rpms/python-cryptography
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Add backports of OpenSSL 3.0.0 fixes (upstream PR #6000)

Browse Source 
Resolves: rhbz#1953446
This commit is contained in:
Christian Heimes 2021-04-26 08:46:38 +02:00
parent 41b3a83259
commit 66d31f4f5f
4 changed files with 706 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
0001-fix-pkcs12-parse-ordering.-fixes-5872-5879.patch Normal file
View File

@ -0,0 +1,130 @@
From cb1908043d5daa7c5c38945c048c4a2477a46221 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sun, 28 Feb 2021 16:06:11 -0600
Subject: [PATCH 1/3] fix pkcs12 parse ordering. fixes #5872 (#5879)
* fix pkcs12 parse ordering. fixes #5872
* remove an unneeded print
* simplify the test a bit more
* index
* black
* Update tests/hazmat/primitives/test_pkcs12.py
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
---
.../hazmat/backends/openssl/backend.py | 5 +-
tests/hazmat/primitives/test_pkcs12.py | 58 ++++++++++++++++++-
2 files changed, 59 insertions(+), 4 deletions(-)
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 271873d9..a96d08d8 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -6,6 +6,7 @@
import collections
import contextlib
import itertools
+import typing
import warnings
from contextlib import contextmanager
@@ -2562,9 +2563,7 @@ class Backend(object):
sk_x509 = self._lib.sk_X509_new_null()
sk_x509 = self._ffi.gc(sk_x509, self._lib.sk_X509_free)
- # reverse the list when building the stack so that they're encoded
- # in the order they were originally provided. it is a mystery
- for ca in reversed(cas):
+ for ca in cas:
res = self._lib.sk_X509_push(sk_x509, ca._x509)
backend.openssl_assert(res >= 1)
diff --git a/tests/hazmat/primitives/test_pkcs12.py b/tests/hazmat/primitives/test_pkcs12.py
index b5de09f9..b1759a1b 100644
--- a/tests/hazmat/primitives/test_pkcs12.py
+++ b/tests/hazmat/primitives/test_pkcs12.py
@@ -4,13 +4,15 @@
import os
+from datetime import datetime
import pytest
from cryptography import x509
from cryptography.hazmat.backends.interfaces import DERSerializationBackend
from cryptography.hazmat.backends.openssl.backend import _RC2
-from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.serialization import load_pem_private_key
from cryptography.hazmat.primitives.serialization.pkcs12 import (
load_key_and_certificates,
@@ -273,3 +275,57 @@ class TestPKCS12Creation(object):
DummyKeySerializationEncryption(),
)
assert str(exc.value) == "Unsupported key encryption type"
+
+
+def test_pkcs12_ordering():
+ """
+ In OpenSSL < 3.0.0 PKCS12 parsing reverses the order. However, we
+ accidentally thought it was **encoding** that did it, leading to bug
+ https://github.com/pyca/cryptography/issues/5872
+ This test ensures our ordering is correct going forward.
+ """
+
+ def make_cert(name):
+ key = ec.generate_private_key(ec.SECP256R1())
+ subject = x509.Name(
+ [
+ x509.NameAttribute(x509.NameOID.COMMON_NAME, name),
+ ]
+ )
+ now = datetime.utcnow()
+ cert = (
+ x509.CertificateBuilder()
+ .subject_name(subject)
+ .issuer_name(subject)
+ .public_key(key.public_key())
+ .serial_number(x509.random_serial_number())
+ .not_valid_before(now)
+ .not_valid_after(now)
+ .sign(key, hashes.SHA256())
+ )
+ return (key, cert)
+
+ # Make some certificates with distinct names.
+ a_name = "A" * 20
+ b_name = "B" * 20
+ c_name = "C" * 20
+ a_key, a_cert = make_cert(a_name)
+ _, b_cert = make_cert(b_name)
+ _, c_cert = make_cert(c_name)
+
+ # Bundle them in a PKCS#12 file in order A, B, C.
+ p12 = serialize_key_and_certificates(
+ b"p12", a_key, a_cert, [b_cert, c_cert], serialization.NoEncryption()
+ )
+
+ # Parse them out. The API should report them in the same order.
+ (key, cert, certs) = load_key_and_certificates(p12, None)
+ assert cert == a_cert
+ assert certs == [b_cert, c_cert]
+
+ # The ordering in the PKCS#12 file itself should also match.
