New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can libcrypto dependency be optional? #113
Comments
Can you provide an example environment where you experience the segfault, so that I may reproduce? OS, OS version, Python version and python packages installed? |
Our environment is very old (Debian 5.0.3!) and we build almost everything under custom prefix. But I think mixing binary incompatible OpenSSL in one process is bad thing anyway, even if SEGV is not reproducible in modern environment. |
Can you at least provide an example of how you are using asn1crypto? See, asn1crypto is a dependency of cryptography, so if it were that simple of an issue, we've have many reports about it. The performance code is already optional, but I need to know how to detect the "failure" environment and skip loading the code that improved performance. |
I'm sorry, it was old issue and we forgot exact step. This is only backtrace remains in chat log.
OPENSSL_ia32_cpuid ABI was changed between 0.9.8 and 1.0.1. |
The reason you don't see this more often is that the segfault is caused by this uwsgi bug: unbit/uwsgi#1590 uwsgi by default is built in such a way that it injects a bunch of random shared library symbols into any extension modules it loads. This breaks all kinds of modules, and there isn't any general solution except for fixing uwsgi to not do that. If asn1crypto wants to add a hack to detect when it's running in a broken environment like this, it could do that with some code like: # This opens a magic "dll" that represents "all symbols in the process-global namespace"
# (equivalent to dlopen(NULL, flags))
ambient_namespace = ctypes.CDLL(None)
# Check whether openssl symbols are cluttering up the process-global namespace
if hasattr(ambient_namespace, "some_openssl_symbol")):
# this process is messed up, trying to dlopen libcrypto and use it will probably segfault
# (though maybe you can use the ambient version instead, idk)
... |
Thanks for such useful info @njsmith! This perf enhancement may end end up going away in light of there being doubt via #100 that computing a public key from a private key may allow for timing attacks. In that case we'd defer to a full crypto package for when a private key structure does not include the public key. |
Oh, I should mention that everything I said is Linux-specific (or really ELF specific, so it probably applies to some less-popular Unixes too). Windows and MacOS are immune to this issue and I suspect will raise an error if you try to do |
Thanks for your info, @njsmith. In our case, our infra-team prefers "single OpenSSL dependency". They use custom build of |
@methane sounds like what you really want then is a way to control which libcrypto asn1crypto uses? |
@njsmith We want to specify which libcrypto library is used in whole application. |
That's true, if asn1crypto stops using libcrypto entirely then the whole issue goes away :-) |
I've removed usage of libcrypto with 564e744, which will be part of the next release |
Any hint as to when this will be? |
Of course, wasn't trying to be pushy, just wondering if there was a plan or not. I'm a complete noob when it comes to ASN.1 but if there's anything I can do to help please let me know. This bug popped for us after installing impyla and thrift_sasl. We were already using SCP/Paramiko which is how we came to depend on this library via the cryptography package. I'm assuming the SASL library is linking against a different libcrypto. |
There is a plan, but the big missing thing is time. Unfortunately in one sense this is a hobby project for me, so there is only so much free time I have. Another complicating factor is that this package has been packaged for almost every Linux and BSD distro known. Because of that, I don't want to be pushing versions left and right, and certainly not breaking backwards compatibility unless necessary. Because of those, it may be a little while until I tag a new release. If everything goes to plan, the release after that will be 1.0.0, at which point hopefully things will be pretty stable. |
One thing you may be able to do is a git URL to asn1crypto instead of grabbing from pypi. Just be sure to pin to a specific hash instead of master. |
asn1crypto/asn1crypto/_perf/_big_num_ctypes.py
Lines 35 to 39 in 9e15efd
This code may cause SEGV, when binary incompatible OpenSSL version is used in same process.
In our case, we use custom (newer) OpenSSL for Python's ssl, uwsgi, cryptography, and pysqlcipher.
But asn1crypto loads system's libcrypto and it caused SEGV.
We solved the SEGV by manually removing
_perf
module. But this manual step is not idiomatic.How about making libcrypto dependency optional and make it asn1crypto (and pyca/cryptography)
safe by default?
The text was updated successfully, but these errors were encountered: