LibreSSL compatibility
- code distinguishes between OpenSSL 1.1.x and LibreSSL and works with both
This commit is contained in:
parent
75f715bfe4
commit
a95f4aa255
src
|
@ -502,7 +502,7 @@ else:
|
||||||
sslProtocolVersion = ssl.PROTOCOL_TLSv1
|
sslProtocolVersion = ssl.PROTOCOL_TLSv1
|
||||||
|
|
||||||
# ciphers
|
# ciphers
|
||||||
if ssl.OPENSSL_VERSION_NUMBER >= 0x10100000:
|
if ssl.OPENSSL_VERSION_NUMBER >= 0x10100000 and not ssl.OPENSSL_VERSION.startswith("LibreSSL"):
|
||||||
sslProtocolCiphers = "AECDH-AES256-SHA@SECLEVEL=0"
|
sslProtocolCiphers = "AECDH-AES256-SHA@SECLEVEL=0"
|
||||||
else:
|
else:
|
||||||
sslProtocolCiphers = "AECDH-AES256-SHA"
|
sslProtocolCiphers = "AECDH-AES256-SHA"
|
||||||
|
|
|
@ -77,7 +77,7 @@ class Cipher:
|
||||||
return buff + self.final()
|
return buff + self.final()
|
||||||
|
|
||||||
def __del__(self):
|
def __del__(self):
|
||||||
if OpenSSL._hexversion > 0x10100000:
|
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||||
OpenSSL.EVP_CIPHER_CTX_reset(self.ctx)
|
OpenSSL.EVP_CIPHER_CTX_reset(self.ctx)
|
||||||
else:
|
else:
|
||||||
OpenSSL.EVP_CIPHER_CTX_cleanup(self.ctx)
|
OpenSSL.EVP_CIPHER_CTX_cleanup(self.ctx)
|
||||||
|
|
|
@ -223,7 +223,7 @@ class ECC:
|
||||||
if (OpenSSL.EC_KEY_set_private_key(own_key, own_priv_key)) == 0:
|
if (OpenSSL.EC_KEY_set_private_key(own_key, own_priv_key)) == 0:
|
||||||
raise Exception("[OpenSSL] EC_KEY_set_private_key FAIL ...")
|
raise Exception("[OpenSSL] EC_KEY_set_private_key FAIL ...")
|
||||||
|
|
||||||
if OpenSSL._hexversion > 0x10100000:
|
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||||
OpenSSL.EC_KEY_set_method(own_key, OpenSSL.EC_KEY_OpenSSL())
|
OpenSSL.EC_KEY_set_method(own_key, OpenSSL.EC_KEY_OpenSSL())
|
||||||
else:
|
else:
|
||||||
OpenSSL.ECDH_set_method(own_key, OpenSSL.ECDH_OpenSSL())
|
OpenSSL.ECDH_set_method(own_key, OpenSSL.ECDH_OpenSSL())
|
||||||
|
@ -310,7 +310,7 @@ class ECC:
|
||||||
size = len(inputb)
|
size = len(inputb)
|
||||||
buff = OpenSSL.malloc(inputb, size)
|
buff = OpenSSL.malloc(inputb, size)
|
||||||
digest = OpenSSL.malloc(0, 64)
|
digest = OpenSSL.malloc(0, 64)
|
||||||
if OpenSSL._hexversion > 0x10100000:
|
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||||
md_ctx = OpenSSL.EVP_MD_CTX_new()
|
md_ctx = OpenSSL.EVP_MD_CTX_new()
|
||||||
else:
|
else:
|
||||||
md_ctx = OpenSSL.EVP_MD_CTX_create()
|
md_ctx = OpenSSL.EVP_MD_CTX_create()
|
||||||
|
@ -343,7 +343,7 @@ class ECC:
|
||||||
if (OpenSSL.EC_KEY_check_key(key)) == 0:
|
if (OpenSSL.EC_KEY_check_key(key)) == 0:
|
||||||
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
