Package: python-cryptography Version: 2.6.1-3 Severity: serious The upload of latest openssl 1.1.1d triggert three testsuite failures in python-cryptography [0]
- _________________ test_buffer_protocol_alternate_modes[mode5] __________________ |mode = <cryptography.hazmat.primitives.ciphers.modes.XTS object at 0x7f0c8ceaba50> |backend = <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7f0c95a29cd0> | | @pytest.mark.parametrize( | "mode", | [ | modes.CBC(bytearray(b"\x00" * 16)), | modes.CTR(bytearray(b"\x00" * 16)), | modes.OFB(bytearray(b"\x00" * 16)), | modes.CFB(bytearray(b"\x00" * 16)), | modes.CFB8(bytearray(b"\x00" * 16)), | modes.XTS(bytearray(b"\x00" * 16)), | ] | ) | @pytest.mark.requires_backend_interface(interface=CipherBackend) | def test_buffer_protocol_alternate_modes(mode, backend): | data = bytearray(b"sixteen_byte_msg") | cipher = base.Cipher( | algorithms.AES(bytearray(b"\x00" * 32)), mode, backend | ) |> enc = cipher.encryptor() | |tests/hazmat/primitives/test_aes.py:495: |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |/usr/lib/python2.7/dist-packages/cryptography/hazmat/primitives/ciphers/base.py:121: in encryptor | self.algorithm, self.mode |/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py:295: in create_symmetric_encryption_ctx | return _CipherContext(self, cipher, mode, _CipherContext._ENCRYPT) |/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ciphers.py:116: in __init__ | self._backend.openssl_assert(res != 0) |/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py:125: in openssl_assert | return binding._openssl_assert(self._lib, ok) This is due to commit 2a5f63c9a61be ("Allow AES XTS decryption using duplicate keys."). https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a5f63c9a61be - _____________________ TestDH.test_dh_parameters_supported ______________________ |self = <tests.hazmat.primitives.test_dh.TestDH object at 0x7f0c65bbb3d0> |backend = <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7f0c95a29cd0> | | def test_dh_parameters_supported(self, backend): | assert backend.dh_parameters_supported(23, 5) |> assert not backend.dh_parameters_supported(23, 18) |E assert not True |E + where True = <bound method Backend.dh_parameters_supported of <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7f0c95a29cd0>>(23, 18) |E + where <bound method Backend.dh_parameters_supported of <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7f0c95a29cd0>> = <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7f0c95a29cd0>.dh_parameters_supported | |tests/hazmat/primitives/test_dh.py:161: AssertionError This is due to commit ddd16c2fe988e ("Change DH parameters to generate the order q subgroup instead of 2q"). https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddd16c2fe988e - _____________ TestECDSACertificate.test_load_ecdsa_no_named_curve ______________ |self = <tests.x509.test_x509.TestECDSACertificate object at 0x7f0c609e3590> |backend = <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7f0c95a29cd0> | | def test_load_ecdsa_no_named_curve(self, backend): | _skip_curve_unsupported(backend, ec.SECP256R1()) | cert = _load_cert( | os.path.join("x509", "custom", "ec_no_named_curve.pem"), | x509.load_pem_x509_certificate, | backend | ) | with pytest.raises(NotImplementedError): |> cert.public_key() |E Failed: DID NOT RAISE <type 'exceptions.NotImplementedError'> | |tests/x509/test_x509.py:3722: Failed This is due to commit 9a43a733801bd ("[ec] Match built-in curves on EC_GROUP_new_from_ecparameters"). https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a43a733801bd The first two changes in OpenSSL have been made on purporse and I'm not sure about the last one. Could someone please comment? [0] https://ci.debian.net/data/autopkgtest/testing/amd64/p/python-cryptography/2969575/log.gz Sebastian