-
Notifications
You must be signed in to change notification settings - Fork 49
Expand file tree
/
Copy pathpython-cryptography-38.0.4-wolfprov.patch
More file actions
71 lines (67 loc) · 3.44 KB
/
Copy pathpython-cryptography-38.0.4-wolfprov.patch
File metadata and controls
71 lines (67 loc) · 3.44 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py
index 2b4c574b4..a089a4221 100644
--- a/src/cryptography/hazmat/bindings/openssl/binding.py
+++ b/src/cryptography/hazmat/bindings/openssl/binding.py
@@ -170,18 +170,36 @@ class Binding:
# are ugly legacy, but we aren't going to get rid of them
# any time soon.
if cls.lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER:
- cls._legacy_provider = cls.lib.OSSL_PROVIDER_load(
- cls.ffi.NULL, b"legacy"
- )
- _openssl_assert(
- cls.lib, cls._legacy_provider != cls.ffi.NULL
- )
- cls._default_provider = cls.lib.OSSL_PROVIDER_load(
- cls.ffi.NULL, b"default"
- )
- _openssl_assert(
- cls.lib, cls._default_provider != cls.ffi.NULL
- )
+ # Check if wolfProvider is configured via OPENSSL_CONF
+ import os
+ openssl_conf = os.environ.get('OPENSSL_CONF', '')
+ if openssl_conf and 'wolfProvider' in openssl_conf:
+ # Load wolfProvider instead of default providers
+ cls._legacy_provider = cls.lib.OSSL_PROVIDER_load(
+ cls.ffi.NULL, b"libwolfprov"
+ )
+ _openssl_assert(
+ cls.lib, cls._legacy_provider != cls.ffi.NULL
+ )
+ cls._default_provider = cls.lib.OSSL_PROVIDER_load(
+ cls.ffi.NULL, b"libwolfprov"
+ )
+ _openssl_assert(
+ cls.lib, cls._default_provider != cls.ffi.NULL
+ )
+ else:
+ cls._legacy_provider = cls.lib.OSSL_PROVIDER_load(
+ cls.ffi.NULL, b"legacy"
+ )
+ _openssl_assert(
+ cls.lib, cls._legacy_provider != cls.ffi.NULL
+ )
+ cls._default_provider = cls.lib.OSSL_PROVIDER_load(
+ cls.ffi.NULL, b"default"
+ )
+ _openssl_assert(
+ cls.lib, cls._default_provider != cls.ffi.NULL
+ )
@classmethod
def init_static_locks(cls):
diff --git a/tests/hazmat/backends/test_openssl_memleak.py b/tests/hazmat/backends/test_openssl_memleak.py
index 2605566bd..406a4d2e0 100644
--- a/tests/hazmat/backends/test_openssl_memleak.py
+++ b/tests/hazmat/backends/test_openssl_memleak.py
@@ -97,8 +97,10 @@ def main(argv):
gc.collect()
if lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER:
- lib.OSSL_PROVIDER_unload(backend._binding._legacy_provider)
- lib.OSSL_PROVIDER_unload(backend._binding._default_provider)
+ if backend._binding._legacy_provider is not None:
+ lib.OSSL_PROVIDER_unload(backend._binding._legacy_provider)
+ if backend._binding._default_provider is not None:
+ lib.OSSL_PROVIDER_unload(backend._binding._default_provider)
if lib.Cryptography_HAS_OPENSSL_CLEANUP:
lib.OPENSSL_cleanup()