check if the ciphers are supported by m2crypto before using them #411

inikolcev · 2020-06-03T15:32:09Z

fixes #405

It looks like AES-CTR was introduced in m2crypto version 0.25.0
This adds a method to check if the ciphers are supported and if not, it falls back to the python implementation for that cipher.

This change is

tomato42

Reviewed 1 of 1 files at r1.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @inikolcev)

tlslite/utils/openssl_aes.py, line 12 at r1 (raw file):

if m2cryptoLoaded:

    def check_cipher_support(mode):

why here not in tlslite/utils/cipherfactory.py?
this check is not free, couldn't we do it once?

lgtm-com · 2020-06-05T10:54:37Z

This pull request fixes 1 alert when merging 4d22cc9 into 7c6fbf9 - view on LGTM.com

fixed alerts:

1 for Unused import

tomato42

Reviewed 2 of 2 files at r2.
Reviewable status: all files reviewed, 2 unresolved discussions (waiting on @inikolcev)

tlslite/utils/cryptomath.py, line 34 at r2 (raw file):

    m2cryptoLoaded = True
    m2cryptoAesCBC = False
    m2cryptoAesCTR = False

as pylint points out, the this is a constant, so it should use all-caps name

tlslite/utils/cryptomath.py, line 36 at r2 (raw file):

    m2cryptoAesCTR = False
    if hasattr(m2, 'aes_192_cbc'):
        m2cryptoAesCBC = True

are there really versions of m2crypto that don't support cbc? why we're looking for aes_192 when no tls cipher uses aes_192?

inikolcev · 2020-06-05T11:44:13Z

as pylint points out, the this is a constant, so it should use all-caps name

Yep, will fix it.

are there really versions of m2crypto that don't support cbc? why we're looking for aes_192 when no tls cipher uses aes_192?

I'm not sure actually if there are versions without cbc support, didn't see anything in the m2crypto changelog. We use it heavily so I figured it won't hurt to have a check for it too. Do you think it is not needed?

I don't think it matters in which key size we are looking, if one is supported they all are.

tomato42

We use it heavily so I figured it won't hurt to have a check for it too. Do you think it is not needed?

it's a fine cross-check, but if AES-CBC is not there, I think we can assume that it's not real m2crypto ans simply say that we didn't detect m2crypto, so the fallback to python implementation happens earlier

Reviewable status: all files reviewed, 2 unresolved discussions (waiting on @inikolcev)

lgtm-com · 2020-06-05T13:49:29Z

This pull request fixes 1 alert when merging c47d290 into b60b6d1 - view on LGTM.com

fixed alerts:

1 for Unused import

tomato42

Reviewed 3 of 3 files at r3.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @inikolcev)

tomato42

Reviewable status: complete! all files reviewed, all discussions resolved

lgtm-com · 2020-06-05T14:32:22Z

This pull request fixes 1 alert when merging 5d498f7 into b60b6d1 - view on LGTM.com

fixed alerts:

1 for Unused import

tomato42

Reviewed 1 of 1 files at r4.
Reviewable status: complete! all files reviewed, all discussions resolved

lgtm-com · 2020-06-05T15:03:07Z

This pull request fixes 1 alert when merging 3ee3b48 into b60b6d1 - view on LGTM.com

fixed alerts:

1 for Unused import

tomato42

Reviewed 1 of 1 files at r5.
Reviewable status: complete! all files reviewed, all discussions resolved

lgtm-com · 2020-06-05T15:53:13Z

This pull request fixes 1 alert when merging e7b276c into 1bb89a9 - view on LGTM.com

fixed alerts:

1 for Unused import

tomato42

Reviewed 1 of 1 files at r6.
Reviewable status: complete! all files reviewed, all discussions resolved

lgtm-com · 2020-06-05T16:47:57Z

This pull request fixes 1 alert when merging c86b766 into 1bb89a9 - view on LGTM.com

fixed alerts:

1 for Unused import

tomato42

Reviewed 1 of 1 files at r7.
Reviewable status: complete! all files reviewed, all discussions resolved

lgtm-com · 2020-06-07T22:19:04Z

This pull request fixes 1 alert when merging d56bae0 into 1bb89a9 - view on LGTM.com

fixed alerts:

1 for Unused import

lgtm-com · 2020-06-07T22:48:57Z

This pull request fixes 1 alert when merging 94661a3 into 1bb89a9 - view on LGTM.com

fixed alerts:

1 for Unused import

lgtm-com · 2020-06-07T23:01:52Z

This pull request fixes 1 alert when merging 5984f53 into 1bb89a9 - view on LGTM.com

fixed alerts:

1 for Unused import

lgtm-com · 2020-06-08T00:03:53Z

This pull request fixes 1 alert when merging a54e566 into 1bb89a9 - view on LGTM.com

fixed alerts:

1 for Unused import

inikolcev · 2020-06-08T08:29:05Z

@tomato42 I fixed the openssl errors but there were still issues after that so I removed M2CRYPTO_OLD from travis for now.

tomato42

shame, but so be it

Reviewed 1 of 1 files at r8.
Reviewable status: complete! all files reviewed, all discussions resolved

inikolcev requested a review from tomato42 June 3, 2020 17:06

tomato42 requested changes Jun 4, 2020

View reviewed changes

inikolcev force-pushed the check_m2crypto_supported_ciphers branch from 3df9309 to 4d22cc9 Compare June 5, 2020 10:46

tomato42 requested changes Jun 5, 2020

View reviewed changes

tomato42 reviewed Jun 5, 2020

View reviewed changes

inikolcev force-pushed the check_m2crypto_supported_ciphers branch from 4d22cc9 to c47d290 Compare June 5, 2020 13:41

tomato42 reviewed Jun 5, 2020

View reviewed changes