Package: python-cryptography
Version: 2.6.1-3
Severity: serious
The upload of latest openssl 1.1.1d triggert three testsuite failures in
python-cryptography [0]
- _________________ test_buffer_protocol_alternate_modes[mode5]
__________________
|mode = <cryptography.hazmat.primitives.ciphers.modes.XTS object at
0x7f0c8ceaba50>
|backend = <cryptography.hazmat.backends.openssl.backend.Backend object at
0x7f0c95a29cd0>
|
| @pytest.mark.parametrize(
| "mode",
| [
| modes.CBC(bytearray(b"\x00" * 16)),
| modes.CTR(bytearray(b"\x00" * 16)),
| modes.OFB(bytearray(b"\x00" * 16)),
| modes.CFB(bytearray(b"\x00" * 16)),
| modes.CFB8(bytearray(b"\x00" * 16)),
| modes.XTS(bytearray(b"\x00" * 16)),
| ]
| )
| @pytest.mark.requires_backend_interface(interface=CipherBackend)
| def test_buffer_protocol_alternate_modes(mode, backend):
| data = bytearray(b"sixteen_byte_msg")
| cipher = base.Cipher(
| algorithms.AES(bytearray(b"\x00" * 32)), mode, backend
| )
|> enc = cipher.encryptor()
|
|tests/hazmat/primitives/test_aes.py:495:
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_
|/usr/lib/python2.7/dist-packages/cryptography/hazmat/primitives/ciphers/base.py:121:
in encryptor
| self.algorithm, self.mode
|/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py:295:
in create_symmetric_encryption_ctx
| return _CipherContext(self, cipher, mode, _CipherContext._ENCRYPT)
|/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ciphers.py:116:
in __init__
| self._backend.openssl_assert(res != 0)
|/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py:125:
in openssl_assert
| return binding._openssl_assert(self._lib, ok)
This is due to commit 2a5f63c9a61be ("Allow AES XTS decryption using duplicate
keys.").
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a5f63c9a61be
- _____________________ TestDH.test_dh_parameters_supported
______________________
|self = <tests.hazmat.primitives.test_dh.TestDH object at 0x7f0c65bbb3d0>
|backend = <cryptography.hazmat.backends.openssl.backend.Backend object at
0x7f0c95a29cd0>
|
| def test_dh_parameters_supported(self, backend):
| assert backend.dh_parameters_supported(23, 5)
|> assert not backend.dh_parameters_supported(23, 18)
|E assert not True
|E + where True = <bound method Backend.dh_parameters_supported of
<cryptography.hazmat.backends.openssl.backend.Backend object at
0x7f0c95a29cd0>>(23, 18)
|E + where <bound method Backend.dh_parameters_supported of
<cryptography.hazmat.backends.openssl.backend.Backend object at
0x7f0c95a29cd0>> = <cryptography.hazmat.backends.openssl.backend.Backend object
at 0x7f0c95a29cd0>.dh_parameters_supported
|
|tests/hazmat/primitives/test_dh.py:161: AssertionError
This is due to commit ddd16c2fe988e ("Change DH parameters to generate the
order q subgroup instead of 2q").
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddd16c2fe988e
- _____________ TestECDSACertificate.test_load_ecdsa_no_named_curve
______________
|self = <tests.x509.test_x509.TestECDSACertificate object at 0x7f0c609e3590>
|backend = <cryptography.hazmat.backends.openssl.backend.Backend object at
0x7f0c95a29cd0>
|
| def test_load_ecdsa_no_named_curve(self, backend):
| _skip_curve_unsupported(backend, ec.SECP256R1())
| cert = _load_cert(
| os.path.join("x509", "custom", "ec_no_named_curve.pem"),
| x509.load_pem_x509_certificate,
| backend
| )
| with pytest.raises(NotImplementedError):
|> cert.public_key()
|E Failed: DID NOT RAISE <type 'exceptions.NotImplementedError'>
|
|tests/x509/test_x509.py:3722: Failed
This is due to commit 9a43a733801bd ("[ec] Match built-in curves on
EC_GROUP_new_from_ecparameters").
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a43a733801bd
The first two changes in OpenSSL have been made on purporse and I'm not
sure about the last one.
Could someone please comment?
[0]
https://ci.debian.net/data/autopkgtest/testing/amd64/p/python-cryptography/2969575/log.gz
Sebastian
