Skip to content
Open
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions wolfProvider/python-cryptography/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Removes the openssl hardloads in favor of libwolfprov in python cryptography version 38.0.4
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py
index 2b4c574b4..a089a4221 100644
--- a/src/cryptography/hazmat/bindings/openssl/binding.py
+++ b/src/cryptography/hazmat/bindings/openssl/binding.py
@@ -170,18 +170,36 @@ class Binding:
# are ugly legacy, but we aren't going to get rid of them
# any time soon.
if cls.lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER:
- cls._legacy_provider = cls.lib.OSSL_PROVIDER_load(
- cls.ffi.NULL, b"legacy"
- )
- _openssl_assert(
- cls.lib, cls._legacy_provider != cls.ffi.NULL
- )
- cls._default_provider = cls.lib.OSSL_PROVIDER_load(
- cls.ffi.NULL, b"default"
- )
- _openssl_assert(
- cls.lib, cls._default_provider != cls.ffi.NULL
- )
+ # Check if wolfProvider is configured via OPENSSL_CONF
+ import os
+ openssl_conf = os.environ.get('OPENSSL_CONF', '')
+ if openssl_conf and 'wolfProvider' in openssl_conf:
+ # Load wolfProvider instead of default providers
+ cls._legacy_provider = cls.lib.OSSL_PROVIDER_load(
+ cls.ffi.NULL, b"libwolfprov"
+ )
+ _openssl_assert(
+ cls.lib, cls._legacy_provider != cls.ffi.NULL
+ )
+ cls._default_provider = cls.lib.OSSL_PROVIDER_load(
+ cls.ffi.NULL, b"libwolfprov"
+ )
+ _openssl_assert(
+ cls.lib, cls._default_provider != cls.ffi.NULL
+ )
+ else:
+ cls._legacy_provider = cls.lib.OSSL_PROVIDER_load(
Comment thread
JeremiahM37 marked this conversation as resolved.
Outdated
+ cls.ffi.NULL, b"legacy"
+ )
+ _openssl_assert(
+ cls.lib, cls._legacy_provider != cls.ffi.NULL
+ )
+ cls._default_provider = cls.lib.OSSL_PROVIDER_load(
+ cls.ffi.NULL, b"default"
+ )
+ _openssl_assert(
+ cls.lib, cls._default_provider != cls.ffi.NULL
+ )

@classmethod
def init_static_locks(cls):
diff --git a/tests/hazmat/backends/test_openssl_memleak.py b/tests/hazmat/backends/test_openssl_memleak.py
index 2605566bd..406a4d2e0 100644
--- a/tests/hazmat/backends/test_openssl_memleak.py
+++ b/tests/hazmat/backends/test_openssl_memleak.py
@@ -97,8 +97,10 @@ def main(argv):
gc.collect()

if lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER:
- lib.OSSL_PROVIDER_unload(backend._binding._legacy_provider)
- lib.OSSL_PROVIDER_unload(backend._binding._default_provider)
+ if backend._binding._legacy_provider is not None:
+ lib.OSSL_PROVIDER_unload(backend._binding._legacy_provider)
+ if backend._binding._default_provider is not None:
+ lib.OSSL_PROVIDER_unload(backend._binding._default_provider)

if lib.Cryptography_HAS_OPENSSL_CLEANUP:
lib.OPENSSL_cleanup()