+ a_idx = p12.index(a_name.encode("utf-8"))
+ b_idx = p12.index(b_name.encode("utf-8"))
+ c_idx = p12.index(c_name.encode("utf-8"))
+
+ assert a_idx < b_idx < c_idx
--
2.30.2

415
0002-WIP-3.0.0-support-5250.patch Normal file
View File

@ -0,0 +1,415 @@
From a0bece343e38d73d038d4f3a62c2a9638608ac9c Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Thu, 22 Apr 2021 19:16:38 -0500
Subject: [PATCH 2/3] [WIP] 3.0.0 support (#5250)
* 3.0.0 support
* almost...there...
* make mypy happy
---
.github/workflows/ci.yml | 7 ++--
src/_cffi_src/build_openssl.py | 1 +
src/_cffi_src/openssl/cryptography.py | 3 ++
src/_cffi_src/openssl/err.py | 6 +++
src/_cffi_src/openssl/fips.py | 2 +-
src/_cffi_src/openssl/provider.py | 40 ++++++++++++++++++
.../hazmat/backends/openssl/backend.py | 42 ++++++++++++++++---
.../hazmat/backends/openssl/ciphers.py | 15 ++++++-
.../hazmat/bindings/openssl/_conditional.py | 11 +++++
.../hazmat/bindings/openssl/binding.py | 20 +++++++++
tests/hazmat/backends/test_openssl_memleak.py | 6 ++-
tests/hazmat/bindings/test_openssl.py | 4 +-
tests/hazmat/primitives/test_dh.py | 24 ++++++++++-
13 files changed, 167 insertions(+), 14 deletions(-)
create mode 100644 src/_cffi_src/openssl/provider.py
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index cd967a3a..747f84c1 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -18,9 +18,10 @@ jobs:
- {VERSION: "3.9", TOXENV: "flake,rust,docs", COVERAGE: "false"}
- {VERSION: "pypy3", TOXENV: "pypy3"}
- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "openssl", VERSION: "1.1.0l"}}
- - {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "openssl", VERSION: "1.1.1i"}}
- - {VERSION: "3.9", TOXENV: "py39-ssh", OPENSSL: {TYPE: "openssl", VERSION: "1.1.1i"}}
- - {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "openssl", VERSION: "1.1.1i", CONFIG_FLAGS: "no-engine no-rc2 no-srtp no-ct"}}
+ - {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "openssl", VERSION: "1.1.1j"}}
+ - {VERSION: "3.9", TOXENV: "py39-ssh", OPENSSL: {TYPE: "openssl", VERSION: "1.1.1j"}}
+ - {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "openssl", VERSION: "1.1.1j", CONFIG_FLAGS: "no-engine no-rc2 no-srtp no-ct"}}
+ - {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "openssl", VERSION: "3.0.0-alpha15"}}
- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "libressl", VERSION: "2.9.2"}}
- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "libressl", VERSION: "3.0.2"}}
- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "libressl", VERSION: "3.1.5"}}
diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py
index 08499d66..557296ed 100644
--- a/src/_cffi_src/build_openssl.py
+++ b/src/_cffi_src/build_openssl.py
@@ -104,6 +104,7 @@ ffi = build_ffi_for_binding(
"osrandom_engine",
"pem",
"pkcs12",
+ "provider",
"rand",
"rsa",
"ssl",
diff --git a/src/_cffi_src/openssl/cryptography.py b/src/_cffi_src/openssl/cryptography.py
index e2b5a132..06d1e778 100644
--- a/src/_cffi_src/openssl/cryptography.py
+++ b/src/_cffi_src/openssl/cryptography.py
@@ -34,6 +34,8 @@ INCLUDES = """
#define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \
(OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL)
+#define CRYPTOGRAPHY_OPENSSL_300_OR_GREATER \
+ (OPENSSL_VERSION_NUMBER >= 0x30000000 && !CRYPTOGRAPHY_IS_LIBRESSL)
#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \
(OPENSSL_VERSION_NUMBER < 0x101000af || CRYPTOGRAPHY_IS_LIBRESSL)
@@ -53,6 +55,7 @@ INCLUDES = """
TYPES = """
static const int CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER;
+static const int CRYPTOGRAPHY_OPENSSL_300_OR_GREATER;
