Bug 2043582

Summary: [FTBFS] poly1305 tests are failing with digital envelope routines::buffer too small
Product: Red Hat Enterprise Linux 9 Reporter: Christian Heimes <cheimes>
Component: python-cryptographyAssignee: Christian Heimes <cheimes>
Status: CLOSED ERRATA QA Contact: Kaleem <ksiddiqu>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.0CC: myusuf, ssidhaye
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python3-cryptography-3.4.7-6.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-17 13:45:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Patch based on upstream fix none

Description Christian Heimes 2022-01-21 15:01:42 UTC 
Description of problem:
An API change between OpenSSL 3.0.0 and 3.0.1 broke cryptograhy's poly1305 tests. The issue was introduced by https://github.com/openssl/openssl/pull/16789
and was solved in https://github.com/pyca/cryptography/pull/6403

Version-Release number of selected component (if applicable):
openssl-3.0.1-1.el9.x86_64
python-cryptography-3.4.7-6.el9

How reproducible:
always

Steps to Reproduce:
1. build the package with OpenSSL 3.0.1

Actual results:
DEBUG: _______________________ TestPoly1305.test_invalid_verify _______________________
DEBUG: self = <tests.hazmat.primitives.test_poly1305.TestPoly1305 object at 0x7f30edb24c40>
DEBUG: backend = <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7f30feab18b0>
DEBUG:     def test_invalid_verify(self, backend):
DEBUG:         poly = Poly1305(b"0" * 32)
DEBUG:         poly.update(b"msg")
DEBUG:         with pytest.raises(InvalidSignature):
DEBUG: >           poly.verify(b"")
DEBUG: tests/hazmat/primitives/test_poly1305.py:96: 
DEBUG: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
DEBUG: ../../BUILDROOT/python-cryptography-3.4.7-6.el9.x86_64/usr/lib64/python3.9/site-packages/cryptography/hazmat/primitives/poly1305.py:44: in verify
DEBUG:     ctx.verify(tag)
DEBUG: ../../BUILDROOT/python-cryptography-3.4.7-6.el9.x86_64/usr/lib64/python3.9/site-packages/cryptography/hazmat/backends/openssl/poly1305.py:61: in verify
DEBUG:     mac = self.finalize()
DEBUG: ../../BUILDROOT/python-cryptography-3.4.7-6.el9.x86_64/usr/lib64/python3.9/site-packages/cryptography/hazmat/backends/openssl/poly1305.py:56: in finalize
DEBUG:     self._backend.openssl_assert(res != 0)
DEBUG: ../../BUILDROOT/python-cryptography-3.4.7-6.el9.x86_64/usr/lib64/python3.9/site-packages/cryptography/hazmat/backends/openssl/backend.py:242: in openssl_assert
DEBUG:     return binding._openssl_assert(self._lib, ok, errors=errors)
DEBUG: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
DEBUG: lib = <module 'lib'>, ok = False
DEBUG: errors = [<cryptography.hazmat.bindings.openssl.binding._OpenSSLError object at 0x7f30edb248b0>]
DEBUG:     def _openssl_assert(lib, ok, errors=None):
DEBUG:         if not ok:
DEBUG:             if errors is None:
DEBUG:                 errors = _consume_errors(lib)
DEBUG:             errors_with_text = _errors_with_text(errors)
DEBUG:     
DEBUG: >           raise InternalError(
DEBUG:                 "Unknown OpenSSL error. This error is commonly encountered when "
DEBUG:                 "another library is not cleaning up the OpenSSL error stack. If "
DEBUG:                 "you are using cryptography with another library that uses "
DEBUG:                 "OpenSSL try disabling it before reporting a bug. Otherwise "
DEBUG:                 "please file an issue at https://github.com/pyca/cryptography/"
DEBUG:                 "issues with information on how to reproduce "
DEBUG:                 "this. ({0!r})".format(errors_with_text),
DEBUG:                 errors_with_text,
DEBUG:             )
DEBUG: E           cryptography.exceptions.InternalError: Unknown OpenSSL error. This error is commonly encountered when another library is not cleaning up the OpenSSL error stack. If you are using cryptography with another library that uses OpenSSL try disabling it before reporting a bug. Otherwise please file an issue at https://github.com/pyca/cryptography/issues with information on how to reproduce this. ([_OpenSSLErrorWithText(code=50331803, lib=6, reason=155, reason_text=b'error:0300009B:digital envelope routines::buffer too small')])
DEBUG: ../../BUILDROOT/python-cryptography-3.4.7-6.el9.x86_64/usr/lib64/python3.9/site-packages/cryptography/hazmat/bindings/openssl/binding.py:77: InternalError


Expected results:
No error

Additional info:

Failing build https://centos.softwarefactory-project.io/zuul/t/centos/build/981a623af8264a0dbbea842f38e40106
Comment 1 Christian Heimes 2022-01-21 15:05:47 UTC 
Created attachment 1852519 [details]
Patch based on upstream fix
Comment 5 Mohammad Rizwan 2022-02-03 10:15:23 UTC 
As gating tests passed, marking the bug as verified.
Comment 7 errata-xmlrpc 2022-05-17 13:45:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: python-cryptography), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2580