Skip to content

Commit

Permalink
check if the ciphers are supported by m2crypto before using them
Browse files Browse the repository at this point in the history
  • Loading branch information
Ivan Nikolchev committed Jun 7, 2020
1 parent 1bb89a9 commit 5984f53
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 1 deletion.
4 changes: 4 additions & 0 deletions .travis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ addons:
apt_packages:
# needed for M2Crypto
- swig
- libssl-dev
# needed for GMPY
- libgmp-dev
before_cache:
Expand Down Expand Up @@ -46,6 +47,8 @@ jobs:
env: TACKPY=true
- python: 3.4
env: TACKPY=true
- python: 2.6
env: M2CRYPTO_OLD=true
- python: 2.7
env: M2CRYPTO=true
- python: 3.5
Expand Down Expand Up @@ -135,6 +138,7 @@ install:
- if [[ -e build-requirements-${TRAVIS_PYTHON_VERSION}.txt ]]; then travis_retry pip install -r build-requirements-${TRAVIS_PYTHON_VERSION}.txt; else travis_retry pip install -r build-requirements.txt; fi
- if [[ $TACKPY == 'true' ]]; then travis_retry pip install tackpy; fi
- if [[ $M2CRYPTO == 'true' ]]; then travis_retry pip install --pre m2crypto; fi
- if [[ $M2CRYPTO_OLD == 'true' ]]; then travis_retry pip install --global-option=build_ext --global-option="-I/usr/include/x86_64-linux-gnu" m2crypto==0.23.0; fi
- if [[ $PYCRYPTO == 'true' ]]; then travis_retry pip install pycrypto; fi
- if [[ $PYCRYPTODOME == 'true' ]]; then travis_retry pip install pycryptodome; fi
- if [[ $GMPY == 'true' ]]; then travis_retry pip install gmpy; fi
Expand Down
9 changes: 9 additions & 0 deletions tlslite/utils/cryptomath.py
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,13 @@
# **************************************************************************

# Try to load M2Crypto/OpenSSL
# pylint: disable=invalid-name
try:
from M2Crypto import m2
m2cryptoLoaded = True
M2CRYPTO_AES_CTR = False
if hasattr(m2, 'aes_192_ctr'):
M2CRYPTO_AES_CTR = True

try:
with open('/proc/sys/crypto/fips_enabled', 'r') as fipsFile:
Expand All @@ -39,8 +43,13 @@
# looks like we're running in container, likely not FIPS mode
m2cryptoLoaded = True

# If AES-CBC is not available, don't use m2crypto
if not hasattr(m2, 'aes_192_cbc'):
m2cryptoLoaded = False

except ImportError:
m2cryptoLoaded = False
# pylint: enable=invalid-name

#Try to load GMPY
try:
Expand Down
10 changes: 9 additions & 1 deletion tlslite/utils/openssl_aes.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,24 @@

from .cryptomath import *
from .aes import *
from .python_aes import Python_AES_CTR

if m2cryptoLoaded:

def new(key, mode, IV):
# IV argument name is a part of the interface
# pylint: disable=invalid-name
"""
Try using AES CTR from m2crpyto,
if it is not available fall back to the
python implementation.
"""
if mode == 2:
return OpenSSL_AES(key, mode, IV)
elif mode == 6:
return OpenSSL_CTR(key, mode, IV)
if M2CRYPTO_AES_CTR:
return OpenSSL_CTR(key, mode, IV)
return Python_AES_CTR(key, mode, IV)
else:
raise NotImplementedError()

Expand Down

0 comments on commit 5984f53

Please sign in to comment.