static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111;
static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B;
diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py
index 0634b656..8cfeaf5b 100644
--- a/src/_cffi_src/openssl/err.py
+++ b/src/_cffi_src/openssl/err.py
@@ -18,6 +18,7 @@ static const int EVP_R_UNKNOWN_PBE_ALGORITHM;
static const int ERR_LIB_EVP;
static const int ERR_LIB_PEM;
+static const int ERR_LIB_PROV;
static const int ERR_LIB_ASN1;
static const int ERR_LIB_PKCS12;
@@ -45,4 +46,9 @@ int ERR_GET_REASON(unsigned long);
"""
CUSTOMIZATIONS = """
+/* This define is tied to provider support and is conditionally
+ removed if Cryptography_HAS_PROVIDERS is false */
+#ifndef ERR_LIB_PROV
+#define ERR_LIB_PROV 0
+#endif
"""
diff --git a/src/_cffi_src/openssl/fips.py b/src/_cffi_src/openssl/fips.py
index b9d0d64d..23c10af9 100644
--- a/src/_cffi_src/openssl/fips.py
+++ b/src/_cffi_src/openssl/fips.py
@@ -17,7 +17,7 @@ int FIPS_mode(void);
"""
CUSTOMIZATIONS = """
-#if CRYPTOGRAPHY_IS_LIBRESSL
+#if CRYPTOGRAPHY_IS_LIBRESSL || CRYPTOGRAPHY_OPENSSL_300_OR_GREATER
static const long Cryptography_HAS_FIPS = 0;
int (*FIPS_mode_set)(int) = NULL;
int (*FIPS_mode)(void) = NULL;
diff --git a/src/_cffi_src/openssl/provider.py b/src/_cffi_src/openssl/provider.py
new file mode 100644
index 00000000..d7d659ea
--- /dev/null
+++ b/src/_cffi_src/openssl/provider.py
@@ -0,0 +1,40 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+
+INCLUDES = """
+#if CRYPTOGRAPHY_OPENSSL_300_OR_GREATER
+#include <openssl/provider.h>
+#include <openssl/proverr.h>
+#endif
+"""
+
+TYPES = """
+static const long Cryptography_HAS_PROVIDERS;
+
+typedef ... OSSL_PROVIDER;
+typedef ... OSSL_LIB_CTX;
+
+static const long PROV_R_BAD_DECRYPT;
+static const long PROV_R_WRONG_FINAL_BLOCK_LENGTH;
+"""
+
+FUNCTIONS = """
+OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *);
+int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
+"""
+
+CUSTOMIZATIONS = """
+#if CRYPTOGRAPHY_OPENSSL_300_OR_GREATER
+static const long Cryptography_HAS_PROVIDERS = 1;
+#else
+static const long Cryptography_HAS_PROVIDERS = 0;
+typedef void OSSL_PROVIDER;
+typedef void OSSL_LIB_CTX;
+static const long PROV_R_BAD_DECRYPT = 0;
+static const long PROV_R_WRONG_FINAL_BLOCK_LENGTH = 0;
+OSSL_PROVIDER *(*OSSL_PROVIDER_load)(OSSL_LIB_CTX *, const char *) = NULL;
+int (*OSSL_PROVIDER_unload)(OSSL_PROVIDER *) = NULL;
+#endif
+"""
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index a96d08d8..86e8f0a8 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -1281,6 +1281,11 @@ class Backend(object):
def _evp_pkey_from_der_traditional_key(self, bio_data, password):
key = self._lib.d2i_PrivateKey_bio(bio_data.bio, self._ffi.NULL)
if key != self._ffi.NULL:
+ # In OpenSSL 3.0.0-alpha15 there exist scenarios where the key will
+ # successfully load but errors are still put on the stack. Tracked
+ # as https://github.com/openssl/openssl/issues/14996
+ self._consume_errors()
+
key = self._ffi.gc(key, self._lib.EVP_PKEY_free)
if password is not None:
raise TypeError(
@@ -1448,6 +1453,11 @@ class Backend(object):
else:
self._handle_key_loading_error()
+ # In OpenSSL 3.0.0-alpha15 there exist scenarios where the key will
+ # successfully load but errors are still put on the stack. Tracked
+ # as https://github.com/openssl/openssl/issues/14996
+ self._consume_errors()
+
evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
if password is not None and userdata.called == 0:
@@ -1470,11 +1480,22 @@ class Backend(object):
"incorrect format or it may be encrypted with an unsupported "
"algorithm."
