diff options
| author | Casey Deccio <casey@deccio.net> | 2020-11-20 17:27:25 -0700 |
|---|---|---|
| committer | Matěj Cepl <mcepl@cepl.eu> | 2020-11-21 10:27:35 +0100 |
| commit | e64968e41383436c4be809b3c8706270734ca9d8 (patch) | |
| tree | 1c065fc5dead11d7e9124a8db38d24f4bf1d6462 | |
| parent | a215adf5dc696c9e8fba6753e210648958d1b401 (diff) | |
| download | m2crypto-e64968e41383436c4be809b3c8706270734ca9d8.tar.gz | |
Only use DigestSign() and DigestUpdate() with OpenSSL >= 1.1.1
| -rw-r--r-- | M2Crypto/EVP.py | 10 | ||||
| -rw-r--r-- | M2Crypto/X509.py | 3 | ||||
| -rw-r--r-- | SWIG/_evp.i | 4 | ||||
| -rw-r--r-- | tests/test_evp.py | 2 |
4 files changed, 18 insertions, 1 deletions
diff --git a/M2Crypto/EVP.py b/M2Crypto/EVP.py index 7b1efc6..c48b670 100644 --- a/M2Crypto/EVP.py +++ b/M2Crypto/EVP.py @@ -298,6 +298,11 @@ class PKey(object): :return: The signature. """ + + if m2.OPENSSL_VERSION_NUMBER < 0x10101000: + raise NotImplemented('This method requires OpenSSL version ' + + '1.1.1 or greater.') + return m2.digest_sign(self.ctx, data) def digest_verify_init(self): @@ -341,6 +346,11 @@ class PKey(object): :return: Result of verification: 1 for success, 0 for failure, -1 on other error. """ + + if m2.OPENSSL_VERSION_NUMBER < 0x10101000: + raise NotImplemented('This method requires OpenSSL version ' + + '1.1.1 or greater.') + return m2.digest_verify(self.ctx, sign, data) def assign_rsa(self, rsa, capture=1): diff --git a/M2Crypto/X509.py b/M2Crypto/X509.py index 20beb4a..3b62dda 100644 --- a/M2Crypto/X509.py +++ b/M2Crypto/X509.py @@ -29,7 +29,8 @@ verify_ignore_critical = m2.VERIFY_IGNORE_CRITICAL verify_inhibit_any = m2.VERIFY_INHIBIT_ANY verify_inhibit_map = m2.VERIFY_INHIBIT_MAP verify_no_alt_chains = m2.VERIFY_NO_ALT_CHAINS -verify_no_check_time = m2.VERIFY_NO_CHECK_TIME +if hasattr(m2, "VERIFY_NO_CHECK_TIME"): + verify_no_check_time = m2.VERIFY_NO_CHECK_TIME verify_notify_policy = m2.VERIFY_NOTIFY_POLICY verify_partial_chain = m2.VERIFY_PARTIAL_CHAIN verify_policy_check = m2.VERIFY_POLICY_CHECK diff --git a/SWIG/_evp.i b/SWIG/_evp.i index 61f0f23..c4a0d8a 100644 --- a/SWIG/_evp.i +++ b/SWIG/_evp.i @@ -608,6 +608,7 @@ PyObject *digest_sign_final(EVP_MD_CTX *ctx) { return ret; } +#if OPENSSL_VERSION_NUMBER >= 0x10101000L PyObject *digest_sign(EVP_MD_CTX *ctx, PyObject *msg) { PyObject *ret; const void *msgbuf; @@ -643,6 +644,7 @@ PyObject *digest_sign(EVP_MD_CTX *ctx, PyObject *msg) { return ret; } +#endif int digest_verify_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey) { return EVP_DigestVerifyInit(ctx, NULL, NULL, NULL, pkey); @@ -668,6 +670,7 @@ int digest_verify_final(EVP_MD_CTX *ctx, PyObject *blob) { return EVP_DigestVerifyFinal(ctx, sigbuf, len); } +#if OPENSSL_VERSION_NUMBER >= 0x10101000L int digest_verify(EVP_MD_CTX *ctx, PyObject *sig, PyObject *msg) { unsigned char *sigbuf; unsigned char *msgbuf; @@ -682,6 +685,7 @@ int digest_verify(EVP_MD_CTX *ctx, PyObject *sig, PyObject *msg) { return EVP_DigestVerify(ctx, sigbuf, siglen, msgbuf, msglen); } +#endif %} %typemap(out) EVP_MD * { diff --git a/tests/test_evp.py b/tests/test_evp.py index c98b50c..7ef889e 100644 --- a/tests/test_evp.py +++ b/tests/test_evp.py @@ -274,6 +274,8 @@ class EVPTestCase(unittest.TestCase): pkey.digest_verify_init() self.assertEqual(pkey.digest_verify(sig, b'test message not'), 0) + @unittest.skipIf(m2.OPENSSL_VERSION_NUMBER < 0x90800F or m2.OPENSSL_NO_EC != 0, + 'Relies on support for EC') def test_digest_verify_final(self): pkey = EVP.load_key('tests/ec.priv.pem') pkey.reset_context('sha256') |