conditionally bind AES_wrap/unwrap for 0.9.8e support

1 files changed, 24 insertions, 4 deletions

diff --git a/cryptography/hazmat/bindings/openssl/aes.py b/cryptography/hazmat/bindings/openssl/aes.py
index 6cbcd577..95ed5271 100644
--- a/cryptography/hazmat/bindings/openssl/aes.py
+++ b/cryptography/hazmat/bindings/openssl/aes.py
@@ -16,6 +16,8 @@ INCLUDES = """
 """
 
 TYPES = """
+static const int Cryptography_HAS_AES_WRAP;
+
 struct aes_key_st {
     ...;
 };
@@ -25,16 +27,34 @@ typedef struct aes_key_st AES_KEY;
 FUNCTIONS = """
 int AES_set_encrypt_key(const unsigned char *, const int, AES_KEY *);
 int AES_set_decrypt_key(const unsigned char *, const int, AES_KEY *);
+"""
+
+MACROS = """
+/* these can be moved back to FUNCTIONS once we drop support for 0.9.8h.
+   This should be when we drop RHEL/CentOS 5, which is on 0.9.8e. */
 int AES_wrap_key(AES_KEY *, const unsigned char *, unsigned char *,
                  const unsigned char *, unsigned int);
 int AES_unwrap_key(AES_KEY *, const unsigned char *, unsigned char *,
                    const unsigned char *, unsigned int);
 """
 
-MACROS = """
-"""
-
 CUSTOMIZATIONS = """
+// OpenSSL 0.9.8h+
+#if OPENSSL_VERSION_NUMBER >= 0x0090808fL
+static const long Cryptography_HAS_AES_WRAP = 1;
+#else
+static const long Cryptography_HAS_AES_WRAP = 0;
+int (*AES_wrap_key)(AES_KEY *, const unsigned char *, unsigned char *,
+                    const unsigned char *, unsigned int) = NULL;
+int (*AES_unwrap_key)(AES_KEY *, const unsigned char *, unsigned char *,
+                      const unsigned char *, unsigned int) = NULL;
+#endif
+
 """
 
-CONDITIONAL_NAMES = {}
+CONDITIONAL_NAMES = {
+    "Cryptography_HAS_AES_WRAP": [
+        "AES_wrap_key",
+        "AES_unwrap_key",
+    ],
+}