)
- elif errors[0]._lib_reason_match(
- self._lib.ERR_LIB_EVP, self._lib.EVP_R_BAD_DECRYPT
- ) or errors[0]._lib_reason_match(
- self._lib.ERR_LIB_PKCS12,
- self._lib.PKCS12_R_PKCS12_CIPHERFINAL_ERROR,
+
+ elif (
+ errors[0]._lib_reason_match(
+ self._lib.ERR_LIB_EVP, self._lib.EVP_R_BAD_DECRYPT
+ )
+ or errors[0]._lib_reason_match(
+ self._lib.ERR_LIB_PKCS12,
+ self._lib.PKCS12_R_PKCS12_CIPHERFINAL_ERROR,
+ )
+ or (
+ self._lib.Cryptography_HAS_PROVIDERS
+ and errors[0]._lib_reason_match(
+ self._lib.ERR_LIB_PROV,
+ self._lib.PROV_R_BAD_DECRYPT,
+ )
+ )
):
raise ValueError("Bad decrypt. Incorrect password?")
@@ -2520,7 +2541,16 @@ class Backend(object):
if sk_x509_ptr[0] != self._ffi.NULL:
sk_x509 = self._ffi.gc(sk_x509_ptr[0], self._lib.sk_X509_free)
num = self._lib.sk_X509_num(sk_x509_ptr[0])
- for i in range(num):
+
+ # In OpenSSL < 3.0.0 PKCS12 parsing reverses the order of the
+ # certificates.
+ indices: typing.Iterable[int]
+ if self._lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER:
+ indices = range(num)
+ else:
+ indices = reversed(range(num))
+
+ for i in indices:
x509 = self._lib.sk_X509_value(sk_x509, i)
self.openssl_assert(x509 != self._ffi.NULL)
x509 = self._ffi.gc(x509, self._lib.X509_free)
diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py
index 0f96795f..a2dd6894 100644
--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
@@ -145,7 +145,13 @@ class _CipherContext(object):
res = self._backend._lib.EVP_CipherUpdate(
self._ctx, outbuf, outlen, inbuf, inlen
)
- self._backend.openssl_assert(res != 0)
+ if res == 0 and isinstance(self._mode, modes.XTS):
+ raise ValueError(
+ "In XTS mode you must supply at least a full block in the "
+ "first update call. For AES this is 16 bytes."
+ )
+ else:
+ self._backend.openssl_assert(res != 0)
data_processed += inlen
total_out += outlen[0]
@@ -174,6 +180,13 @@ class _CipherContext(object):
errors[0]._lib_reason_match(
self._backend._lib.ERR_LIB_EVP,
self._backend._lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH,
+ )
+ or (
+ self._backend._lib.Cryptography_HAS_PROVIDERS
+ and errors[0]._lib_reason_match(
+ self._backend._lib.ERR_LIB_PROV,
+ self._backend._lib.PROV_R_WRONG_FINAL_BLOCK_LENGTH,
+ )
),
errors=errors,
)
diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py
index 86548357..1f42c7be 100644
--- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
@@ -270,6 +270,16 @@ def cryptography_has_get_proto_version():
]
+def cryptography_has_providers():
+ return [
+ "OSSL_PROVIDER_load",
+ "OSSL_PROVIDER_unload",
+ "ERR_LIB_PROV",
+ "PROV_R_WRONG_FINAL_BLOCK_LENGTH",
+ "PROV_R_BAD_DECRYPT",
+ ]
+
+
# This is a mapping of
# {condition: function-returning-names-dependent-on-that-condition} so we can
# loop over them and delete unsupported names at runtime. It will be removed
@@ -318,4 +328,5 @@ CONDITIONAL_NAMES = {
"Cryptography_HAS_VERIFIED_CHAIN": cryptography_has_verified_chain,
"Cryptography_HAS_SRTP": cryptography_has_srtp,
"Cryptography_HAS_GET_PROTO_VERSION": cryptography_has_get_proto_version,
+ "Cryptography_HAS_PROVIDERS": cryptography_has_providers,
}
diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py
index a2bc36a8..6dcec26a 100644
--- a/src/cryptography/hazmat/bindings/openssl/binding.py
+++ b/src/cryptography/hazmat/bindings/openssl/binding.py
@@ -113,6 +113,8 @@ class Binding(object):
ffi = ffi
_lib_loaded = False
_init_lock = threading.Lock()
+ _legacy_provider: typing.Any = None
+ _default_provider: typing.Any = None
def __init__(self):
self._ensure_ffi_initialized()
@@ -140,6 +142,24 @@ class Binding(object):
# adds all ciphers/digests for EVP
cls.lib.OpenSSL_add_all_algorithms()
cls._register_osrandom_engine()
+ # As of OpenSSL 3.0.0 we must register a legacy cipher provider
+ # to get RC2 (needed for junk asymmetric private key
+ # serialization), RC4, Blowfish, IDEA, SEED, etc. These things
+ # are ugly legacy, but we aren't going to get rid of them
+ # any time soon.
