Skip to content

re-add branch we dropped in the past #11030

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
May 27, 2024
Merged

re-add branch we dropped in the past #11030

merged 5 commits into from
May 27, 2024

Conversation

reaperhulk
Copy link
Member

let's see if this fails since we shouldn't have a test covering this branch...

@reaperhulk reaperhulk linked an issue May 27, 2024 that may be closed by this pull request
Invalid serialization format when using FIPS provder raises InternalError #11008
Closed
alex
alex reviewed May 27, 2024
View reviewed changes
src/rust/src/backend/utils.rs Outdated
let pem_bytes = if password.is_empty() {
rsa.private_key_to_pem()?
} else {
if cryptography_openssl::fips::is_enabled() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This same issue is applicable to DSA and EC right? I think this should be higher up, at line 148 or so.

alex
alex requested changes May 27, 2024
View reviewed changes
alex
alex previously approved these changes May 27, 2024
View reviewed changes
@alex alex enabled auto-merge (squash) May 27, 2024 12:47
alex
alex reviewed May 27, 2024
View reviewed changes
tests/hazmat/primitives/test_dsa.py Outdated
Comment on lines 729 to 746
@pytest.mark.supported(
only_if=lambda backend: backend._fips_enabled,
skip_message="Requires FIPS",
)
def test_traditional_serialization_fips(self, backend):
key_bytes = load_vectors_from_file(
os.path.join("asymmetric", "PKCS8", "unenc-dsa-pkcs8.pem"),
lambda pemfile: pemfile.read().encode(),
)
key = serialization.load_pem_private_key(key_bytes, None, backend)
assert isinstance(key, dsa.DSAPrivateKey)
with pytest.raises(ValueError):
key.private_bytes(
serialization.Encoding.PEM,
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.BestAvailableEncryption(b"password"),
)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is never reachable, we don't support DSA with FIPS

@alex alex merged commit 7f515fc into pyca:main May 27, 2024
@reaperhulk reaperhulk deleted the fix-fips-error branch June 1, 2024 10:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alex alex alex approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Invalid serialization format when using FIPS provder raises InternalError

2 participants

@reaperhulk @alex