LibreSSL compatibility

- code distinguishes between OpenSSL 1.1.x and LibreSSL and works with
  both
This commit is contained in:
Peter Šurda 2017-02-18 17:22:17 +01:00
parent 75f715bfe4
commit a95f4aa255
Signed by untrusted user: PeterSurda
GPG Key ID: 0C5F50C0B5F37D87
4 changed files with 13 additions and 12 deletions

View File

@ -502,7 +502,7 @@ else:
sslProtocolVersion = ssl.PROTOCOL_TLSv1 sslProtocolVersion = ssl.PROTOCOL_TLSv1
# ciphers # ciphers
if ssl.OPENSSL_VERSION_NUMBER >= 0x10100000: if ssl.OPENSSL_VERSION_NUMBER >= 0x10100000 and not ssl.OPENSSL_VERSION.startswith("LibreSSL"):
sslProtocolCiphers = "AECDH-AES256-SHA@SECLEVEL=0" sslProtocolCiphers = "AECDH-AES256-SHA@SECLEVEL=0"
else: else:
sslProtocolCiphers = "AECDH-AES256-SHA" sslProtocolCiphers = "AECDH-AES256-SHA"

View File

@ -77,7 +77,7 @@ class Cipher:
return buff + self.final() return buff + self.final()
def __del__(self): def __del__(self):
if OpenSSL._hexversion > 0x10100000: if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
OpenSSL.EVP_CIPHER_CTX_reset(self.ctx) OpenSSL.EVP_CIPHER_CTX_reset(self.ctx)
else: else:
OpenSSL.EVP_CIPHER_CTX_cleanup(self.ctx) OpenSSL.EVP_CIPHER_CTX_cleanup(self.ctx)

View File

@ -223,7 +223,7 @@ class ECC:
if (OpenSSL.EC_KEY_set_private_key(own_key, own_priv_key)) == 0: if (OpenSSL.EC_KEY_set_private_key(own_key, own_priv_key)) == 0:
raise Exception("[OpenSSL] EC_KEY_set_private_key FAIL ...") raise Exception("[OpenSSL] EC_KEY_set_private_key FAIL ...")
if OpenSSL._hexversion > 0x10100000: if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
OpenSSL.EC_KEY_set_method(own_key, OpenSSL.EC_KEY_OpenSSL()) OpenSSL.EC_KEY_set_method(own_key, OpenSSL.EC_KEY_OpenSSL())
else: else:
OpenSSL.ECDH_set_method(own_key, OpenSSL.ECDH_OpenSSL()) OpenSSL.ECDH_set_method(own_key, OpenSSL.ECDH_OpenSSL())
@ -310,7 +310,7 @@ class ECC:
size = len(inputb) size = len(inputb)
buff = OpenSSL.malloc(inputb, size) buff = OpenSSL.malloc(inputb, size)
digest = OpenSSL.malloc(0, 64) digest = OpenSSL.malloc(0, 64)
if OpenSSL._hexversion > 0x10100000: if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
md_ctx = OpenSSL.EVP_MD_CTX_new() md_ctx = OpenSSL.EVP_MD_CTX_new()
else: else:
md_ctx = OpenSSL.EVP_MD_CTX_create() md_ctx = OpenSSL.EVP_MD_CTX_create()
@ -343,7 +343,7 @@ class ECC:
if (OpenSSL.EC_KEY_check_key(key)) == 0: if (OpenSSL.EC_KEY_check_key(key)) == 0:
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...") raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
if OpenSSL._hexversion > 0x10100000: if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
OpenSSL.EVP_MD_CTX_new(md_ctx) OpenSSL.EVP_MD_CTX_new(md_ctx)
else: else:
OpenSSL.EVP_MD_CTX_init(md_ctx) OpenSSL.EVP_MD_CTX_init(md_ctx)
@ -365,7 +365,7 @@ class ECC:
OpenSSL.BN_free(pub_key_y) OpenSSL.BN_free(pub_key_y)
OpenSSL.BN_free(priv_key) OpenSSL.BN_free(priv_key)
OpenSSL.EC_POINT_free(pub_key) OpenSSL.EC_POINT_free(pub_key)
if OpenSSL._hexversion > 0x10100000: if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
OpenSSL.EVP_MD_CTX_free(md_ctx) OpenSSL.EVP_MD_CTX_free(md_ctx)
else: else:
OpenSSL.EVP_MD_CTX_destroy(md_ctx) OpenSSL.EVP_MD_CTX_destroy(md_ctx)
@ -381,7 +381,7 @@ class ECC:
binputb = OpenSSL.malloc(inputb, len(inputb)) binputb = OpenSSL.malloc(inputb, len(inputb))
digest = OpenSSL.malloc(0, 64) digest = OpenSSL.malloc(0, 64)
dgst_len = OpenSSL.pointer(OpenSSL.c_int(0)) dgst_len = OpenSSL.pointer(OpenSSL.c_int(0))
if OpenSSL._hexversion > 0x10100000: if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
md_ctx = OpenSSL.EVP_MD_CTX_new() md_ctx = OpenSSL.EVP_MD_CTX_new()
else: else:
md_ctx = OpenSSL.EVP_MD_CTX_create() md_ctx = OpenSSL.EVP_MD_CTX_create()
@ -405,7 +405,7 @@ class ECC:
raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...") raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
if (OpenSSL.EC_KEY_check_key(key)) == 0: if (OpenSSL.EC_KEY_check_key(key)) == 0:
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...") raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
if OpenSSL._hexversion > 0x10100000: if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
OpenSSL.EVP_MD_CTX_new(md_ctx) OpenSSL.EVP_MD_CTX_new(md_ctx)
else: else:
OpenSSL.EVP_MD_CTX_init(md_ctx) OpenSSL.EVP_MD_CTX_init(md_ctx)
@ -431,7 +431,7 @@ class ECC:
OpenSSL.BN_free(pub_key_x) OpenSSL.BN_free(pub_key_x)
OpenSSL.BN_free(pub_key_y) OpenSSL.BN_free(pub_key_y)
OpenSSL.EC_POINT_free(pub_key) OpenSSL.EC_POINT_free(pub_key)
if OpenSSL._hexversion > 0x10100000: if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
OpenSSL.EVP_MD_CTX_free(md_ctx) OpenSSL.EVP_MD_CTX_free(md_ctx)
else: else:
OpenSSL.EVP_MD_CTX_destroy(md_ctx) OpenSSL.EVP_MD_CTX_destroy(md_ctx)

