New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
check if the ciphers are supported by m2crypto before using them #411
check if the ciphers are supported by m2crypto before using them #411
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 1 of 1 files at r1.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @inikolcev)
tlslite/utils/openssl_aes.py, line 12 at r1 (raw file):
if m2cryptoLoaded: def check_cipher_support(mode):
why here not in tlslite/utils/cipherfactory.py
?
this check is not free, couldn't we do it once?
3df9309
to
4d22cc9
Compare
This pull request fixes 1 alert when merging 4d22cc9 into 7c6fbf9 - view on LGTM.com fixed alerts:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 2 of 2 files at r2.
Reviewable status: all files reviewed, 2 unresolved discussions (waiting on @inikolcev)
tlslite/utils/cryptomath.py, line 34 at r2 (raw file):
m2cryptoLoaded = True m2cryptoAesCBC = False m2cryptoAesCTR = False
as pylint points out, the this is a constant, so it should use all-caps name
tlslite/utils/cryptomath.py, line 36 at r2 (raw file):
m2cryptoAesCTR = False if hasattr(m2, 'aes_192_cbc'): m2cryptoAesCBC = True
are there really versions of m2crypto that don't support cbc? why we're looking for aes_192 when no tls cipher uses aes_192?
Yep, will fix it.
I'm not sure actually if there are versions without cbc support, didn't see anything in the m2crypto changelog. We use it heavily so I figured it won't hurt to have a check for it too. Do you think it is not needed? I don't think it matters in which key size we are looking, if one is supported they all are. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We use it heavily so I figured it won't hurt to have a check for it too. Do you think it is not needed?
it's a fine cross-check, but if AES-CBC is not there, I think we can assume that it's not real m2crypto ans simply say that we didn't detect m2crypto, so the fallback to python implementation happens earlier
Reviewable status: all files reviewed, 2 unresolved discussions (waiting on @inikolcev)
4d22cc9
to
c47d290
Compare
This pull request fixes 1 alert when merging c47d290 into b60b6d1 - view on LGTM.com fixed alerts:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 3 of 3 files at r3.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @inikolcev)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: complete! all files reviewed, all discussions resolved
c47d290
to
5d498f7
Compare
This pull request fixes 1 alert when merging 5d498f7 into b60b6d1 - view on LGTM.com fixed alerts:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 1 of 1 files at r4.
Reviewable status: complete! all files reviewed, all discussions resolved
5d498f7
to
3ee3b48
Compare
This pull request fixes 1 alert when merging 3ee3b48 into b60b6d1 - view on LGTM.com fixed alerts:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 1 of 1 files at r5.
Reviewable status: complete! all files reviewed, all discussions resolved
3ee3b48
to
e7b276c
Compare
This pull request fixes 1 alert when merging e7b276c into 1bb89a9 - view on LGTM.com fixed alerts:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 1 of 1 files at r6.
Reviewable status: complete! all files reviewed, all discussions resolved
e7b276c
to
c86b766
Compare
This pull request fixes 1 alert when merging c86b766 into 1bb89a9 - view on LGTM.com fixed alerts:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 1 of 1 files at r7.
Reviewable status: complete! all files reviewed, all discussions resolved
c86b766
to
d56bae0
Compare
This pull request fixes 1 alert when merging d56bae0 into 1bb89a9 - view on LGTM.com fixed alerts:
|
d56bae0
to
94661a3
Compare
This pull request fixes 1 alert when merging 94661a3 into 1bb89a9 - view on LGTM.com fixed alerts:
|
94661a3
to
5984f53
Compare
This pull request fixes 1 alert when merging 5984f53 into 1bb89a9 - view on LGTM.com fixed alerts:
|
5984f53
to
a54e566
Compare
This pull request fixes 1 alert when merging a54e566 into 1bb89a9 - view on LGTM.com fixed alerts:
|
@tomato42 I fixed the openssl errors but there were still issues after that so I removed M2CRYPTO_OLD from travis for now. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shame, but so be it
Reviewed 1 of 1 files at r8.
Reviewable status: complete! all files reviewed, all discussions resolved
fixes #405
It looks like AES-CTR was introduced in m2crypto version 0.25.0
This adds a method to check if the ciphers are supported and if not, it falls back to the python implementation for that cipher.
This change is