Saturday, February 29, 2020

Re: [new] net/py-tlslite-ng

> I finally got around to running the regression tests on sparc64, and 71
> fail. They all seem to fail the same way though:
>
> > raise NotImplementedError("Use module Crypto.Cipher.PKCS1_OAEP instead")
> E NotImplementedError: Use module Crypto.Cipher.PKCS1_OAEP instead
>
> /usr/local/lib/python3.7/site-packages/Crypto/PublicKey/RSA.py:379: NotImplement
> edError
>
>
> So this is not a problem with this new port.

It turns out that this failure is triggered by the presence of
py3-cryptodome.

Removing py3-cryptodome on sparc64 makes all tests pass. For both
tlslite-ng and tlsfuzzer. Since a ton of stuff pulls in py3-cryptodome
via gobject-introspection, I think we had better work around this, as it
will break all RSA operations.

With the patch below all tests for tlslite-ng and tlsfuzzer pass
independently of whether py3-cryptodome is present. Tested on both
sparc64 and amd64.

ok? or do you have a better suggestion?

Index: Makefile
===================================================================
RCS file: /var/cvs/ports/net/py-tlslite-ng/Makefile,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 Makefile
--- Makefile 28 Feb 2020 09:18:41 -0000 1.1.1.1
+++ Makefile 29 Feb 2020 13:41:16 -0000
@@ -6,6 +6,7 @@ MODPY_EGG_VERSION = 0.8.0-alpha37
DISTNAME = tlslite-ng-${MODPY_EGG_VERSION}
PKGNAME = py-${DISTNAME:S/-alpha/alpha/}
CATEGORIES = net
+REVISION = 0

GH_ACCOUNT = tomato42
GH_PROJECT = tlslite-ng
Index: patches/patch-tlslite_utils_cryptomath_py
===================================================================
RCS file: patches/patch-tlslite_utils_cryptomath_py
diff -N patches/patch-tlslite_utils_cryptomath_py
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-tlslite_utils_cryptomath_py 29 Feb 2020 13:42:00 -0000
@@ -0,0 +1,24 @@
+$OpenBSD$
+
+Avoid loading pycrypto. If py3-cryptodome is installed, this will hit failures
+as the one below whenever RSA methods are used:
+
+> raise NotImplementedError("Use module Crypto.Cipher.PKCS1_OAEP instead")
+E NotImplementedError: Use module Crypto.Cipher.PKCS1_OAEP instead
+
+/usr/local/lib/python3.7/site-packages/Crypto/PublicKey/RSA.py:379: NotImplementedErro
+
+Index: tlslite/utils/cryptomath.py
+--- tlslite/utils/cryptomath.py.orig
++++ tlslite/utils/cryptomath.py
+@@ -51,8 +51,8 @@ except ImportError:
+
+ #Try to load pycrypto
+ try:
+- import Crypto.Cipher.AES
+- pycryptoLoaded = True
++ # import Crypto.Cipher.AES
++ pycryptoLoaded = False
+ except ImportError:
+ pycryptoLoaded = False
+

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)