aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Kehrer <paul.l.kehrer@gmail.com>2014-03-07 08:45:42 -0400
committerPaul Kehrer <paul.l.kehrer@gmail.com>2014-03-07 08:53:48 -0400
commit1fbdf809f9b510225852a64ac29d9df4e6417527 (patch)
tree76942f779aa89c5e2838a103aacaedb9f4f8b686
parent1e8aa9b09351bf0fb47bed24defc4d9f37560e31 (diff)
downloadcryptography-1fbdf809f9b510225852a64ac29d9df4e6417527.tar.gz
cryptography-1fbdf809f9b510225852a64ac29d9df4e6417527.tar.bz2
cryptography-1fbdf809f9b510225852a64ac29d9df4e6417527.zip
ridiculous workaround time
Diffstat
-rw-r--r--cryptography/hazmat/backends/openssl/backend.py9
1 files changed, 9 insertions, 0 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index f05ee3d6..755e476b 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -438,6 +438,15 @@ class _CipherContext(object):
self._ctx = ctx
def update(self, data):
+ # OpenSSL 0.9.8e has an assertion in its EVP code that causes it
+ # to SIGABRT if you call update with an empty byte string. This can be
+ # removed when we drop support for 0.9.8e (CentOS/RHEL 5). This branch
+ # should be taken only when length is zero and mode is not GCM because
+ # AES GCM can return improper tag values if you don't call update
+ # with empty plaintext when authenticating AAD for ...reasons.
+ if not len(data) and not isinstance(self._mode, GCM):
+ return b""
+
buf = self._backend._ffi.new("unsigned char[]",
len(data) + self._block_size - 1)
outlen = self._backend._ffi.new("int *")
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-14 04:19:35 +0000