diff options
| -rw-r--r-- | src/_cffi_src/openssl/cryptography.py | 11 | ||||
| -rw-r--r-- | tests/wycheproof/test_rsa.py | 12 |
2 files changed, 16 insertions, 7 deletions
diff --git a/src/_cffi_src/openssl/cryptography.py b/src/_cffi_src/openssl/cryptography.py index e16fc57d..23ce87cf 100644 --- a/src/_cffi_src/openssl/cryptography.py +++ b/src/_cffi_src/openssl/cryptography.py @@ -33,8 +33,15 @@ INCLUDES = """ #include <Winsock2.h> #endif +#if CRYPTOGRAPHY_IS_LIBRESSL #define CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER \ - (CRYPTOGRAPHY_IS_LIBRESSL && LIBRESSL_VERSION_NUMBER >= 0x2070000fL) + (LIBRESSL_VERSION_NUMBER >= 0x2070000f) +#define CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER \ + (LIBRESSL_VERSION_NUMBER >= 0x2080000f) +#else +#define CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER (0) +#define CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER (0) +#endif #define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER \ (OPENSSL_VERSION_NUMBER >= 0x10002000 && !CRYPTOGRAPHY_IS_LIBRESSL) @@ -67,6 +74,8 @@ static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_102; static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111; static const int CRYPTOGRAPHY_IS_LIBRESSL; + +static const int CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER; """ FUNCTIONS = """ diff --git a/tests/wycheproof/test_rsa.py b/tests/wycheproof/test_rsa.py index 3d35f42d..112805b4 100644 --- a/tests/wycheproof/test_rsa.py +++ b/tests/wycheproof/test_rsa.py @@ -29,8 +29,10 @@ def should_verify(backend, wycheproof): if wycheproof.acceptable: if ( - backend._lib.CRYPTOGRAPHY_OPENSSL_110_OR_GREATER and - wycheproof.has_flag("MissingNull") + ( + backend._lib.CRYPTOGRAPHY_OPENSSL_110_OR_GREATER or + backend._lib.CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER + ) and wycheproof.has_flag("MissingNull") ): return False return True @@ -41,10 +43,8 @@ def should_verify(backend, wycheproof): @pytest.mark.requires_backend_interface(interface=RSABackend) @pytest.mark.supported( only_if=lambda backend: ( - # TODO: this also skips on LibreSSL, which is ok for now, since these - # don't pass on Libre, but we'll need to fix this when LibreSSL 2.8 is - # released. - not backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 + not backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 or + backend._lib.CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER ), skip_message=( "Many of these tests fail on OpenSSL < 1.0.2 and since upstream isn't" |