+ if cls.lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER:
+ cls._legacy_provider = cls.lib.OSSL_PROVIDER_load(
+ cls.ffi.NULL, b"legacy"
+ )
+ _openssl_assert(
+ cls.lib, cls._legacy_provider != cls.ffi.NULL
+ )
+ cls._default_provider = cls.lib.OSSL_PROVIDER_load(
+ cls.ffi.NULL, b"default"
+ )
+ _openssl_assert(
+ cls.lib, cls._default_provider != cls.ffi.NULL
+ )
@classmethod
def init_static_locks(cls):
diff --git a/tests/hazmat/backends/test_openssl_memleak.py b/tests/hazmat/backends/test_openssl_memleak.py
index 0c96516f..0316b5d9 100644
--- a/tests/hazmat/backends/test_openssl_memleak.py
+++ b/tests/hazmat/backends/test_openssl_memleak.py
@@ -82,7 +82,7 @@ def main(argv):
assert result == 1
# Trigger a bunch of initialization stuff.
- import cryptography.hazmat.backends.openssl
+ from cryptography.hazmat.backends.openssl.backend import backend
start_heap = set(heap)
@@ -91,6 +91,10 @@ def main(argv):
gc.collect()
gc.collect()
+ if lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER:
+ lib.OSSL_PROVIDER_unload(backend._binding._legacy_provider)
+ lib.OSSL_PROVIDER_unload(backend._binding._default_provider)
+
if lib.Cryptography_HAS_OPENSSL_CLEANUP:
lib.OPENSSL_cleanup()
diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py
index fb9a1e36..4d1e3b55 100644
--- a/tests/hazmat/bindings/test_openssl.py
+++ b/tests/hazmat/bindings/test_openssl.py
@@ -91,7 +91,9 @@ class TestOpenSSL(object):
_openssl_assert(b.lib, False)
error = exc_info.value.err_code[0]
- assert error.code == 101183626
+ # As of 3.0.0 OpenSSL sets func codes to 0, so the combined
+ # code is a different value
+ assert error.code in (101183626, 50331786)
assert error.lib == b.lib.ERR_LIB_EVP
assert error.func == b.lib.EVP_F_EVP_ENCRYPTFINAL_EX
assert error.reason == b.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH
diff --git a/tests/hazmat/primitives/test_dh.py b/tests/hazmat/primitives/test_dh.py
index 131807fc..bb29919f 100644
--- a/tests/hazmat/primitives/test_dh.py
+++ b/tests/hazmat/primitives/test_dh.py
@@ -180,7 +180,23 @@ class TestDH(object):
params = dh.DHParameterNumbers(p, int(vector["g"]))
param = params.parameters(backend)
key = param.generate_private_key()
- assert key.private_numbers().public_numbers.parameter_numbers == params
+ # In OpenSSL 3.0.0 OpenSSL maps to known groups. This results in
+ # a scenario where loading a known group with p and g returns a
+ # re-serialized form that has q as well (the Sophie Germain prime of
+ # that group). This makes a naive comparison of the parameter numbers
+ # objects fail, so we have to be a bit smarter
+ serialized_params = (
+ key.private_numbers().public_numbers.parameter_numbers
+ )
+ if serialized_params.q is None:
+ # This is the path OpenSSL < 3.0 takes
+ assert serialized_params == params
+ else:
+ assert serialized_params.p == params.p
+ assert serialized_params.g == params.g
+ # p = 2q + 1 since it is a Sophie Germain prime, so we can compute
+ # what we expect OpenSSL to have done here.
