diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-07-11 02:13:40 +0000 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2016-07-10 22:13:40 -0400 |
| commit | dbb64bd2a4a63f6071b1ac982b96d5d07bbd8a63 (patch) | |
| tree | cc638f87687dd5afcd3ab2fe20721be2ef3ededc /src | |
| parent | 2120a8e090ff8974d727f76aae5f2f9eac56656c (diff) | |
| download | cryptography-dbb64bd2a4a63f6071b1ac982b96d5d07bbd8a63.tar.gz cryptography-dbb64bd2a4a63f6071b1ac982b96d5d07bbd8a63.tar.bz2 cryptography-dbb64bd2a4a63f6071b1ac982b96d5d07bbd8a63.zip | |
disable blowfish in commoncrypto backend for key lengths under 64-bit (#3040)
This is due to a bug in CommonCrypto present in 10.11.x. Filed as
radar://26636600
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/backends/commoncrypto/backend.py | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/cryptography/hazmat/backends/commoncrypto/backend.py b/src/cryptography/hazmat/backends/commoncrypto/backend.py index 315d67d8..1205b6a6 100644 --- a/src/cryptography/hazmat/backends/commoncrypto/backend.py +++ b/src/cryptography/hazmat/backends/commoncrypto/backend.py @@ -104,7 +104,12 @@ class Backend(object): return _HMACContext(self, key, algorithm) def cipher_supported(self, cipher, mode): - return (type(cipher), type(mode)) in self._cipher_registry + # In OS X 10.11.2-5 (as of this writing) CommonCrypto has a bug with + # Blowfish key lengths less than 64-bit. Filed as radar://26636600 + if isinstance(cipher, Blowfish) and len(cipher.key) < 8: + return False + else: + return (type(cipher), type(mode)) in self._cipher_registry def create_symmetric_encryption_ctx(self, cipher, mode): if isinstance(mode, GCM): |