|
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
|
||||||
|
|
||||||
if OpenSSL._hexversion > 0x10100000:
|
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||||
OpenSSL.EVP_MD_CTX_new(md_ctx)
|
OpenSSL.EVP_MD_CTX_new(md_ctx)
|
||||||
else:
|
else:
|
||||||
OpenSSL.EVP_MD_CTX_init(md_ctx)
|
OpenSSL.EVP_MD_CTX_init(md_ctx)
|
||||||
|
@ -365,7 +365,7 @@ class ECC:
|
||||||
OpenSSL.BN_free(pub_key_y)
|
OpenSSL.BN_free(pub_key_y)
|
||||||
OpenSSL.BN_free(priv_key)
|
OpenSSL.BN_free(priv_key)
|
||||||
OpenSSL.EC_POINT_free(pub_key)
|
OpenSSL.EC_POINT_free(pub_key)
|
||||||
if OpenSSL._hexversion > 0x10100000:
|
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||||
OpenSSL.EVP_MD_CTX_free(md_ctx)
|
OpenSSL.EVP_MD_CTX_free(md_ctx)
|
||||||
else:
|
else:
|
||||||
OpenSSL.EVP_MD_CTX_destroy(md_ctx)
|
OpenSSL.EVP_MD_CTX_destroy(md_ctx)
|
||||||
|
@ -381,7 +381,7 @@ class ECC:
|
||||||
binputb = OpenSSL.malloc(inputb, len(inputb))
|
binputb = OpenSSL.malloc(inputb, len(inputb))
|
||||||
digest = OpenSSL.malloc(0, 64)
|
digest = OpenSSL.malloc(0, 64)
|
||||||
dgst_len = OpenSSL.pointer(OpenSSL.c_int(0))
|
dgst_len = OpenSSL.pointer(OpenSSL.c_int(0))
|
||||||
if OpenSSL._hexversion > 0x10100000:
|
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||||
md_ctx = OpenSSL.EVP_MD_CTX_new()
|
md_ctx = OpenSSL.EVP_MD_CTX_new()
|
||||||
else:
|
else:
|
||||||
md_ctx = OpenSSL.EVP_MD_CTX_create()
|
md_ctx = OpenSSL.EVP_MD_CTX_create()
|
||||||
|
@ -405,7 +405,7 @@ class ECC:
|
||||||
raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
|
raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
|
||||||
if (OpenSSL.EC_KEY_check_key(key)) == 0:
|
if (OpenSSL.EC_KEY_check_key(key)) == 0:
|
||||||
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
|
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
|
||||||
if OpenSSL._hexversion > 0x10100000:
|
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||||
OpenSSL.EVP_MD_CTX_new(md_ctx)
|
OpenSSL.EVP_MD_CTX_new(md_ctx)
|
||||||
else:
|
else:
|
||||||
OpenSSL.EVP_MD_CTX_init(md_ctx)
|
OpenSSL.EVP_MD_CTX_init(md_ctx)
|
||||||
|
@ -431,7 +431,7 @@ class ECC:
|
||||||
OpenSSL.BN_free(pub_key_x)
|
OpenSSL.BN_free(pub_key_x)
|
||||||
OpenSSL.BN_free(pub_key_y)
|
OpenSSL.BN_free(pub_key_y)
|
||||||
OpenSSL.EC_POINT_free(pub_key)
|
OpenSSL.EC_POINT_free(pub_key)
|
||||||
if OpenSSL._hexversion > 0x10100000:
|
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||||
OpenSSL.EVP_MD_CTX_free(md_ctx)
|
OpenSSL.EVP_MD_CTX_free(md_ctx)
|
||||||
else:
|
else:
|
||||||
OpenSSL.EVP_MD_CTX_destroy(md_ctx)
|
OpenSSL.EVP_MD_CTX_destroy(md_ctx)