+ assert serialized_params.q == (params.p - 1) // 2
@pytest.mark.skip_fips(reason="non-FIPS parameters")
@pytest.mark.parametrize(
@@ -382,6 +398,12 @@ class TestDH(object):
assert symkey1 != symkey2
@pytest.mark.skip_fips(reason="key_size too small for FIPS")
+ @pytest.mark.supported(
+ only_if=lambda backend: (
+ not backend._lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER
+ ),
+ skip_message="256-bit DH keys are not supported in OpenSSL 3.0.0+",
+ )
def test_load_256bit_key_from_pkcs8(self, backend):
data = load_vectors_from_file(
os.path.join("asymmetric", "DH", "dh_key_256.pem"),
--
2.30.2

151
0003-switch-to-using-EVP_PKEY_derive-instead-of-DH_comput.patch Normal file
View File

@ -0,0 +1,151 @@
From 29cf9b8d63ef3437ba11aa29502af8773faa17a7 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Wed, 14 Apr 2021 13:15:57 -0500
Subject: [PATCH 3/3] switch to using EVP_PKEY_derive instead of DH_compute_key
in DH (#5972)
* switch to using EVP_PKEY_derive instead of DH_compute_key in DH
Where checks are occurring is changing in OpenSSL 3.0 and this makes it
easier to be consistent (and is the API we should be using anyway). The
tests change because EVP_PKEY_derive now verifies that we have shared
parameters, which the test previously only verified by asserting that
the derived keys didn't match
* review feedback
* type ignores required for typeerror tests. some day i will remember this
---
src/_cffi_src/openssl/dh.py | 1 -
.../hazmat/backends/openssl/dh.py | 57 ++++++++++++-------
tests/hazmat/primitives/test_dh.py | 19 ++++---
3 files changed, 45 insertions(+), 32 deletions(-)
diff --git a/src/_cffi_src/openssl/dh.py b/src/_cffi_src/openssl/dh.py
index 979dafa9..50989e45 100644
--- a/src/_cffi_src/openssl/dh.py
+++ b/src/_cffi_src/openssl/dh.py
@@ -18,7 +18,6 @@ DH *DH_new(void);
void DH_free(DH *);
int DH_size(const DH *);
int DH_generate_key(DH *);
-int DH_compute_key(unsigned char *, const BIGNUM *, DH *);
DH *DHparams_dup(DH *);
/* added in 1.1.0 when the DH struct was opaqued */
diff --git a/src/cryptography/hazmat/backends/openssl/dh.py b/src/cryptography/hazmat/backends/openssl/dh.py
index 65ddaeec..b928f024 100644
--- a/src/cryptography/hazmat/backends/openssl/dh.py
+++ b/src/cryptography/hazmat/backends/openssl/dh.py
@@ -127,35 +127,48 @@ class _DHPrivateKey(dh.DHPrivateKey):
)
def exchange(self, peer_public_key: dh.DHPublicKey) -> bytes:
- buf = self._backend._ffi.new("unsigned char[]", self._key_size_bytes)
- pub_key = self._backend._ffi.new("BIGNUM **")
- self._backend._lib.DH_get0_key(
- peer_public_key._dh_cdata, # type: ignore[attr-defined]
- pub_key,
- self._backend._ffi.NULL,
+ if not isinstance(peer_public_key, _DHPublicKey):
+ raise TypeError("peer_public_key must be a DHPublicKey")
+
+ ctx = self._backend._lib.EVP_PKEY_CTX_new(
+ self._evp_pkey, self._backend._ffi.NULL
)
- self._backend.openssl_assert(pub_key[0] != self._backend._ffi.NULL)
- res = self._backend._lib.DH_compute_key(
- buf, pub_key[0], self._dh_cdata
+ self._backend.openssl_assert(ctx != self._backend._ffi.NULL)
+ ctx = self._backend._ffi.gc(ctx, self._backend._lib.EVP_PKEY_CTX_free)
+ res = self._backend._lib.EVP_PKEY_derive_init(ctx)
+ self._backend.openssl_assert(res == 1)
+ res = self._backend._lib.EVP_PKEY_derive_set_peer(
+ ctx, peer_public_key._evp_pkey
+ )
+ # Invalid kex errors here in OpenSSL 3.0 because checks were moved
+ # to EVP_PKEY_derive_set_peer
+ self._exchange_assert(res == 1)
