This bug was initially created as a copy of Bug #2171817 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.
c9s pull request: https://gitlab.com/redhat/centos-stream/rpms/python-cryptography/-/merge_requests/10
Verified manually on RHEL9.3 nightly machine with python3-cffi-1.14.5-5.el9.x86_64 and python3-cryptography-36.0.1-3.el9.x86_64 # python3 Python 3.9.16 (main, Dec 8 2022, 00:00:00) [GCC 11.3.1 20221121 (Red Hat 11.3.1-4)] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import os >>> from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes >>> c = Cipher(algorithms.AES(os.urandom(16)), modes.ECB()) >>> encryptor = c.encryptor() >>> buf = b"\x00" * 32 >>> encryptor.update_into(b"\xff" * 16, buf) Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib64/python3.9/site-packages/cryptography/hazmat/primitives/ciphers/base.py", line 128, in update_into return self._ctx.update_into(data, buf) File "/usr/lib64/python3.9/site-packages/cryptography/hazmat/backends/openssl/ciphers.py", line 158, in update_into baseoutbuf = self._backend._ffi.from_buffer(buf, require_writable=True) BufferError: Object is not writable. >>> buf == b"\x00" * 32 True Marking as verified.
*** Bug 2175093 has been marked as a duplicate of this bug. ***