diff --git a/.gitignore b/.gitignore index d551308..92613e3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/cryptography-3.4.7-vendor.tar.bz2 -SOURCES/cryptography-3.4.7.tar.gz +SOURCES/cryptography-36.0.1-vendor.tar.bz2 +SOURCES/cryptography-36.0.1.tar.gz diff --git a/.python-cryptography.metadata b/.python-cryptography.metadata index dd1bfbd..34ed4dc 100644 --- a/.python-cryptography.metadata +++ b/.python-cryptography.metadata @@ -1,2 +1,2 @@ -bbc8da55813a9176b9c9ccf33700903c5f6c107f SOURCES/cryptography-3.4.7-vendor.tar.bz2 -fff48841f1f4b756a6093bdcc376a3c513ba5aaf SOURCES/cryptography-3.4.7.tar.gz +83753a12e56c7d0b56f247da937db941623ad97d SOURCES/cryptography-36.0.1-vendor.tar.bz2 +4fa9ddd61d6c962ccc36f1db98af498d5f239d06 SOURCES/cryptography-36.0.1.tar.gz diff --git a/SOURCES/0001-Block-TripleDES-in-FIPS-mode-6879.patch b/SOURCES/0001-Block-TripleDES-in-FIPS-mode-6879.patch new file mode 100644 index 0000000..b3821b6 --- /dev/null +++ b/SOURCES/0001-Block-TripleDES-in-FIPS-mode-6879.patch @@ -0,0 +1,71 @@ +From d250d169e87168903a543248d0bfd6c37f2f6841 Mon Sep 17 00:00:00 2001 +From: Christian Heimes +Date: Tue, 22 Feb 2022 00:37:32 +0200 +Subject: [PATCH 1/5] Block TripleDES in FIPS mode (#6879) + +* Block TripleDES in FIPS mode + +NIST SP-800-131A rev 2 lists TripleDES Encryption as disallowed in FIPS 140-3 +decryption as legacy use. Three-key TDEA is listed as deprecated +throughout 2023 and disallowed after 2023. + +For simplicity we block all use of TripleDES in FIPS mode. + +Fixes: #6875 +Signed-off-by: Christian Heimes + +* Fix flake +--- + src/cryptography/hazmat/backends/openssl/backend.py | 13 ++++++------- + tests/hazmat/primitives/utils.py | 4 ++++ + 2 files changed, 10 insertions(+), 7 deletions(-) + +diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py +index 736452392..f38269e26 100644 +--- a/src/cryptography/hazmat/backends/openssl/backend.py ++++ b/src/cryptography/hazmat/backends/openssl/backend.py +@@ -134,7 +134,9 @@ class Backend(BackendInterface): + b"aes-192-gcm", + b"aes-256-gcm", + } +- _fips_ciphers = (AES, TripleDES) ++ # TripleDES encryption is disallowed/deprecated throughout 2023 in ++ # FIPS 140-3. To keep it simple we denylist any use of TripleDES (TDEA). ++ _fips_ciphers = (AES,) + # Sometimes SHA1 is still permissible. That logic is contained + # within the various *_supported methods. + _fips_hashes = ( +@@ -323,12 +325,9 @@ class Backend(BackendInterface): + + def cipher_supported(self, cipher, mode): + if self._fips_enabled: +- # FIPS mode requires AES or TripleDES, but only CBC/ECB allowed +- # in TripleDES mode. +- if not isinstance(cipher, self._fips_ciphers) or ( +- isinstance(cipher, TripleDES) +- and not isinstance(mode, (CBC, ECB)) +- ): ++ # FIPS mode requires AES. TripleDES is disallowed/deprecated in ++ # FIPS 140-3. ++ if not isinstance(cipher, self._fips_ciphers): + return False + + try: +diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py +index 93f117828..a367343ca 100644 +--- a/tests/hazmat/primitives/utils.py ++++ b/tests/hazmat/primitives/utils.py +@@ -469,6 +469,10 @@ def _kbkdf_cmac_counter_mode_test(backend, prf, ctr_loc, params): + algorithm = supported_cipher_algorithms.get(prf) + assert algorithm is not None + ++ # TripleDES is disallowed in FIPS mode. ++ if backend._fips_enabled and algorithm is algorithms.TripleDES: ++ pytest.skip("TripleDES is not supported in FIPS mode.") ++ + ctrkdf = KBKDFCMAC( + algorithm, + Mode.CounterMode, +-- +2.35.1 + diff --git a/SOURCES/0001-fix-pkcs12-parse-ordering.-fixes-5872-5879.patch b/SOURCES/0001-fix-pkcs12-parse-ordering.-fixes-5872-5879.patch deleted file mode 100644 index 4cfcdc4..0000000 --- a/SOURCES/0001-fix-pkcs12-parse-ordering.-fixes-5872-5879.patch +++ /dev/null @@ -1,130 +0,0 @@ -From cb1908043d5daa7c5c38945c048c4a2477a46221 Mon Sep 17 00:00:00 2001 -From: Paul Kehrer -Date: Sun, 28 Feb 2021 16:06:11 -0600 -Subject: [PATCH 1/3] fix pkcs12 parse ordering. fixes #5872 (#5879) - -* fix pkcs12 parse ordering. fixes #5872 - -* remove an unneeded print - -* simplify the test a bit more - -* index - -* black - -* Update tests/hazmat/primitives/test_pkcs12.py - -Co-authored-by: Alex Gaynor - -Co-authored-by: Alex Gaynor ---- - .../hazmat/backends/openssl/backend.py | 5 +- - tests/hazmat/primitives/test_pkcs12.py | 58 ++++++++++++++++++- - 2 files changed, 59 insertions(+), 4 deletions(-) - -diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py -index 271873d9..a96d08d8 100644 ---- a/src/cryptography/hazmat/backends/openssl/backend.py -+++ b/src/cryptography/hazmat/backends/openssl/backend.py -@@ -6,6 +6,7 @@ - import collections - import contextlib - import itertools -+import typing - import warnings - from contextlib import contextmanager - -@@ -2562,9 +2563,7 @@ class Backend(object): - sk_x509 = self._lib.sk_X509_new_null() - sk_x509 = self._ffi.gc(sk_x509, self._lib.sk_X509_free) - -- # reverse the list when building the stack so that they're encoded -- # in the order they were originally provided. it is a mystery -- for ca in reversed(cas): -+ for ca in cas: - res = self._lib.sk_X509_push(sk_x509, ca._x509) - backend.openssl_assert(res >= 1) - -diff --git a/tests/hazmat/primitives/test_pkcs12.py b/tests/hazmat/primitives/test_pkcs12.py -index b5de09f9..b1759a1b 100644 ---- a/tests/hazmat/primitives/test_pkcs12.py -+++ b/tests/hazmat/primitives/test_pkcs12.py -@@ -4,13 +4,15 @@ - - - import os -+from datetime import datetime - - import pytest - - from cryptography import x509 - from cryptography.hazmat.backends.interfaces import DERSerializationBackend - from cryptography.hazmat.backends.openssl.backend import _RC2 --from cryptography.hazmat.primitives import serialization -+from cryptography.hazmat.primitives import hashes, serialization -+from cryptography.hazmat.primitives.asymmetric import ec - from cryptography.hazmat.primitives.serialization import load_pem_private_key - from cryptography.hazmat.primitives.serialization.pkcs12 import ( - load_key_and_certificates, -@@ -273,3 +275,57 @@ class TestPKCS12Creation(object): - DummyKeySerializationEncryption(), - ) - assert str(exc.value) == "Unsupported key encryption type" -+ -+ -+def test_pkcs12_ordering(): -+ """ -+ In OpenSSL < 3.0.0 PKCS12 parsing reverses the order. However, we -+ accidentally thought it was **encoding** that did it, leading to bug -+ https://github.com/pyca/cryptography/issues/5872 -+ This test ensures our ordering is correct going forward. -+ """ -+ -+ def make_cert(name): -+ key = ec.generate_private_key(ec.SECP256R1()) -+ subject = x509.Name( -+ [ -+ x509.NameAttribute(x509.NameOID.COMMON_NAME, name), -+ ] -+ ) -+ now = datetime.utcnow() -+ cert = ( -+ x509.CertificateBuilder() -+ .subject_name(subject) -+ .issuer_name(subject) -+ .public_key(key.public_key()) -+ .serial_number(x509.random_serial_number()) -+ .not_valid_before(now) -+ .not_valid_after(now) -+ .sign(key, hashes.SHA256()) -+ ) -+ return (key, cert) -+ -+ # Make some certificates with distinct names. -+ a_name = "A" * 20 -+ b_name = "B" * 20 -+ c_name = "C" * 20 -+ a_key, a_cert = make_cert(a_name) -+ _, b_cert = make_cert(b_name) -+ _, c_cert = make_cert(c_name) -+ -+ # Bundle them in a PKCS#12 file in order A, B, C. -+ p12 = serialize_key_and_certificates( -+ b"p12", a_key, a_cert, [b_cert, c_cert], serialization.NoEncryption() -+ ) -+ -+ # Parse them out. The API should report them in the same order. -+ (key, cert, certs) = load_key_and_certificates(p12, None) -+ assert cert == a_cert -+ assert certs == [b_cert, c_cert] -+ -+ # The ordering in the PKCS#12 file itself should also match. -+ a_idx = p12.index(a_name.encode("utf-8")) -+ b_idx = p12.index(b_name.encode("utf-8")) -+ c_idx = p12.index(c_name.encode("utf-8")) -+ -+ assert a_idx < b_idx < c_idx --- -2.30.2 - diff --git a/SOURCES/0002-Disable-DSA-tests-in-FIPS-mode-6916.patch b/SOURCES/0002-Disable-DSA-tests-in-FIPS-mode-6916.patch new file mode 100644 index 0000000..311bca5 --- /dev/null +++ b/SOURCES/0002-Disable-DSA-tests-in-FIPS-mode-6916.patch @@ -0,0 +1,319 @@ +From ff80e3a27408657fef599f44ae1a9a875e005685 Mon Sep 17 00:00:00 2001 +From: Christian Heimes +Date: Wed, 2 Mar 2022 21:47:04 +0200 +Subject: [PATCH 2/5] Disable DSA tests in FIPS mode (#6916) + +* Disable DSA tests in FIPS mode + +See: #6880 + +* ignore coverage for nested FIPS check + +* Remove if branch + +* Remove skip modulus branch + +* Keep tests that don't use the backend +--- + .../hazmat/backends/openssl/backend.py | 7 ++- + tests/hazmat/primitives/test_dsa.py | 46 +++++++++++-------- + tests/hazmat/primitives/test_serialization.py | 24 ++++++++++ + tests/x509/test_x509.py | 43 ++++++++++++++--- + tests/x509/test_x509_ext.py | 4 ++ + 5 files changed, 98 insertions(+), 26 deletions(-) + +diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py +index f38269e26..a6d0e8872 100644 +--- a/src/cryptography/hazmat/backends/openssl/backend.py ++++ b/src/cryptography/hazmat/backends/openssl/backend.py +@@ -804,7 +804,12 @@ class Backend(BackendInterface): + self.openssl_assert(res == 1) + return evp_pkey + +- def dsa_hash_supported(self, algorithm): ++ def dsa_supported(self) -> bool: ++ return not self._fips_enabled ++ ++ def dsa_hash_supported(self, algorithm: hashes.HashAlgorithm) -> bool: ++ if not self.dsa_supported(): ++ return False + return self.hash_supported(algorithm) + + def dsa_parameters_supported(self, p, q, g): +diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py +index 6028b600d..60681683d 100644 +--- a/tests/hazmat/primitives/test_dsa.py ++++ b/tests/hazmat/primitives/test_dsa.py +@@ -59,7 +59,12 @@ def test_skip_if_dsa_not_supported(backend): + _skip_if_dsa_not_supported(backend, DummyHashAlgorithm(), 1, 1, 1) + + +-class TestDSA(object): ++ ++@pytest.mark.supported( ++ only_if=lambda backend: backend.dsa_supported(), ++ skip_message="Does not support DSA.", ++) ++class TestDSA: + def test_generate_dsa_parameters(self, backend): + parameters = dsa.generate_parameters(2048, backend) + assert isinstance(parameters, dsa.DSAParameters) +@@ -76,11 +81,6 @@ class TestDSA(object): + ), + ) + def test_generate_dsa_keys(self, vector, backend): +- if ( +- backend._fips_enabled +- and vector["p"] < backend._fips_dsa_min_modulus +- ): +- pytest.skip("Small modulus blocked in FIPS mode") + parameters = dsa.DSAParameterNumbers( + p=vector["p"], q=vector["q"], g=vector["g"] + ).parameters(backend) +@@ -389,7 +389,12 @@ class TestDSA(object): + ).private_key(backend) + + +-class TestDSAVerification(object): ++ ++@pytest.mark.supported( ++ only_if=lambda backend: backend.dsa_supported(), ++ skip_message="Does not support DSA.", ++) ++class TestDSAVerification: + def test_dsa_verification(self, backend, subtests): + vectors = load_vectors_from_file( + os.path.join("asymmetric", "DSA", "FIPS_186-3", "SigVer.rsp"), +@@ -481,17 +486,12 @@ class TestDSAVerification(object): + Prehashed(hashes.SHA1()) # type: ignore[arg-type] + ) + +- def test_prehashed_unsupported_in_verifier_ctx(self, backend): +- public_key = DSA_KEY_1024.private_key(backend).public_key() +- with pytest.raises(TypeError), pytest.warns( +- CryptographyDeprecationWarning +- ): +- public_key.verifier( +- b"0" * 64, Prehashed(hashes.SHA1()) # type: ignore[arg-type] +- ) +- + +-class TestDSASignature(object): ++@pytest.mark.supported( ++ only_if=lambda backend: backend.dsa_supported(), ++ skip_message="Does not support DSA.", ++) ++class TestDSASignature: + def test_dsa_signing(self, backend, subtests): + vectors = load_vectors_from_file( + os.path.join("asymmetric", "DSA", "FIPS_186-3", "SigGen.txt"), +@@ -695,7 +695,11 @@ class TestDSANumberEquality(object): + assert priv != object() + + +-class TestDSASerialization(object): ++@pytest.mark.supported( ++ only_if=lambda backend: backend.dsa_supported(), ++ skip_message="Does not support DSA.", ++) ++class TestDSASerialization: + @pytest.mark.parametrize( + ("fmt", "password"), + itertools.product( +@@ -916,7 +920,11 @@ class TestDSASerialization(object): + ) + + +-class TestDSAPEMPublicKeySerialization(object): ++@pytest.mark.supported( ++ only_if=lambda backend: backend.dsa_supported(), ++ skip_message="Does not support DSA.", ++) ++class TestDSAPEMPublicKeySerialization: + @pytest.mark.parametrize( + ("key_path", "loader_func", "encoding"), + [ +diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py +index fb6b753de..5a2b9fba5 100644 +--- a/tests/hazmat/primitives/test_serialization.py ++++ b/tests/hazmat/primitives/test_serialization.py +@@ -141,6 +141,10 @@ class TestDERSerialization(object): + assert isinstance(key, rsa.RSAPrivateKey) + _check_rsa_private_numbers(key.private_numbers()) + ++ @pytest.mark.supported( ++ only_if=lambda backend: backend.dsa_supported(), ++ skip_message="Does not support DSA.", ++ ) + @pytest.mark.parametrize( + ("key_path", "password"), + [ +@@ -341,6 +345,10 @@ class TestDERSerialization(object): + with pytest.raises(ValueError): + load_der_public_key(b"invalid data", backend) + ++ @pytest.mark.supported( ++ only_if=lambda backend: backend.dsa_supported(), ++ skip_message="Does