Bug#1006008: python-cryptography: FTBFS with OpenSSL 3.0

[Sebastian Andrzej Siewior]

Source: python-cryptography
Version: 3.4.8-1
Severity: important
Tags: bookworm sid
User: pkg-open...@lists.alioth.debian.org
Usertags: ftbfs-3.0
control: forwarded -1 https://github.com/pyca/cryptography/pull/6000

Your package is failing to build using OpenSSL 3.0 with the
following error:

| =================================== FAILURES ===================================
| ______________________ TestPoly1305.test_vectors[vector0] ______________________
|
| self = <tests.hazmat.primitives.test_poly1305.TestPoly1305 object at 0x7f1d0612e6b0>
| vector = {'key': b'0000000000000000000000000000000000000000000000000000000000000000', 'msg': b'00000000000000000000000000000000...0000000000000000000000000000000000000000000000000000000000000000000000000', 'tag': b'00000000000000000000000000000000'}
| backend = <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7f1d11008c10>
|
| @pytest.mark.parametrize(
| "vector",
| load_vectors_from_file(
| os.path.join("poly1305", "rfc7539.txt"), load_nist_vectors
| ),
| )
| def test_vectors(self, vector, backend):
| key = binascii.unhexlify(vector["key"])
| msg = binascii.unhexlify(vector["msg"])
| tag = binascii.unhexlify(vector["tag"])
| poly = Poly1305(key)
| poly.update(msg)
| > assert poly.finalize() == tag
|
| ../../../tests/hazmat/primitives/test_poly1305.py:51:
| _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| cryptography/hazmat/primitives/poly1305.py:34: in finalize
| mac = self._ctx.finalize()
| cryptography/hazmat/backends/openssl/poly1305.py:56: in finalize
| self._backend.openssl_assert(res != 0)
| cryptography/hazmat/backends/openssl/backend.py:242: in openssl_assert
| return binding._openssl_assert(self._lib, ok, errors=errors)
| _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
|
| lib = <module 'lib'>, ok = False
| errors = [<cryptography.hazmat.bindings.openssl.binding._OpenSSLError object at 0x7f1d0612e980>]
|
| def _openssl_assert(lib, ok, errors=None):
| if not ok:
| if errors is None:
| errors = _consume_errors(lib)
| errors_with_text = _errors_with_text(errors)
|
| > raise InternalError(
| "Unknown OpenSSL error. This error is commonly encountered when "
| "another library is not cleaning up the OpenSSL error stack. If "
| "you are using cryptography with another library that uses "
| "OpenSSL try disabling it before reporting a bug. Otherwise "
| "please file an issue at https://github.com/pyca/cryptography/"
| "issues with information on how to reproduce "
| "this. ({0!r})".format(errors_with_text),
| errors_with_text,
| )
| E cryptography.exceptions.InternalError: Unknown OpenSSL error. This error is commonly encountered when another library is not cleaning up the OpenSSL error stack. If you are using cryptography with another library that uses OpenSSL try disabling it before reporting a bug. Otherwise please file an issue at https://github.com/pyca/cryptography/issues with information on how to reproduce this. ([_OpenSSLErrorWithText(code=50331803, lib=6, reason=155, reason_text=b'error:0300009B:digital envelope routines::buffer too small')])
|
| cryptography/hazmat/bindings/openssl/binding.py:77: InternalError

Full build log:
https://people.debian.org/~bigeasy/openssl-rebuild-3/attempted/python-cryptography_3.4.8-1_amd64-2022-02-15T03:33:24Z

For more information see:
https://www.openssl.org/docs/man3.0/man7/migration_guide.html

Sebastian

[Agathe Porte]

Hi,

On Fri, 18 Feb 2022 22:13:59 +0100 Sebastian Andrzej Siewior
<seba...@breakpoint.cc> wrote:

> Source: python-cryptography
> Version: 3.4.8-1
> Severity: important
> Tags: bookworm sid
> User: pkg-open...@lists.alioth.debian.org
> Usertags: ftbfs-3.0
> control: forwarded -1 https://github.com/pyca/cryptography/pull/6000
>
> Your package is failing to build using OpenSSL 3.0 with the
> following error:

Looks like an upgrade to at least v35.0.0 is needed to fix this issue:
https://github.com/pyca/cryptography/issues/7039#issuecomment-1088566628=

Bests,

Agata.