diff options
| author | Angus Gratton <gus@projectgus.com> | 2021-06-09 21:41:36 +1000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-06-09 07:41:36 -0400 |
| commit | f0715b835ed5d71cf0b38f165ac6d28e003b4bb5 (patch) | |
| tree | 50dd42fa63606689196aff6c7e0f95470df3a2fb /src/_cffi_src | |
| parent | 1eeee2b8431b81b52a006881d2381ef97c2d1914 (diff) | |
| download | cryptography-f0715b835ed5d71cf0b38f165ac6d28e003b4bb5.tar.gz | |
Added handling for OpenSSL "xts duplicated keys" error. (#6085)
* Added handling for OpenSSL "xts duplicated keys" error.
Closes #5998
This error value was added pre-OpenSSL 1.1.1d here:
https://github.com/openssl/openssl/commit/2a5f63c9a61be7582620c4b5da202bb3fd7e4138
and refined to only cover encryption shortly after:
https://github.com/openssl/openssl/commit/58ae5a47da1e4843b0cd1846eb297b341d0e7201
* test_aes: Remove unnecessary assignment
* xts: Update duplicated keys check for OpenSSL 3 providers
Also, change the exception message slightly:
- Now matches the tense used by openssl
- Turns out decryption *is* checked for duplicate keys by
OpenSSL 3 when in FIPS mode
Diffstat (limited to 'src/_cffi_src')
| -rw-r--r-- | src/_cffi_src/openssl/cryptography.py | 3 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/err.py | 5 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/provider.py | 2 |
3 files changed, 10 insertions, 0 deletions
diff --git a/src/_cffi_src/openssl/cryptography.py b/src/_cffi_src/openssl/cryptography.py index e9a9a522e..802a72acb 100644 --- a/src/_cffi_src/openssl/cryptography.py +++ b/src/_cffi_src/openssl/cryptography.py @@ -41,6 +41,8 @@ INCLUDES = """ #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL) +#define CRYPTOGRAPHY_OPENSSL_111D_OR_GREATER \ + (OPENSSL_VERSION_NUMBER >= 0x10101040 && !CRYPTOGRAPHY_IS_LIBRESSL) #define CRYPTOGRAPHY_OPENSSL_300_OR_GREATER \ (OPENSSL_VERSION_NUMBER >= 0x30000000 && !CRYPTOGRAPHY_IS_LIBRESSL) @@ -62,6 +64,7 @@ INCLUDES = """ TYPES = """ static const int CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER; +static const int CRYPTOGRAPHY_OPENSSL_111D_OR_GREATER; static const int CRYPTOGRAPHY_OPENSSL_300_OR_GREATER; static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111; diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py index 8cfeaf5ba..54dd1e44c 100644 --- a/src/_cffi_src/openssl/err.py +++ b/src/_cffi_src/openssl/err.py @@ -15,6 +15,7 @@ static const int EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM; static const int PKCS12_R_PKCS12_CIPHERFINAL_ERROR; static const int PEM_R_UNSUPPORTED_ENCRYPTION; static const int EVP_R_UNKNOWN_PBE_ALGORITHM; +static const int EVP_R_XTS_DUPLICATED_KEYS; static const int ERR_LIB_EVP; static const int ERR_LIB_PEM; @@ -51,4 +52,8 @@ CUSTOMIZATIONS = """ #ifndef ERR_LIB_PROV #define ERR_LIB_PROV 0 #endif + +#if !CRYPTOGRAPHY_OPENSSL_111D_OR_GREATER +static const int EVP_R_XTS_DUPLICATED_KEYS = 0; +#endif """ diff --git a/src/_cffi_src/openssl/provider.py b/src/_cffi_src/openssl/provider.py index d7d659ea5..d741ad7e4 100644 --- a/src/_cffi_src/openssl/provider.py +++ b/src/_cffi_src/openssl/provider.py @@ -17,6 +17,7 @@ typedef ... OSSL_PROVIDER; typedef ... OSSL_LIB_CTX; static const long PROV_R_BAD_DECRYPT; +static const long PROV_R_XTS_DUPLICATED_KEYS; static const long PROV_R_WRONG_FINAL_BLOCK_LENGTH; """ @@ -33,6 +34,7 @@ static const long Cryptography_HAS_PROVIDERS = 0; typedef void OSSL_PROVIDER; typedef void OSSL_LIB_CTX; static const long PROV_R_BAD_DECRYPT = 0; +static const long PROV_R_XTS_DUPLICATED_KEYS = 0; static const long PROV_R_WRONG_FINAL_BLOCK_LENGTH = 0; OSSL_PROVIDER *(*OSSL_PROVIDER_load)(OSSL_LIB_CTX *, const char *) = NULL; int (*OSSL_PROVIDER_unload)(OSSL_PROVIDER *) = NULL; |