not support DSA.", ++ ) + @pytest.mark.parametrize( + "key_file", + [ +@@ -422,6 +430,10 @@ class TestPEMSerialization(object): + assert isinstance(key, rsa.RSAPrivateKey) + _check_rsa_private_numbers(key.private_numbers()) + ++ @pytest.mark.supported( ++ only_if=lambda backend: backend.dsa_supported(), ++ skip_message="Does not support DSA.", ++ ) + @pytest.mark.parametrize( + ("key_path", "password"), + [ +@@ -490,6 +502,10 @@ class TestPEMSerialization(object): + numbers = key.public_numbers() + assert numbers.e == 65537 + ++ @pytest.mark.supported( ++ only_if=lambda backend: backend.dsa_supported(), ++ skip_message="Does not support DSA.", ++ ) + @pytest.mark.parametrize( + ("key_file"), + [ +@@ -894,6 +910,10 @@ class TestPEMSerialization(object): + 16, + ) + ++ @pytest.mark.supported( ++ only_if=lambda backend: backend.dsa_supported(), ++ skip_message="Does not support DSA.", ++ ) + def test_load_pem_dsa_private_key(self, backend): + key = load_vectors_from_file( + os.path.join("asymmetric", "PKCS8", "unenc-dsa-pkcs8.pem"), +@@ -2313,6 +2333,10 @@ class TestOpenSSHSerialization(object): + DummyKeySerializationEncryption(), + ) + ++ @pytest.mark.supported( ++ only_if=lambda backend: backend.dsa_supported(), ++ skip_message="Does not support DSA.", ++ ) + @pytest.mark.parametrize( + ("key_path", "supported"), + [ +diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py +index 23e97a768..7a7a52977 100644 +--- a/tests/x509/test_x509.py ++++ b/tests/x509/test_x509.py +@@ -2561,7 +2561,21 @@ class TestCertificateBuilder(object): + only_if=lambda backend: backend.hash_supported(hashes.MD5()), + skip_message="Requires OpenSSL with MD5 support", + ) +- def test_sign_dsa_with_md5(self, backend): ++ @pytest.mark.supported( ++ only_if=lambda backend: backend.dsa_supported(), ++ skip_message="Does not support DSA.", ++ ) ++ @pytest.mark.parametrize( ++ "hash_algorithm", ++ [ ++ hashes.MD5(), ++ hashes.SHA3_224(), ++ hashes.SHA3_256(), ++ hashes.SHA3_384(), ++ hashes.SHA3_512(), ++ ], ++ ) ++ def test_sign_dsa_with_unsupported_hash(self, hash_algorithm, backend): + private_key = DSA_KEY_2048.private_key(backend) + builder = x509.CertificateBuilder() + builder = ( +@@ -2602,6 +2616,10 @@ class TestCertificateBuilder(object): + with pytest.raises(ValueError): + builder.sign(private_key, hashes.MD5(), backend) + ++ @pytest.mark.supported( ++ only_if=lambda backend: backend.dsa_supported(), ++ skip_message="Does not support DSA.", ++ ) + @pytest.mark.parametrize( + ("hashalg", "hashalg_oid"), + [ +@@ -2615,9 +2633,6 @@ class TestCertificateBuilder(object): + def test_build_cert_with_dsa_private_key( + self, hashalg, hashalg_oid, backend + ): +- if backend._fips_enabled and hashalg is hashes.SHA1: +- pytest.skip("SHA1 not supported in FIPS mode") +- + issuer_private_key = DSA_KEY_2048.private_key(backend) + subject_private_key = DSA_KEY_2048.private_key(backend) + +@@ -3646,6 +3661,10 @@ class TestCertificateSigningRequestBuilder(object): + only_if=lambda backend: backend.hash_supported(hashes.MD5()), + skip_message="Requires OpenSSL with MD5 support", + ) ++ @pytest.mark.supported( ++ only_if=lambda backend: backend.dsa_supported(), ++ skip_message="Does not support DSA.", ++ ) + def test_sign_dsa_with_md5(self, backend): + private_key = DSA_KEY_2048.private_key(backend) + builder = x509.CertificateSigningRequestBuilder().subject_name( +@@ -3969,6 +3988,10 @@ class TestCertificateSigningRequestBuilder(object): + assert basic_constraints.value.ca is True + assert basic_constraints.value.path_length == 2 + ++ @pytest.mark.supported( ++ only_if=lambda backend: backend.dsa_supported(), ++ skip_message="Does not support DSA.", ++ ) + def test_build_ca_request_with_dsa(self, backend): + private_key = DSA_KEY_2048.private_key(backend) + +@@ -4319,7 +4342,11 @@ class TestCertificateSigningRequestBuilder(object): + builder.sign(private_key, hashes.SHA512(), backend) + + +-class TestDSACertificate(object): ++@pytest.mark.supported( ++ only_if=lambda backend: backend.dsa_supported(), ++ skip_message="Does not support DSA.", ++) ++class TestDSACertificate: + def test_load_dsa_cert(self, backend): + cert = _load_cert( + os.path.join("x509", "custom", "dsa_selfsigned_ca.pem"), +@@ -4444,7 +4471,11 @@ class TestDSACertificate(object): + ) + + +-class TestDSACertificateRequest(object): ++@pytest.mark.supported( ++ only_if=lambda backend: backend.dsa_supported(), ++ skip_message="Does not support DSA.", ++) ++class TestDSACertificateRequest: + @pytest.mark.parametrize( + ("path", "loader_func"), + [ +diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py +index 4173dece6..66ac43d95 100644 +--- a/tests/x509/test_x509_ext.py ++++ b/tests/x509/test_x509_ext.py +@@ -1712,6 +1712,10 @@ class TestSubjectKeyIdentifierExtension(object): + ski = x509.SubjectKeyIdentifier.from_public_key(cert.public_key()) + assert ext.value == ski + ++ @pytest.mark.supported( ++ only_if=lambda backend: backend.dsa_supported(), ++ skip_message="Does not support DSA.", ++ ) + def test_from_dsa_public_key(self, backend): + cert = _load_cert( + os.path.join("x509", "custom", "dsa_selfsigned_ca.pem"), +-- +2.35.1 + diff --git a/SOURCES/0002-WIP-3.0.0-support-5250.patch b/SOURCES/0002-WIP-3.0.0-support-5250.patch deleted file mode 100644 index dcea843..0000000 --- a/SOURCES/0002-WIP-3.0.0-support-5250.patch +++ /dev/null @@ -1,415 +0,0 @@ -From a0bece343e38d73d038d4f3a62c2a9638608ac9c Mon Sep 17 00:00:00 2001 -From: Paul Kehrer -Date: Thu, 22 Apr 2021 19:16:38 -0500 -Subject: [PATCH 2/3] [WIP] 3.0.0 support (#5250) - -* 3.0.0 support - -* almost...there... - -* make mypy happy ---- - .github/workflows/ci.yml | 7 ++-- - src/_cffi_src/build_openssl.py | 1 + - src/_cffi_src/openssl/cryptography.py | 3 ++ - src/_cffi_src/openssl/err.py | 6 +++ - src/_cffi_src/openssl/fips.py | 2 +- - src/_cffi_src/openssl/provider.py | 40 ++++++++++++++++++ - .../hazmat/backends/openssl/backend.py | 42 ++++++++++++++++--- - .../hazmat/backends/openssl/ciphers.py | 15 ++++++- - .../hazmat/bindings/openssl/_conditional.py | 11 +++++ - .../hazmat/bindings/openssl/binding.py | 20 +++++++++ - tests/hazmat/backends/test_openssl_memleak.py | 6 ++- - tests/hazmat/bindings/test_openssl.py | 4 +- - tests/hazmat/primitives/test_dh.py | 24 ++++++++++- - 13 files changed, 167 insertions(+), 14 deletions(-) - create mode 100644 src/_cffi_src/openssl/provider.py - -diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml -index cd967a3a..747f84c1 100644 ---- a/.github/workflows/ci.yml -+++ b/.github/workflows/ci.yml -@@ -18,9 +18,10 @@ jobs: - - {VERSION: "3.9", TOXENV: "flake,rust,docs", COVERAGE: "false"} - - {VERSION: "pypy3", TOXENV: "pypy3"} - - {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "openssl", VERSION: "1.1.0l"}} -- - {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "openssl", VERSION: "1.1.1i"}} -- - {VERSION: "3.9", TOXENV: "py39-ssh", OPENSSL: {TYPE: "openssl", VERSION: "1.1.1i"}} -- - {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "openssl", VERSION: "1.1.1i", CONFIG_FLAGS: "no-engine no-rc2 no-srtp no-ct"}} -+ - {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "openssl", VERSION: "1.1.1j"}} -+ - {VERSION: "3.9", TOXENV: "py39-ssh", OPENSSL: {TYPE: "openssl", VERSION: "1.1.1j"}} -+ - {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "openssl", VERSION: "1.1.1j", CONFIG_FLAGS: "no-engine no-rc2 no-srtp no-ct"}} -+ - {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "openssl", VERSION: "3.0.0-alpha15"}} - - {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "libressl", VERSION: "2.9.2"}} - - {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "libressl", VERSION: "3.0.2"}} - - {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "libressl", VERSION: "3.1.5"}} -diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py -index 08499d66..557296ed 100644 ---- a/src/_cffi_src/build_openssl.py -+++ b/src/_cffi_src/build_openssl.py -@@ -104,6 +104,7 @@ ffi = build_ffi_for_binding( - "osrandom_engine", - "pem", - "pkcs12", -+ "provider", - "rand", - "rsa", - "ssl", -diff --git a/src/_cffi_src/openssl/cryptography.py b/src/_cffi_src/openssl/cryptography.py -index e2b5a132..06d1e778 100644 ---- a/src/_cffi_src/openssl/cryptography.py -+++ b/src/_cffi_src/openssl/cryptography.py -@@ -34,6 +34,8 @@ INCLUDES = """ - - #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ - (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL) -+#define CRYPTOGRAPHY_OPENSSL_300_OR_GREATER \ -+ (OPENSSL_VERSION_NUMBER >= 0x30000000 && !CRYPTOGRAPHY_IS_LIBRESSL) - - #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \ - (OPENSSL_VERSION_NUMBER < 0x101000af || CRYPTOGRAPHY_IS_LIBRESSL) -@@ -53,6 +55,7 @@ INCLUDES = """ - - TYPES = """ - static const int CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER; -+static const int CRYPTOGRAPHY_OPENSSL_300_OR_GREATER; - - static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111; - static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B; -diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py -index 0634b656..8cfeaf5b 100644 ---- a/src/_cffi_src/openssl/err.py -+++ b/src/_cffi_src/openssl/err.py -@@ -18,6 +18,7 @@ static const int EVP_R_UNKNOWN_PBE_ALGORITHM; - - static const int ERR_LIB_EVP; - static const int ERR_LIB_PEM; -+static const int ERR_LIB_PROV; - static const int ERR_LIB_ASN1; - static const int ERR_LIB_PKCS12; - -@@ -45,4 +46,9 @@ int ERR_GET_REASON(unsigned long); - """ - - CUSTOMIZATIONS = """ -+/* This define is tied to provider support and is conditionally -+ removed if Cryptography_HAS_PROVIDERS is false */ -+#ifndef ERR_LIB_PROV -+#define ERR_LIB_PROV 0 -+#endif - """ -diff --git a/src/_cffi_src/openssl/fips.py b/src/_cffi_src/openssl/fips.py -index b9d0d64d..23c10af9 100644 ---- a/src/_cffi_src/openssl/fips.py -+++ b/src/_cffi_src/openssl/fips.py -@@ -17,7 +17,7 @@ int FIPS_mode(void); - """ - - CUSTOMIZATIONS = """ --#if CRYPTOGRAPHY_IS_LIBRESSL -+#if CRYPTOGRAPHY_IS_LIBRESSL || CRYPTOGRAPHY_OPENSSL_300_OR_GREATER - static const long Cryptography_HAS_FIPS = 0; - int (*FIPS_mode_set)(int) = NULL; - int (*FIPS_mode)(void) = NULL; -diff --git a/src/_cffi_src/openssl/provider.py b/src/_cffi_src/openssl/provider.py -new file mode 100644 -index 00000000..d7d659ea ---- /dev/null -+++ b/src/_cffi_src/openssl/provider.py -@@ -0,0 +1,40 @@ -+# This file is dual licensed under the terms of the Apache License, Version -+# 2.0, and the BSD License. See the LICENSE file in the root of this repository -+# for complete details. -+ -+ -+INCLUDES = """ -+#if CRYPTOGRAPHY_OPENSSL_300_OR_GREATER -+#include -+#include -+#endif -+""" -+ -+TYPES = """ -+static const long Cryptography_HAS_PROVIDERS; -+ -+typedef ... OSSL_PROVIDER; -+typedef ... OSSL_LIB_CTX; -+ -+static const long PROV_R_BAD_DECRYPT; -+static const long PROV_R_WRONG_FINAL_BLOCK_LENGTH; -+""" -+ -+FUNCTIONS = """ -+OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *); -+int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov); -+""" -+ -+CUSTOMIZATIONS = """ -+#if CRYPTOGRAPHY_OPENSSL_300_OR_GREATER -+static const long Cryptography_HAS_PROVIDERS = 1; -+#else -+static const long Cryptography_HAS_PROVIDERS = 0; -+typedef void OSSL_PROVIDER; -+typedef void OSSL_LIB_CTX; -+static const long PROV_R_BAD_DECRYPT = 0; -+static const long PROV_R_WRONG_FINAL_BLOCK_LENGTH = 0; -+OSSL_PROVIDER *(*OSSL_PROVIDER_load)(OSSL_LIB_CTX *, const char *) = NULL; -+int (*OSSL_PROVIDER_unload)(OSSL_PROVIDER *) = NULL; -+#endif -+""" -diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py -index a96d08d8..86e8f0a8 100644 ---- a/src/cryptography/hazmat/backends/openssl/backend.py -+++ b/src/cryptography/hazmat/backends/openssl/backend.py -@@ -1281,6 +1281,11 @@ class Backend(object): - def _evp_pkey_from_der_traditional_key(self, bio_data, password): - key = self._lib.d2i_PrivateKey_bio(bio_data.bio, self._ffi.NULL) - if key != self._ffi.NULL: -+ # In OpenSSL 3.0.0-alpha15 there exist scenarios where the key will -+ # successfully load but errors are still put on the stack. Tracked -+ # as https://github.com/openssl/openssl/issues/14996 -+ self._consume_errors() -+ - key = self._ffi.gc(key, self._lib.EVP_PKEY_free) - if password is not None: - raise TypeError( -@@ -1448,6 +1453,11 @@ class Backend(object): - else: - self._handle_key_loading_error() - -+ # In OpenSSL 3.0.0-alpha15 there exist scenarios where the key will -+ # successfully load but errors are still put on the stack. Tracked -+ # as https://github.com/openssl/openssl/issues/14996 -+ self._consume_errors() -+ - evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free) - - if password is not None and userdata.called == 0: -@@ -1470,11 +1480,22 @@ class Backend(object): - "incorrect format or it may be encrypted with an unsupported " - "algorithm." - ) -- elif errors[0]._lib_reason_match( -- self._lib.ERR_LIB_EVP, self._lib.EVP_R_BAD_DECRYPT -- ) or errors[0]._lib_reason_match( -- self._lib.ERR_LIB_PKCS12, -- self._lib.PKCS12_R_PKCS12_CIPHERFINAL_ERROR, -+ -+ elif ( -+ errors[0]._lib_reason_match( -+ self._lib.ERR_LIB_EVP, self._lib.EVP_R_BAD_DECRYPT -+ ) -+ or errors[0]._lib_reason_match( -+ self._lib.ERR_LIB_PKCS12, -+ self._lib.PKCS12_R_PKCS12_CIPHERFINAL_ERROR, -+ ) -+ or ( -+ self._lib.Cryptography_HAS_PROVIDERS -+ and errors[0]._lib_reason_match( -+ self._lib.ERR_LIB_PROV, -+ self._lib.PROV_R_BAD_DECRYPT, -+ ) -+ ) - ): - raise ValueError("Bad decrypt. Incorrect password?") - -@@ -2520,7 +2541,16 @@ class Backend(object): - if sk_x509_ptr[0] != self._ffi.NULL: - sk_x509 = self._ffi.gc(sk_x509_ptr[0], self._lib.sk_X509_free) - num = self._lib.sk_X509_num(sk_x509_ptr[0]) -- for i in range(num): -+ -+ # In OpenSSL < 3.0.0 PKCS12 parsing reverses the order of the -+ # certificates. -+ indices: typing.Iterable[int] -+ if self._lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER: -+ indices = range(num) -+ else: -+ indices = reversed(range(num)) -+ -+ for i in indices: - x509 = self._lib.sk_X509_value(sk_x509, i) - self.openssl_assert(x509 != self._ffi.NULL) - x509 = self._ffi.gc(x509, self._lib.X509_free) -diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py -index 0f96795f..a2dd6894 100644 ---- a/src/cryptography/hazmat/backends/openssl/ciphers.py -+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py -@@ -145,7 +145,13 @@ class _CipherContext(object): - res = self._backend._lib.EVP_CipherUpdate( - self._ctx, outbuf, outlen, inbuf, inlen - ) -- self._backend.openssl_assert(res != 0) -+ if res == 0 and isinstance(self._mode, modes.XTS): -+ raise ValueError( -+ "In XTS mode you must supply at least a full block in the " -+ "first update call. For AES this is 16 bytes." -+ ) -+ else: -+ self._backend.openssl_assert(res != 0) - data_processed += inlen - total_out += outlen[0] - -@@ -174,6 +180,13 @@ class _CipherContext(object): - errors[0]._lib_reason_match( - self._backend._lib.ERR_LIB_EVP, - self._backend._lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH, -+ ) -+ or ( -+ self._backend._lib.Cryptography_HAS_PROVIDERS -+ and errors[0]._lib_reason_match( -+ self._backend._lib.ERR_LIB_PROV, -+ self._backend._lib.PROV_R_WRONG_FINAL_BLOCK_LENGTH, -+ ) - ), - errors=errors, - ) -diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py -index 86548357..1f42c7be 100644 ---- a/src/cryptography/hazmat/bindings/openssl/_conditional.py -+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py -@@ -270,6 +270,16 @@ def cryptography_has_get_proto_version(): - ] - - -+def cryptography_has_providers(): -+ return [ -+ "OSSL_PROVIDER_load", -+ "OSSL_PROVIDER_unload", -+ "ERR_LIB_PROV", -+ "PROV_R_WRONG_FINAL_BLOCK_LENGTH", -+ "PROV_R_BAD_DECRYPT", -+ ] -+ -+ - # This is a mapping of - # {condition: function-returning-names-dependent-on-that-condition} so we can - # loop over them and delete unsupported names at runtime. It will be removed -@@ -318,4 +328,5 @@ CONDITIONAL_NAMES = { - "Cryptography_HAS_VERIFIED_CHAIN": cryptography_has_verified_chain, - "Cryptography_HAS_SRTP": cryptography_has_srtp, - "Cryptography_HAS_GET_PROTO_VERSION": cryptography_has_get_proto_version, -+ "Cryptography_HAS_PROVIDERS": cryptography_has_providers, - } -diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py -index a2bc36a8..6dcec26a 100644 ---- a/src/cryptography/hazmat/bindings/openssl/binding.py -+++ b/src/cryptography/hazmat/bindings/openssl/binding.py -@@ -113,6 +113,8 @@ class Binding(object): - ffi = ffi - _lib_loaded = False - _init_lock = threading.Lock() -+ _legacy_provider: typing.Any = None -+ _default_provider: typing.Any = None - - def __init__(self): - self._ensure_ffi_initialized() -@@ -140,6 +142,24 @@ class Binding(object): - # adds all ciphers/digests for EVP - cls.lib.OpenSSL_add_all_algorithms() - cls._register_osrandom_engine() -+ # As of OpenSSL 3.0.0 we must register a legacy cipher provider -+ # to get RC2 (needed for junk asymmetric private key -+ # serialization), RC4, Blowfish, IDEA, SEED, etc. These things -+ # are ugly legacy, but we aren't going to get rid of them -+ # any time soon. -+ if cls.lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER: -+ cls._legacy_provider = cls.lib.OSSL_PROVIDER_load( -+ cls.ffi.NULL, b"legacy" -+ ) -+ _openssl_assert( -+ cls.lib, cls._legacy_provider != cls.ffi.NULL -+ ) -+ cls._default_provider = cls.lib.OSSL_PROVIDER_load( -+ cls.ffi.NULL, b"default" -+ ) -+ _openssl_assert( -+ cls.lib, cls._default_provider != cls.ffi.NULL -+ ) - - @classmethod - def init_static_locks(cls): -diff --git a/tests/hazmat/backends/test_openssl_memleak.py b/tests/hazmat/backends/test_openssl_memleak.py -index 0c96516f..0316b5d9 100644 ---- a/tests/hazmat/backends/test_openssl_memleak.py -+++ b/tests/hazmat/backends/test_openssl_memleak.py -@@ -82,7 +82,7 @@ def main(argv): - assert result == 1 - - # Trigger a bunch of initialization stuff. -- import cryptography.hazmat.backends.openssl -+ from cryptography.hazmat.backends.openssl.backend import backend - - start_heap = set(heap) - -@@ -91,6 +91,10 @@ def main(argv): - gc.collect() - gc.collect() - -+ if lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER: -+ lib.OSSL_PROVIDER_unload(backend._binding._legacy_provider) -+ lib.OSSL_PROVIDER_unload(backend._binding._default_provider) -+ - if lib.Cryptography_HAS_OPENSSL_CLEANUP: - lib.OPENSSL_cleanup() - -diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py -index fb9a1e36..4d1e3b55 100644 ---- a/tests/hazmat/bindings/test_openssl.py -+++ b/tests/hazmat/bindings/test_openssl.py -@@ -91,7 +91,9 @@ class TestOpenSSL(object): - _openssl_assert(b.lib, False) - - error = exc_info.value.err_code[0] -- assert error.code == 101183626 -+ # As of 3.0.0 OpenSSL sets func codes to 0, so the combined -+ # code is a different value -+ assert error.code in (101183626, 50331786) - assert error.lib == b.lib.ERR_LIB_EVP - assert error.func == b.lib.EVP_F_EVP_ENCRYPTFINAL_EX - assert error.reason == b.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH -diff --git a/tests/hazmat/primitives/test_dh.py b/tests/hazmat/primitives/test_dh.py -index 131807fc..bb29919f 100644 ---- a/tests/hazmat/primitives/test_dh.py -+++ b/tests/hazmat/primitives/test_dh.py -@@ -180,7 +180,23 @@ class TestDH(object): - params = dh.DHParameterNumbers(p, int(vector["g"])) - param = params.parameters(backend) - key = param.generate_private_key() -- assert key.private_numbers().public_numbers.parameter_numbers == params -+ # In OpenSSL 3.0.0 OpenSSL maps to known groups. This results in -+ # a scenario where loading a known group with p and g returns a -+ # re-serialized form that has q as well (the Sophie Germain prime of -+ # that group). This makes a naive comparison of the parameter numbers -+ # objects fail, so we have to be a bit smarter -+ serialized_params = ( -+ key.private_numbers().public_numbers.parameter_numbers -+ ) -+ if serialized_params.q is None: -+ # This is the path OpenSSL < 3.0 takes -+ assert serialized_params == params -+ else: -+ assert serialized_params.p == params.p -+ assert serialized_params.g == params.g -+ # p = 2q + 1 since it is a Sophie Germain prime, so we can compute -+ # what we expect OpenSSL to have done here. -+ assert serialized_params.q == (params.p - 1) // 2 - - @pytest.mark.skip_fips(reason="non-FIPS parameters") - @pytest.mark.parametrize( -@@ -382,6 +398,12 @@ class TestDH(object): - assert symkey1 != symkey2 - - @pytest.mark.skip_fips(reason="key_size too small for FIPS") -+ @pytest.mark.supported( -+ only_if=lambda backend: ( -+ not backend._lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER -+ ), -+ skip_message="256-bit DH keys are not supported in OpenSSL 3.0.0+", -+ ) - def test_load_256bit_key_from_pkcs8(self, backend): - data = load_vectors_from_file( - os.path.join("asymmetric", "DH", "dh_key_256.pem"), --- -2.30.2 - diff --git a/SOURCES/0003-fixes-6927-handle-negative-return-values-from-openss.patch b/SOURCES/0003-fixes-6927-handle-negative-return-values-from-openss.patch new file mode 100644 index 0000000..fa3979f --- /dev/null +++ b/SOURCES/0003-fixes-6927-handle-negative-return-values-from-openss.patch @@ -0,0 +1,26 @@ +From 20bafea414bcc08bfcb5b669ecbf9a3438ff7b78 Mon Sep 17 00:00:00 2001 +From: Alex Gaynor +Date: Thu, 3 Mar 2022 15:44:02 -0500 +Subject: [PATCH 3/5] fixes #6927 -- handle negative return values from openssl + (#6928) + +--- + src/cryptography/hazmat/backends/openssl/rsa.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py +index 9bef49d24..dd5d4990b 100644 +--- a/src/cryptography/hazmat/backends/openssl/rsa.py ++++ b/src/cryptography/hazmat/backends/openssl/rsa.py +@@ -208,7 +208,7 @@ def _rsa_sig_setup(backend, padding, algorithm, key, init_func): + if algorithm is not None: + evp_md = backend._evp_md_non_null_from_algorithm(algorithm) + res = backend._lib.EVP_PKEY_CTX_set_signature_md(pkey_ctx, evp_md) +- if res == 0: ++ if res <= 0: + backend._consume_errors() + raise UnsupportedAlgorithm( + "{} is not supported by this backend for RSA signing.".format( +-- +2.35.1 + diff --git a/SOURCES/0003-switch-to-using-EVP_PKEY_derive-instead-of-DH_comput.patch b/SOURCES/0003-switch-to-using-EVP_PKEY_derive-instead-of-DH_comput.patch deleted file mode 100644 index efc14b0..0000000 --- a/SOURCES/0003-switch-to-using-EVP_PKEY_derive-instead-of-DH_comput.patch +++ /dev/null @@ -1,151 +0,0 @@ -From 29cf9b8d63ef3437ba11aa29502af8773faa17a7 Mon Sep 17 00:00:00 2001 -From: Paul Kehrer -Date: Wed, 14 Apr 2021 13:15:57 -0500 -Subject: [PATCH 3/3] switch to using EVP_PKEY_derive instead of DH_compute_key - in DH (#5972) - -* switch to using EVP_PKEY_derive instead of DH_compute_key in DH - -Where checks are occurring is changing in OpenSSL 3.0 and this makes it -easier to be consistent (and is the API we should be using anyway). The -tests change because EVP_PKEY_derive now verifies that we have shared -parameters, which the test previously only verified by asserting that -the derived keys didn't match - -* review feedback - -* type ignores required for typeerror tests. some day i will remember this ---- - src/_cffi_src/openssl/dh.py | 1 - - .../hazmat/backends/openssl/dh.py | 57 ++++++++++++------- - tests/hazmat/primitives/test_dh.py | 19 ++++--- - 3 files changed, 45 insertions(+), 32 deletions(-) - -diff --git a/src/_cffi_src/openssl/dh.py b/src/_cffi_src/openssl/dh.py -index 979dafa9..50989e45 100644 ---- a/src/_cffi_src/openssl/dh.py -+++ b/src/_cffi_src/openssl/dh.py -@@ -18,7 +18,6 @@ DH *DH_new(void); - void DH_free(DH *); - int DH_size(const DH *); - int DH_generate_key(DH *); --int DH_compute_key(unsigned char *, const BIGNUM *, DH *); - DH *DHparams_dup(DH *); - - /* added in 1.1.0 when the DH struct was opaqued */ -diff --git a/src/cryptography/hazmat/backends/openssl/dh.py b/src/cryptography/hazmat/backends/openssl/dh.py -index 65ddaeec..b928f024 100644 ---- a/src/cryptography/hazmat/backends/openssl/dh.py -+++ b/src/cryptography/hazmat/backends/openssl/dh.py -@@ -127,35 +127,48 @@ class _DHPrivateKey(dh.DHPrivateKey): - ) - - def exchange(self, peer_public_key: dh.DHPublicKey) -> bytes: -- buf = self._backend._ffi.new("unsigned char[]", self._key_size_bytes) -- pub_key = self._backend._ffi.new("BIGNUM **") -- self._backend._lib.DH_get0_key( -- peer_public_key._dh_cdata, # type: ignore[attr-defined] -- pub_key, -- self._backend._ffi.NULL, -+ if not isinstance(peer_public_key, _DHPublicKey): -+ raise TypeError("peer_public_key must be a DHPublicKey") -+ -+ ctx = self._backend._lib.EVP_PKEY_CTX_new( -+ self._evp_pkey, self._backend._ffi.NULL - ) -- self._backend.openssl_assert(pub_key[0] != self._backend._ffi.NULL) -- res = self._backend._lib.DH_compute_key( -- buf, pub_key[0], self._dh_cdata -+ self._backend.openssl_assert(ctx != self._backend._ffi.NULL) -+ ctx = self._backend._ffi.gc(ctx, self._backend._lib.EVP_PKEY_CTX_free) -+ res = self._backend._lib.EVP_PKEY_derive_init(ctx) -+ self._backend.openssl_assert(res == 1) -+ res = self._backend._lib.EVP_PKEY_derive_set_peer( -+ ctx, peer_public_key._evp_pkey -+ ) -+ # Invalid kex errors here in OpenSSL 3.0 because checks were moved -+ # to EVP_PKEY_derive_set_peer -+ self._exchange_assert(res == 1) -+ keylen = self._backend._ffi.new("size_t *") -+ res = self._backend._lib.EVP_PKEY_derive( -+ ctx, self._backend._ffi.NULL, keylen - ) -+ # Invalid kex errors here in OpenSSL < 3 -+ self._exchange_assert(res == 1) -+ self._backend.openssl_assert(keylen[0] > 0) -+ buf = self._backend._ffi.new("unsigned char[]", keylen[0]) -+ res = self._backend._lib.EVP_PKEY_derive(ctx, buf, keylen) -+ self._backend.openssl_assert(res == 1) - -- if res == -1: -+ key = self._backend._ffi.buffer(buf, keylen[0])[:] -+ pad = self._key_size_bytes - len(key) -+ -+ if pad > 0: -+ key = (b"\x00" * pad) + key -+ -+ return key -+ -+ def _exchange_assert(self, ok): -+ if not ok: - errors_with_text = self._backend._consume_errors_with_text() - raise ValueError( -- "Error computing shared key. Public key is likely invalid " -- "for this exchange.", -+ "Error computing shared key.", - errors_with_text, - ) -- else: -- self._backend.openssl_assert(res >= 1) -- -- key = self._backend._ffi.buffer(buf)[:res] -- pad = self._key_size_bytes - len(key) -- -- if pad > 0: -- key = (b"\x00" * pad) + key -- -- return key - - def public_key(self) -> dh.DHPublicKey: - dh_cdata = _dh_params_dup(self._dh_cdata, self._backend) -diff --git a/tests/hazmat/primitives/test_dh.py b/tests/hazmat/primitives/test_dh.py -index bb29919f..2914f7e7 100644 ---- a/tests/hazmat/primitives/test_dh.py -+++ b/tests/hazmat/primitives/test_dh.py -@@ -296,6 +296,12 @@ class TestDH(object): - assert isinstance(key.private_numbers(), dh.DHPrivateNumbers) - assert isinstance(key.parameters(), dh.DHParameters) - -+ def test_exchange_wrong_type(self, backend): -+ parameters = FFDH3072_P.parameters(backend) -+ key1 = parameters.generate_private_key() -+ with pytest.raises(TypeError): -+ key1.exchange(b"invalidtype") # type: ignore[arg-type] -+ - def test_exchange(self, backend): - parameters = FFDH3072_P.parameters(backend) - assert isinstance(parameters, dh.DHParameters) -@@ -386,16 +392,11 @@ class TestDH(object): - key2 = private2.private_key(backend) - pub_key2 = key2.public_key() - -- if pub_key2.public_numbers().y >= parameters1.p: -- with pytest.raises(ValueError): -- key1.exchange(pub_key2) -- else: -- symkey1 = key1.exchange(pub_key2) -- assert symkey1 -- -- symkey2 = key2.exchange(pub_key1) -+ with pytest.raises(ValueError): -+ key1.exchange(pub_key2) - -- assert symkey1 != symkey2 -+ with pytest.raises(ValueError): -+ key2.exchange(pub_key1) - - @pytest.mark.skip_fips(reason="key_size too small for FIPS") - @pytest.mark.supported( --- -2.30.2 - diff --git a/SOURCES/0004-3.0.0-deprecated-func-and-it-isn-t-useful-to-us-in-g.patch b/SOURCES/0004-3.0.0-deprecated-func-and-it-isn-t-useful-to-us-in-g.patch deleted file mode 100644 index 454fd74..0000000 --- a/SOURCES/0004-3.0.0-deprecated-func-and-it-isn-t-useful-to-us-in-g.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 417984a48106626b5f6a62763113c0ed1f741f5b Mon Sep 17 00:00:00 2001 -From: Paul Kehrer -Date: Wed, 30 Jun 2021 06:14:42 -0500 -Subject: [PATCH 4/5] 3.0.0 deprecated func and it isn't useful to us in - general (#6148) - -remove it everywhere and assert on the code/lib/reason ---- - src/cryptography/hazmat/bindings/openssl/binding.py | 11 ++++------- - tests/hazmat/bindings/test_openssl.py | 5 ++--- - 2 files changed, 6 insertions(+), 10 deletions(-) - -diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py -index 6dcec26a..f651ab67 100644 ---- a/src/cryptography/hazmat/bindings/openssl/binding.py -+++ b/src/cryptography/hazmat/bindings/openssl/binding.py -@@ -15,15 +15,14 @@ from cryptography.hazmat.bindings._openssl import ffi, lib - from cryptography.hazmat.bindings.openssl._conditional import CONDITIONAL_NAMES - - _OpenSSLErrorWithText = collections.namedtuple( -- "_OpenSSLErrorWithText", ["code", "lib", "func", "reason", "reason_text"] -+ "_OpenSSLErrorWithText", ["code", "lib", "reason", "reason_text"] - ) - - - class _OpenSSLError(object): -- def __init__(self, code, lib, func, reason): -+ def __init__(self, code, lib, reason): - self._code = code - self._lib = lib -- self._func = func - self._reason = reason - - def _lib_reason_match(self, lib, reason): -@@ -31,7 +30,6 @@ class _OpenSSLError(object): - - code = utils.read_only_property("_code") - lib = utils.read_only_property("_lib") -- func = utils.read_only_property("_func") - reason = utils.read_only_property("_reason") - - -@@ -43,10 +41,9 @@ def _consume_errors(lib): - break - - err_lib = lib.ERR_GET_LIB(code) -- err_func = lib.ERR_GET_FUNC(code) - err_reason = lib.ERR_GET_REASON(code) - -- errors.append(_OpenSSLError(code, err_lib, err_func, err_reason)) -+ errors.append(_OpenSSLError(code, err_lib, err_reason)) - - return errors - -@@ -60,7 +57,7 @@ def _errors_with_text(errors): - - errors_with_text.append( - _OpenSSLErrorWithText( -- err.code, err.lib, err.func, err.reason, err_text_reason -+ err.code, err.lib, err.reason, err_text_reason - ) - ) - -diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py -index 4d1e3b55..1d9b87ba 100644 ---- a/tests/hazmat/bindings/test_openssl.py -+++ b/tests/hazmat/bindings/test_openssl.py -@@ -91,11 +91,10 @@ class TestOpenSSL(object): - _openssl_assert(b.lib, False) - - error = exc_info.value.err_code[0] -- # As of 3.0.0 OpenSSL sets func codes to 0, so the combined -- # code is a different value -+ # As of 3.0.0 OpenSSL no longer sets func codes (which we now also -+ # ignore), so the combined code is a different value - assert error.code in (101183626, 50331786) - assert error.lib == b.lib.ERR_LIB_EVP -- assert error.func == b.lib.EVP_F_EVP_ENCRYPTFINAL_EX - assert error.reason == b.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH - assert b"data not multiple of block length" in error.reason_text - --- -2.31.1 - diff --git a/SOURCES/0004-Disable-test_openssl_assert_error_on_stack-in-FIPS-m.patch b/SOURCES/0004-Disable-test_openssl_assert_error_on_stack-in-FIPS-m.patch new file mode 100644 index 0000000..7afce54 --- /dev/null +++ b/SOURCES/0004-Disable-test_openssl_assert_error_on_stack-in-FIPS-m.patch @@ -0,0 +1,24 @@ +From 820d9527070ad2c7724dcecf1a35dbac7d68621d Mon Sep 17 00:00:00 2001 +From: Christian Heimes +Date: Tue, 1 Mar 2022 16:22:51 +0100 +Subject: [PATCH 4/5] Disable test_openssl_assert_error_on_stack in FIPS mode + +--- + tests/hazmat/bindings/test_openssl.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py +index 129928ac0..9839aec4d 100644 +--- a/tests/hazmat/bindings/test_openssl.py ++++ b/tests/hazmat/bindings/test_openssl.py +@@ -84,6 +84,7 @@ class TestOpenSSL(object): + with pytest.raises(AttributeError): + b.lib.TLS_ST_OK + ++ @pytest.mark.skip_fips(reason="FIPS maps to different error codes") + def test_openssl_assert_error_on_stack(self): + b = Binding() + b.lib.ERR_put_error( +-- +2.35.1 + diff --git a/SOURCES/0005-Fixed-serialization-of-keyusage-ext-with-no-bits-693.patch b/SOURCES/0005-Fixed-serialization-of-keyusage-ext-with-no-bits-693.patch new file mode 100644 index 0000000..7f2ff56 --- /dev/null +++ b/SOURCES/0005-Fixed-serialization-of-keyusage-ext-with-no-bits-693.patch @@ -0,0 +1,67 @@ +From 89af85f9d4fc2ef3e89ad1b2a58c751f00f54a4f Mon Sep 17 00:00:00 2001 +From: Alex Gaynor +Date: Thu, 3 Mar 2022 16:24:21 -0500 +Subject: [PATCH 5/5] Fixed serialization of keyusage ext with no bits (#6930) + +fixes #6926 +--- + src/rust/src/x509/extensions.rs | 17 +++++++++++------ + tests/x509/test_x509_ext.py | 14 ++++++++++++++ + 2 files changed, 25 insertions(+), 6 deletions(-) + +diff --git a/src/rust/src/x509/extensions.rs b/src/rust/src/x509/extensions.rs +index 