View File

@ -72,6 +72,7 @@ class _OpenSSL:
""" """
self._lib = ctypes.CDLL(library) self._lib = ctypes.CDLL(library)
self._version, self._hexversion, self._cflags = get_version(self._lib) self._version, self._hexversion, self._cflags = get_version(self._lib)
self._libreSSL = self._version.startswith("LibreSSL")
self.pointer = ctypes.pointer self.pointer = ctypes.pointer
self.c_int = ctypes.c_int self.c_int = ctypes.c_int
@ -170,7 +171,7 @@ class _OpenSSL:
self.EC_KEY_set_private_key.argtypes = [ctypes.c_void_p, self.EC_KEY_set_private_key.argtypes = [ctypes.c_void_p,
ctypes.c_void_p] ctypes.c_void_p]
if self._hexversion >= 0x10100000: if self._hexversion >= 0x10100000 and not self._libreSSL:
self.EC_KEY_OpenSSL = self._lib.EC_KEY_OpenSSL self.EC_KEY_OpenSSL = self._lib.EC_KEY_OpenSSL
self._lib.EC_KEY_OpenSSL.restype = ctypes.c_void_p self._lib.EC_KEY_OpenSSL.restype = ctypes.c_void_p
self._lib.EC_KEY_OpenSSL.argtypes = [] self._lib.EC_KEY_OpenSSL.argtypes = []
@ -250,7 +251,7 @@ class _OpenSSL:
self.EVP_rc4.restype = ctypes.c_void_p self.EVP_rc4.restype = ctypes.c_void_p
self.EVP_rc4.argtypes = [] self.EVP_rc4.argtypes = []
if self._hexversion >= 0x10100000: if self._hexversion >= 0x10100000 and not self._libreSSL:
self.EVP_CIPHER_CTX_reset = self._lib.EVP_CIPHER_CTX_reset self.EVP_CIPHER_CTX_reset = self._lib.EVP_CIPHER_CTX_reset
self.EVP_CIPHER_CTX_reset.restype = ctypes.c_int self.EVP_CIPHER_CTX_reset.restype = ctypes.c_int
self.EVP_CIPHER_CTX_reset.argtypes = [ctypes.c_void_p] self.EVP_CIPHER_CTX_reset.argtypes = [ctypes.c_void_p]
@ -306,7 +307,7 @@ class _OpenSSL:
self.ECDSA_verify.argtypes = [ctypes.c_int, ctypes.c_void_p, self.ECDSA_verify.argtypes = [ctypes.c_int, ctypes.c_void_p,
ctypes.c_int, ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p] ctypes.c_int, ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p]
if self._hexversion >= 0x10100000: if self._hexversion >= 0x10100000 and not self._libreSSL:
self.EVP_MD_CTX_new = self._lib.EVP_MD_CTX_new self.EVP_MD_CTX_new = self._lib.EVP_MD_CTX_new
self.EVP_MD_CTX_new.restype = ctypes.c_void_p self.EVP_MD_CTX_new.restype = ctypes.c_void_p
self.EVP_MD_CTX_new.argtypes = [] self.EVP_MD_CTX_new.argtypes = []