Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TestDecryptPrivateKey::test_success fails with pyOpenSSL 24.3.0+ #1665

Open
MeggyCal opened this issue Feb 5, 2025 · 1 comment
Open

TestDecryptPrivateKey::test_success fails with pyOpenSSL 24.3.0+ #1665

MeggyCal opened this issue Feb 5, 2025 · 1 comment

Comments

@MeggyCal
Copy link

MeggyCal commented Feb 5, 2025
edited
Loading

Environment details

  • OS: openSUSE Tumbleweed
  • Python version: 3.11, 3.12, 3.13
  • google-auth version: 2.38.0
  • pyOpenSSL version: 25.0.0

Decription

While running the testsuite I encountered a test failure:

[  110s] ______________________ TestDecryptPrivateKey.test_success ______________________
[  110s] 
[  110s] self = <tests.transport.test__mtls_helper.TestDecryptPrivateKey object at 0xf4d69498>
[  110s] 
[  110s]     def test_success(self):
[  110s]         decrypted_key = _mtls_helper.decrypt_private_key(
[  110s]             ENCRYPTED_EC_PRIVATE_KEY, PASSPHRASE_VALUE
[  110s]         )
[  110s]         private_key = crypto.load_privatekey(crypto.FILETYPE_PEM, decrypted_key)
[  110s]         public_key = crypto.load_publickey(crypto.FILETYPE_PEM, EC_PUBLIC_KEY)
[  110s]         x509 = crypto.X509()
[  110s]         x509.set_pubkey(public_key)
[  110s]     
[  110s]         # Test the decrypted key works by signing and verification.
[  110s] >       signature = crypto.sign(private_key, b"data", "sha256")
[  110s] 
[  110s] tests/transport/test__mtls_helper.py:633: 
[  110s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
[  110s] 
[  110s] self = <module 'OpenSSL.crypto' from '/usr/lib/python3.12/site-packages/OpenSSL/crypto.py'>
[  110s] attr = 'sign'
[  110s] 
[  110s]     def __getattr__(self, attr: str) -> object:
[  110s] >       obj = getattr(self._module, attr)
[  110s] E       AttributeError: module 'OpenSSL.crypto' has no attribute 'sign'

Indeed, from pyOpenSSL changelog for 24.3.0:

Removed the deprecated OpenSSL.crypto.sign and OpenSSL.crypto.verify.
cryptography.hazmat.primitives.asymmetric’s signature APIs should be used instead.

Probably it would be best to rewrite the test or better the whole library to cryptography, as recommended by pyOpenSSl.crypto module itself. But I don't really know what I am doing and I am afraid of dinosaurs with laser guns, so please don't expect a PR from me. Could you please think about it? I know it is not a small task.
@MeggyCal
Copy link
Author

MeggyCal commented Feb 5, 2025

Initially I tried to patch it and failed (luckily, because I would probably introduce some security issue if I succeeded). But in the process I found a GitHub issue that might come handy: pyca/cryptography#7939.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MeggyCal