This bug was initially created as a copy of Bug #2171817 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.
c8s pull request: https://gitlab.com/redhat/centos-stream/rpms/python-cryptography/-/merge_requests/11
Verified manually using nightly RHEL8.9 machine with python3-cffi-1.11.5-6.el8.x86_64 and python3-cryptography-3.2.1-6.el8.x86_64. # python3 Python 3.6.8 (default, Jan 23 2023, 22:31:05) [GCC 8.5.0 20210514 (Red Hat 8.5.0-18)] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import os >>> from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes >>> c = Cipher(algorithms.AES(os.urandom(16)), modes.ECB()) >>> encryptor = c.encryptor() >>> buf = b"\x00" * 32 >>> encryptor.update_into(b"\xff" * 16, buf) Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/primitives/ciphers/base.py", line 159, in update_into return self._ctx.update_into(data, buf) File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/ciphers.py", line 138, in update_into baseoutbuf = self._backend._ffi.from_buffer(buf, require_writable=True) BufferError: Object is not writable. >>> buf == b"\x00" * 32 True Marking as Verified.
*** Bug 2175092 has been marked as a duplicate of this bug. ***