenSSL.EC_POINT_free(pub_key) - if OpenSSL._hexversion > 0x10100000: + if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL: OpenSSL.EVP_MD_CTX_free(md_ctx) else: OpenSSL.EVP_MD_CTX_destroy(md_ctx) @@ -381,7 +381,7 @@ class ECC: binputb = OpenSSL.malloc(inputb, len(inputb)) digest = OpenSSL.malloc(0, 64) dgst_len = OpenSSL.pointer(OpenSSL.c_int(0)) - if OpenSSL._hexversion > 0x10100000: + if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL: md_ctx = OpenSSL.EVP_MD_CTX_new() else: md_ctx = OpenSSL.EVP_MD_CTX_create() @@ -405,7 +405,7 @@ class ECC: raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...") if (OpenSSL.EC_KEY_check_key(key)) == 0: raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...") - if OpenSSL._hexversion > 0x10100000: + if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL: OpenSSL.EVP_MD_CTX_new(md_ctx) else: OpenSSL.EVP_MD_CTX_init(md_ctx) @@ -431,7 +431,7 @@ class ECC: OpenSSL.BN_free(pub_key_x) OpenSSL.BN_free(pub_key_y) OpenSSL.EC_POINT_free(pub_key) - if OpenSSL._hexversion > 0x10100000: + if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL: OpenSSL.EVP_MD_CTX_free(md_ctx) else: OpenSSL.EVP_MD_CTX_destroy(md_ctx) diff --git a/src/pyelliptic/openssl.py b/src/pyelliptic/openssl.py index a26339ce..7af4fd18 100644 --- a/src/pyelliptic/openssl.py +++ b/src/pyelliptic/openssl.py @@ -72,6 +72,7 @@ class _OpenSSL: """ self._lib = ctypes.CDLL(library) self._version, self._hexversion, self._cflags = get_version(self._lib) + self._libreSSL = self._version.startswith("LibreSSL") self.pointer = ctypes.pointer self.c_int = ctypes.c_int @@ -170,7 +171,7 @@ class _OpenSSL: self.EC_KEY_set_private_key.argtypes = [ctypes.c_void_p, ctypes.c_void_p] - if self._hexversion >= 0x10100000: + if self._hexversion >= 0x10100000 and not self._libreSSL: self.EC_KEY_OpenSSL = self._lib.EC_KEY_OpenSSL self._lib.EC_KEY_OpenSSL.restype = ctypes.c_void_p self._lib.EC_KEY_OpenSSL.argtypes = [] @@ -250,7 +251,7 @@ class _OpenSSL: self.EVP_rc4.restype = ctypes.c_void_p self.EVP_rc4.argtypes = [] - if self._hexversion >= 0x10100000: + if self._hexversion >= 0x10100000 and not self._libreSSL: self.EVP_CIPHER_CTX_reset = self._lib.EVP_CIPHER_CTX_reset self.EVP_CIPHER_CTX_reset.restype = ctypes.c_int self.EVP_CIPHER_CTX_reset.argtypes = [ctypes.c_void_p] @@ -306,7 +307,7 @@ class _OpenSSL: self.ECDSA_verify.argtypes = [ctypes.c_int, ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p] - if self._hexversion >= 0x10100000: + if self._hexversion >= 0x10100000 and not self._libreSSL: self.EVP_MD_CTX_new = self._lib.EVP_MD_CTX_new self.EVP_MD_CTX_new.restype = ctypes.c_void_p self.EVP_MD_CTX_new.argtypes = []