|
||||||
|
|
|
@ -72,6 +72,7 @@ class _OpenSSL:
|
||||||
"""
|
"""
|
||||||
self._lib = ctypes.CDLL(library)
|
self._lib = ctypes.CDLL(library)
|
||||||
self._version, self._hexversion, self._cflags = get_version(self._lib)
|
self._version, self._hexversion, self._cflags = get_version(self._lib)
|
||||||
|
self._libreSSL = self._version.startswith("LibreSSL")
|
||||||
|
|
||||||
self.pointer = ctypes.pointer
|
self.pointer = ctypes.pointer
|
||||||
self.c_int = ctypes.c_int
|
self.c_int = ctypes.c_int
|
||||||
|
@ -170,7 +171,7 @@ class _OpenSSL:
|
||||||
self.EC_KEY_set_private_key.argtypes = [ctypes.c_void_p,
|
self.EC_KEY_set_private_key.argtypes = [ctypes.c_void_p,
|
||||||
ctypes.c_void_p]
|
ctypes.c_void_p]
|
||||||
|
|
||||||
if self._hexversion >= 0x10100000:
|
if self._hexversion >= 0x10100000 and not self._libreSSL:
|
||||||
self.EC_KEY_OpenSSL = self._lib.EC_KEY_OpenSSL
|
self.EC_KEY_OpenSSL = self._lib.EC_KEY_OpenSSL
|
||||||
self._lib.EC_KEY_OpenSSL.restype = ctypes.c_void_p
|
self._lib.EC_KEY_OpenSSL.restype = ctypes.c_void_p
|
||||||
self._lib.EC_KEY_OpenSSL.argtypes = []
|
self._lib.EC_KEY_OpenSSL.argtypes = []
|
||||||
|
@ -250,7 +251,7 @@ class _OpenSSL:
|
||||||
self.EVP_rc4.restype = ctypes.c_void_p
|
self.EVP_rc4.restype = ctypes.c_void_p
|
||||||
self.EVP_rc4.argtypes = []
|
self.EVP_rc4.argtypes = []
|
||||||
|
|
||||||
if self._hexversion >= 0x10100000:
|
if self._hexversion >= 0x10100000 and not self._libreSSL:
|
||||||
self.EVP_CIPHER_CTX_reset = self._lib.EVP_CIPHER_CTX_reset
|
self.EVP_CIPHER_CTX_reset = self._lib.EVP_CIPHER_CTX_reset
|
||||||
self.EVP_CIPHER_CTX_reset.restype = ctypes.c_int
|
self.EVP_CIPHER_CTX_reset.restype = ctypes.c_int
|
||||||
self.EVP_CIPHER_CTX_reset.argtypes = [ctypes.c_void_p]
|
self.EVP_CIPHER_CTX_reset.argtypes = [ctypes.c_void_p]
|
||||||
|
@ -306,7 +307,7 @@ class _OpenSSL:
|
||||||
self.ECDSA_verify.argtypes = [ctypes.c_int, ctypes.c_void_p,
|
self.ECDSA_verify.argtypes = [ctypes.c_int, ctypes.c_void_p,
|
||||||
ctypes.c_int, ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p]
|
ctypes.c_int, ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p]
|
||||||
|
|
||||||
if self._hexversion >= 0x10100000:
|
if self._hexversion >= 0x10100000 and not self._libreSSL:
|
||||||
self.EVP_MD_CTX_new = self._lib.EVP_MD_CTX_new
|
self.EVP_MD_CTX_new = self._lib.EVP_MD_CTX_new
|
||||||
self.EVP_MD_CTX_new.restype = ctypes.c_void_p
|
self.EVP_MD_CTX_new.restype = ctypes.c_void_p
|
||||||
self.EVP_MD_CTX_new.argtypes = []
|
self.EVP_MD_CTX_new.argtypes = []
|
||||||
|
|
Reference in New Issue
Block a user