Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 5864d84a74cd3a2f6052b6ce76b50de90ee0b3ae^! / .
commit5864d84a74cd3a2f6052b6ce76b50de90ee0b3ae[log] [tgz]
authorAlex Gaynor <alex.gaynor@gmail.com>Sat Jun 18 12:41:47 2016 -0400
committerPaul Kehrer <paul.l.kehrer@gmail.com>Sat Jun 18 11:41:47 2016 -0500
tree3043b488e9b0fb0b2f91fd2889fa365e334cca00
parent1252dec0c85cd3cb9ea70dcb0ac2a4afc976f2ce [diff]
Removed some code that existed for OpenSSL 0.9.8 (#2983)

Refs #2982
diff --git a/.travis/install.sh b/.travis/install.sh
index b05ff7b..cdfbace 100755
--- a/.travis/install.sh
+++ b/.travis/install.sh

@@ -57,14 +57,8 @@
         pyenv install "pypy-$PYPY_VERSION"
         pyenv global "pypy-$PYPY_VERSION"
     fi
-    if [[ "${OPENSSL}" == "0.9.8" ]]; then
-        # We use 0.9.8l rather than zh because we have some branches for
-        # handling < 0.9.8m that won't be exercised with a newer OpenSSL.
-        # (RHEL5 is 0.9.8e with patches, but while that's in jenkins we don't
-        # get coverage data from it).
-        OPENSSL_VERSION_NUMBER="0.9.8l"
-        OPENSSL_DIR="ossl-098l"
-    elif [[ "${OPENSSL}" == "1.0.0" ]]; then
+
+    if [[ "${OPENSSL}" == "1.0.0" ]]; then
         OPENSSL_VERSION_NUMBER="1.0.0t"
         OPENSSL_DIR="ossl-100t"
     fi

diff --git a/.travis/run.sh b/.travis/run.sh
index 9619c24..5c8b53f 100755
--- a/.travis/run.sh
+++ b/.travis/run.sh

@@ -26,9 +26,7 @@
         PATH="$PYENV_ROOT/bin:$PATH"
         eval "$(pyenv init -)"
     fi
-    if [[ "${OPENSSL}" == "0.9.8" ]]; then
-        OPENSSL_DIR="ossl-098l"
-    elif [[ "${OPENSSL}" == "1.0.0" ]]; then
+    if [[ "${OPENSSL}" == "1.0.0" ]]; then
         OPENSSL_DIR="ossl-100t"
     fi
 

diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py
index a80708a..9e074db 100644
--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py

@@ -101,15 +101,6 @@
         self._ctx = ctx
 
     def update(self, data):
-        # OpenSSL 0.9.8e has an assertion in its EVP code that causes it
-        # to SIGABRT if you call update with an empty byte string. This can be
-        # removed when we drop support for 0.9.8e (CentOS/RHEL 5). This branch
-        # should be taken only when length is zero and mode is not GCM because
-        # AES GCM can return improper tag values if you don't call update
-        # with empty plaintext when authenticating AAD for ...reasons.
-        if len(data) == 0 and not isinstance(self._mode, modes.GCM):
-            return b""
-
         buf = self._backend._ffi.new("unsigned char[]",
                                      len(data) + self._block_size - 1)
         outlen = self._backend._ffi.new("int *")
@@ -182,8 +173,9 @@
 @utils.register_interface(ciphers.CipherContext)
 class _AESCTRCipherContext(object):
     """
-    This is needed to provide support for AES CTR mode in OpenSSL 0.9.8. It can
-    be removed when we drop 0.9.8 support (RHEL5 extended life ends 2020).
+    This is needed to provide support for AES CTR mode in OpenSSL 1.0.0. It can
+    be removed when we drop 1.0.0 support (RHEL 6.4 is the only thing that
+    ships it).
     """
     def __init__(self, backend, cipher, mode):
         self._backend = backend