New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for RSA_R_OAEP_DECODING_ERROR error flag. #2323
Add support for RSA_R_OAEP_DECODING_ERROR error flag. #2323
Conversation
@EnTeQuAk thanks for the PR! In this case I think a good test is whatever you used to produce the problem. |
Current coverage is
|
@reaperhulk added simple test that would fail on decryption without the support of |
Your patch appears to be designed to have it properly raise a |
@reaperhulk that's weird, yeah, if decryption fails (which it does not in the test) a I'll re-check |
@EnTeQuAk your test doesn't expect a failure at all (it just encrypts/decrypts and asserts that decryption was successful), so it isn't going to exercise the failure case (which would require a |
Ah no, it's not expecting a failure. The patch fixes a wrongly raised |
I am still a bit confused I think. The patch adds a new error code to the list of expected codes when |
Thanks, I've been blind. Updated the test 😄 Now this fails on master. |
Thanks to a new GH feature you'll need to merge the latest master into this to be fully up to date before we can merge as well (sorry!) |
|
||
with pytest.raises(ValueError): | ||
RSA_KEY_512_ALT.private_key(backend).decrypt( | ||
ciphertext, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please move the RSA_KEY_512_ALT.private_key(backend)
call outside of the with pytest.raises(ValueError)
block.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
Also this new test passes for me on master without the patch as well, which suggests this issue is specific to a particular OpenSSL. What OS/distro/OpenSSL version are you seeing this on? |
@reaperhulk I'm using OpenSSL 1.0.2d 9 Jul 2015 on ArchLinux |
Sigh, stupid OpenSSL. I'm using 1.0.2d for my tests as well, but can't replicate. Figures. |
jenkins, ok to test |
…ature/add_rsa_r_oaep_decoding_error
Not cool. I'll try to recheck some time tomorrow (CET) what might be going on here. 😞 |
@@ -29,7 +29,7 @@ | |||
from cryptography.hazmat.primitives.ciphers.modes import CBC, CTR, Mode | |||
|
|||
from ..primitives.fixtures_dsa import DSA_KEY_2048 | |||
from ..primitives.fixtures_rsa import RSA_KEY_2048, RSA_KEY_512 | |||
from ..primitives.fixtures_rsa import RSA_KEY_2048, RSA_KEY_512, RSA_KEY_512_ALT |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This line is too long, you'll need to format it:
from ..primitives.fixtures_rsa import (
RSA_KEY_2048, RSA_KEY_512, RSA_KEY_512_ALT
)
@EnTeQuAk have you had a chance to revisit this or would you like us to take it over? It looks like there's just one small PEP8 problem. |
@reaperhulk Hey, sorry, I did not have the time recently to figure it out. I'll fix the pep8 problem shortly, I'm just curious about the fact that the test works for you on master without the patch but it doesn't for me. I need to test this on various machines. In any case, I'm still on it. |
This pull request adds support for the
RSA_R_OAEP_DECODING_ERROR
error flag referenced here: https://github.com/openssl/openssl/blob/master/include/openssl/rsa.h#L626This error code is being raised on error condition (e.g wrong private key) for this code: https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#decryption
I actually didn't see any tests for
RSA_R_PKCS_DECODING_ERROR
flag and don't really know how to test such flags. Please let me know if you need any, I'd be happy for any guidance here 😃