606566dd9..68b9839a0 100644 +--- a/src/rust/src/x509/extensions.rs ++++ b/src/rust/src/x509/extensions.rs +@@ -135,12 +135,17 @@ pub(crate) fn encode_extension( + certificate::set_bit(&mut bs, 7, ext.getattr("encipher_only")?.is_true()?); + certificate::set_bit(&mut bs, 8, ext.getattr("decipher_only")?.is_true()?); + } +- let bits = if bs[1] == 0 { &bs[..1] } else { &bs[..] }; +- let unused_bits = bits.last().unwrap().trailing_zeros() as u8; +- Ok(Some(asn1::write_single(&asn1::BitString::new( +- bits, +- unused_bits, +- )))) ++ let (bits, unused_bits) = if bs[1] == 0 { ++ if bs[0] == 0 { ++ (&[][..], 0) ++ } else { ++ (&bs[..1], bs[0].trailing_zeros() as u8) ++ } ++ } else { ++ (&bs[..], bs[1].trailing_zeros() as u8) ++ }; ++ let v = asn1::BitString::new(bits, unused_bits).unwrap(); ++ Ok(Some(asn1::write_single(&v))) + } else if oid == &*oid::AUTHORITY_INFORMATION_ACCESS_OID + || oid == &*oid::SUBJECT_INFORMATION_ACCESS_OID + { +diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py +index 66ac43d95..2bbba8ec6 100644 +--- a/tests/x509/test_x509_ext.py ++++ b/tests/x509/test_x509_ext.py +@@ -1137,6 +1137,20 @@ class TestKeyUsage(object): + ), + b"\x03\x02\x02\x94", + ), ++ ( ++ x509.KeyUsage( ++ digital_signature=False, ++ content_commitment=False, ++ key_encipherment=False, ++ data_encipherment=False, ++ key_agreement=False, ++ key_cert_sign=False, ++ crl_sign=False, ++ encipher_only=False, ++ decipher_only=False, ++ ), ++ b"\x03\x01\x00", ++ ), + ], + ) + def test_public_bytes(self, ext, serialized): +-- +2.35.1 + diff --git a/SOURCES/0005-remove-unneeded-binding-6150.patch b/SOURCES/0005-remove-unneeded-binding-6150.patch deleted file mode 100644 index 5083ccf..0000000 --- a/SOURCES/0005-remove-unneeded-binding-6150.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 4df2a650e2f8be0dc118128d39aebe6f32d06d43 Mon Sep 17 00:00:00 2001 -From: Paul Kehrer -Date: Wed, 30 Jun 2021 21:12:46 -0500 -Subject: [PATCH 5/5] remove unneeded binding (#6150) - ---- - src/_cffi_src/openssl/err.py | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py -index 8cfeaf5b..8d838d4f 100644 ---- a/src/_cffi_src/openssl/err.py -+++ b/src/_cffi_src/openssl/err.py -@@ -40,7 +40,6 @@ void ERR_clear_error(void); - void ERR_put_error(int, int, int, const char *, int); - - int ERR_GET_LIB(unsigned long); --int ERR_GET_FUNC(unsigned long); - int ERR_GET_REASON(unsigned long); - - """ --- -2.31.1 - diff --git a/SOURCES/0006-Specify-the-out-length-for-poly1305.patch b/SOURCES/0006-Specify-the-out-length-for-poly1305.patch deleted file mode 100644 index 1df278f..0000000 --- a/SOURCES/0006-Specify-the-out-length-for-poly1305.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 076560a9507bbe26180f499adf750bc3851b97e8 Mon Sep 17 00:00:00 2001 -From: Alex Gaynor -Date: Mon, 11 Oct 2021 09:43:28 -0400 -Subject: [PATCH] Specify the out length when obtaining the tag for poly1305 - ---- - src/cryptography/hazmat/backends/openssl/poly1305.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/cryptography/hazmat/backends/openssl/poly1305.py b/src/cryptography/hazmat/backends/openssl/poly1305.py -index 35f6819ce8..2ddae9847a 100644 ---- a/src/cryptography/hazmat/backends/openssl/poly1305.py -+++ b/src/cryptography/hazmat/backends/openssl/poly1305.py -@@ -51,7 +51,7 @@ def update(self, data): - - def finalize(self): - buf = self._backend._ffi.new("unsigned char[]", _POLY1305_TAG_SIZE) -- outlen = self._backend._ffi.new("size_t *") -+ outlen = self._backend._ffi.new("size_t *", _POLY1305_TAG_SIZE) - res = self._backend._lib.EVP_DigestSignFinal(self._ctx, buf, outlen) - self._backend.openssl_assert(res != 0) - self._backend.openssl_assert(outlen[0] == _POLY1305_TAG_SIZE) diff --git a/SPECS/python-cryptography.spec b/SPECS/python-cryptography.spec index bfd079f..0c19428 100644 --- a/SPECS/python-cryptography.spec +++ b/SPECS/python-cryptography.spec @@ -6,8 +6,8 @@ %global pyo3_version 0.13.1 Name: python-%{srcname} -Version: 3.4.7 -Release: 8%{?dist} +Version: 36.0.1 +Release: 1%{?dist} Summary: PyCA's cryptography library License: ASL 2.0 or BSD @@ -17,14 +17,11 @@ Source0: https://github.com/pyca/cryptography/archive/%{version}/%{srcnam Source1: cryptography-%{version}-vendor.tar.bz2 Source2: conftest-skipper.py -# OpenSSL 3.0.0 patches -Patch1: 0001-fix-pkcs12-parse-ordering.-fixes-5872-5879.patch -Patch2: 0002-WIP-3.0.0-support-5250.patch -Patch3: 0003-switch-to-using-EVP_PKEY_derive-instead-of-DH_comput.patch -Patch4: 0004-3.0.0-deprecated-func-and-it-isn-t-useful-to-us-in-g.patch -Patch5: 0005-remove-unneeded-binding-6150.patch -# OpenSSL 3.0.1 patches -Patch6: 0006-Specify-the-out-length-for-poly1305.patch +Patch1: 0001-Block-TripleDES-in-FIPS-mode-6879.patch +Patch2: 0002-Disable-DSA-tests-in-FIPS-mode-6916.patch +Patch3: 0003-fixes-6927-handle-negative-return-values-from-openss.patch +Patch4: 0004-Disable-test_openssl_assert_error_on_stack-in-FIPS-m.patch +Patch5: 0005-Fixed-serialization-of-keyusage-ext-with-no-bits-693.patch ExclusiveArch: %{rust_arches} @@ -110,13 +107,15 @@ rm -rf tests/hypothesis cat < %{SOURCE2} >> tests/conftest.py %endif -# see https://github.com/pyca/cryptography/issues/4885 and -# see https://bugzilla.redhat.com/show_bug.cgi?id=1761194 for deselected tests +# enable SHA-1 signatures for RSA tests +# also see https://github.com/pyca/cryptography/pull/6931 and rhbz#2060343 +export OPENSSL_ENABLE_SHA1_SIGNATURES=yes + # see rhbz#2042413 for memleak. It's unstable with openssl 3.0.1 and makes # not much sense for downstream testing. PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \ %{__python3} -m pytest \ - -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve or test_openssl_memleak)" + -k "not (test_openssl_memleak)" %endif %files -n python%{python3_pkgversion}-%{srcname} @@ -126,6 +125,16 @@ PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \ %{python3_sitearch}/%{srcname}-%{version}-py*.egg-info %changelog +* Fri Mar 04 2022 Christian Heimes - 36.0.1-6 +- Rebase to 36.0.1, related: rhbz#2059630, rhbz#2060787 +- OpenSSL 3.0 FIPS mode is now detected correctly, related: rhbz#2054785 +- Fix error check from EVP_PKEY_CTX_set_signature_md, related: rhbz#2060343 +- Block 3DES in FIPS mode, related: rhbz#2055209 +- Disable DSA tests in FIPS mode +- Enable SHA1 signatures in test suite +- Fix serialization of keyusage ext with no bits +- Re-enable tests that are passing again + * Tue Feb 08 2022 Tomas Orsava - 3.4.7-8 - Skip unstable memleak tests, backported from Fedora (BZ#2042413) - Related: rhbz#1990421