+ keylen = self._backend._ffi.new("size_t *")
+ res = self._backend._lib.EVP_PKEY_derive(
+ ctx, self._backend._ffi.NULL, keylen
)
+ # Invalid kex errors here in OpenSSL < 3
+ self._exchange_assert(res == 1)
+ self._backend.openssl_assert(keylen[0] > 0)
+ buf = self._backend._ffi.new("unsigned char[]", keylen[0])
+ res = self._backend._lib.EVP_PKEY_derive(ctx, buf, keylen)
+ self._backend.openssl_assert(res == 1)
- if res == -1:
+ key = self._backend._ffi.buffer(buf, keylen[0])[:]
+ pad = self._key_size_bytes - len(key)
+
+ if pad > 0:
+ key = (b"\x00" * pad) + key
+
+ return key
+
+ def _exchange_assert(self, ok):
+ if not ok:
errors_with_text = self._backend._consume_errors_with_text()
raise ValueError(
- "Error computing shared key. Public key is likely invalid "
- "for this exchange.",
+ "Error computing shared key.",
errors_with_text,
)
- else:
- self._backend.openssl_assert(res >= 1)
-
- key = self._backend._ffi.buffer(buf)[:res]
- pad = self._key_size_bytes - len(key)
-
- if pad > 0:
- key = (b"\x00" * pad) + key
-
- return key
def public_key(self) -> dh.DHPublicKey:
dh_cdata = _dh_params_dup(self._dh_cdata, self._backend)
diff --git a/tests/hazmat/primitives/test_dh.py b/tests/hazmat/primitives/test_dh.py
index bb29919f..2914f7e7 100644
--- a/tests/hazmat/primitives/test_dh.py
+++ b/tests/hazmat/primitives/test_dh.py
@@ -296,6 +296,12 @@ class TestDH(object):
assert isinstance(key.private_numbers(), dh.DHPrivateNumbers)
assert isinstance(key.parameters(), dh.DHParameters)
+ def test_exchange_wrong_type(self, backend):
+ parameters = FFDH3072_P.parameters(backend)
+ key1 = parameters.generate_private_key()
+ with pytest.raises(TypeError):
+ key1.exchange(b"invalidtype") # type: ignore[arg-type]
+
def test_exchange(self, backend):
parameters = FFDH3072_P.parameters(backend)
assert isinstance(parameters, dh.DHParameters)
@@ -386,16 +392,11 @@ class TestDH(object):
key2 = private2.private_key(backend)
pub_key2 = key2.public_key()
- if pub_key2.public_numbers().y >= parameters1.p:
- with pytest.raises(ValueError):
- key1.exchange(pub_key2)
- else:
- symkey1 = key1.exchange(pub_key2)
- assert symkey1
-
- symkey2 = key2.exchange(pub_key1)
+ with pytest.raises(ValueError):
+ key1.exchange(pub_key2)
- assert symkey1 != symkey2
+ with pytest.raises(ValueError):
+ key2.exchange(pub_key1)
@pytest.mark.skip_fips(reason="key_size too small for FIPS")
@pytest.mark.supported(
--
2.30.2

11
python-cryptography.spec
View File

@ -7,7 +7,7 @@
Name: python-%{srcname}
Version: 3.4.7
Release: 1%{?dist}
Release: 2%{?dist}
Summary: PyCA's cryptography library
License: ASL 2.0 or BSD
@ -17,6 +17,11 @@ Source0: https://github.com/pyca/cryptography/archive/%{version}/%{srcnam
Source1: cryptography-%{version}-vendor.tar.bz2
Source2: conftest-skipper.py
# OpenSSL 3.0.0 patches
Patch1: 0001-fix-pkcs12-parse-ordering.-fixes-5872-5879.patch
Patch2: 0002-WIP-3.0.0-support-5250.patch
Patch3: 0003-switch-to-using-EVP_PKEY_derive-instead-of-DH_comput.patch
ExclusiveArch: %{rust_arches}
BuildRequires: openssl-devel
@ -115,6 +120,10 @@ PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \
%{python3_sitearch}/%{srcname}-%{version}-py*.egg-info
%changelog
* Mon Apr 26 2021 Christian Heimes <cheimes@redhat.com> - 3.4.7-2
- Add backports of OpenSSL 3.0.0 fixes (upstream PR #6000)
- Resolves: rhbz#1953446
* Wed Apr 21 2021 Christian Heimes <cheimes@redhat.com> - 3.4.7-1
- Update to 3.4.7
- Remove dependency on python-cryptography-vectors package and use vectors