Re: Incorrect code or Python regression?

Paul Howarth <paul@xxxxxxxxxxxx> · Mon, 22 Jul 2024 15:19:49 +0100

On Sun, 21 Jul 2024 21:35:03 +0200
Miro Hrončok <mhroncok@xxxxxxxxxx> wrote:
> I can reproduce that. But I unable to say whether it's a bug in
> cpython, cryptography or pyo3. The code in cryptography is written in
> Rust and I don't have much experience with hat.
> 
> I suggest reporting this behavior at 
> https://github.com/pyca/cryptography/issues as a starting point.

I have raised this ticket:
https://github.com/pyca/cryptography/issues/11332

Note though that the exception code is all done in Python. The _Reasons
enum and exceptions code in general are in
src/cryptography/exceptions.py and the exception that's being tested is
raised in src/cryptography/hazmat/backends/openssl/rsa.py:

def _rsa_sig_setup(
    backend: "Backend",
    padding: AsymmetricPadding,
    algorithm: typing.Optional[hashes.HashAlgorithm],
    key: typing.Union["_RSAPublicKey", "_RSAPrivateKey"],
    init_func: typing.Callable[[typing.Any], int],
):
    padding_enum = _rsa_sig_determine_padding(backend, key, padding, algorithm)
    pkey_ctx = backend._lib.EVP_PKEY_CTX_new(key._evp_pkey, backend._ffi.NULL)
    backend.openssl_assert(pkey_ctx != backend._ffi.NULL)
    pkey_ctx = backend._ffi.gc(pkey_ctx, backend._lib.EVP_PKEY_CTX_free)
    res = init_func(pkey_ctx)
    if res != 1:
        errors = backend._consume_errors()
        raise ValueError("Unable to sign/verify with this key", errors)

    if algorithm is not None:
        evp_md = backend._evp_md_non_null_from_algorithm(algorithm)
        res = backend._lib.EVP_PKEY_CTX_set_signature_md(pkey_ctx, evp_md)
        if res <= 0:
            backend._consume_errors()
            raise UnsupportedAlgorithm(
                "{} is not supported by this backend for RSA signing.".format(
                    algorithm.name
                ),
                _Reasons.UNSUPPORTED_HASH,
            )

Regards, Paul.
-- 
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue