Ubuntu
pyopenssl package

TypeError: cannot instantiate ctype 'EVP_MD_CTX' of unknown size

Bug #1618765 reported by James Page
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pyopenssl (Debian)
Fix Released
Unknown
pyopenssl (Ubuntu)
Fix Released
Critical
James Page
python-cryptography (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

The new 1.5 update of python-cryptography in yakkety-proposed is causing some test failures in various OpenStack packages that use crypto - example:

==============================
Failed 1 tests - output below:
==============================

glance.tests.unit.common.test_utils.TestUtils.test_validate_key_cert_key
------------------------------------------------------------------------

Captured traceback:
~~~~~~~~~~~~~~~~~~~
    Traceback (most recent call last):
      File "glance/tests/unit/common/test_utils.py", line 276, in test_validate_key_cert_key
        utils.validate_key_cert(keyfile, certfile)
      File "glance/common/utils.py", line 433, in validate_key_cert
        out = crypto.sign(key, data, digest)
      File "/usr/lib/python2.7/dist-packages/OpenSSL/crypto.py", line 2563, in sign
        md_ctx = _ffi.new("EVP_MD_CTX*")
    TypeError: cannot instantiate ctype 'EVP_MD_CTX' of unknown size

Tests passed fine with 1.4.x.

Revision history for this message
James Page (james-page) wrote :

Hmm - this might be python-openssl, not python-cryptography

Revision history for this message
James Page (james-page) wrote :

Raising task for pyopenssl; the change to 1.5 of python-cryptography appears to have triggered the problem; but not sure where the fault lies atm

Revision history for this message
James Page (james-page) wrote :

Unit test in pyopenssl fails as well:

pkey = <OpenSSL.crypto.PKey object at 0x7f572536b940>
data = b'It was a bright cold day in April, and the clocks were striking thirteen. Winston Smith, his chin nuzzled into his b...s doors of Victory Mansions, though not quickly enough to prevent a swirl of gritty dust from entering along with him.'
digest = 'sha1'

    def sign(pkey, data, digest):
        """
        Sign data with a digest

        :param pkey: Pkey to sign with
        :param data: data to be signed
        :param digest: message digest to use
        :return: signature
        """
        data = _text_to_bytes_and_warn("data", data)

        digest_obj = _lib.EVP_get_digestbyname(_byte_string(digest))
        if digest_obj == _ffi.NULL:
            raise ValueError("No such digest method")

> md_ctx = _ffi.new("EVP_MD_CTX*")
E TypeError: cannot instantiate ctype 'EVP_MD_CTX' of unknown size

Revision history for this message
James Page (james-page) wrote :

Pre python-cryptography bump:

tests/test_crypto.py .............................................................................................................................................................................................................................................
tests/test_rand.py .................
tests/test_ssl.py ..................................F.........................................................................................................................................................................F.....
tests/test_tsafe.py .
tests/test_util.py .

and with 1.5:

tests/test_crypto.py .................................................................F..F.............................................................................................................FFF.F.FF.F.F..FFF.FFF...F.F..........FFFF..................
tests/test_rand.py .................
tests/test_ssl.py ..................................F....................................................................F......................................................................................F.............F.....
tests/test_tsafe.py .
tests/test_util.py .

unfortunately pyopenssl ignores the results of unit testing...

Revision history for this message
James Page (james-page) wrote :

Reving pyopenssl to 16.1.0:

tests/test_crypto.py ...........................................................................................................................................................................................................................................................
tests/test_rand.py .................
tests/test_ssl.py ..................................F.........................................................................................................................................................................F.......
tests/test_tsafe.py .
tests/test_util.py .

Crypto tests pass again

Revision history for this message
James Page (james-page) wrote :

Indeed (from 16.1.0 release notes):

- Support newer versions of ``cryptography`` which use opaque structs for OpenSSL 1.1.0 compatibility.

James Page (james-page)
Changed in pyopenssl (Ubuntu):
status: New → In Progress
assignee: nobody → James Page (james-page)
Changed in python-cryptography (Ubuntu):
status: New → Invalid
Changed in pyopenssl (Ubuntu):
importance: Undecided → Critical
Bug Watch Updater (bug-watch-updater)
Changed in pyopenssl (Debian):
status: Unknown → New
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pyopenssl - 16.1.0-0ubuntu1

---------------
pyopenssl (16.1.0-0ubuntu1) yakkety; urgency=medium

  * New upstream release (LP: #1618765).

 -- James Page <email address hidden> Wed, 31 Aug 2016 10:15:49 +0100

Changed in pyopenssl (Ubuntu):
status: In Progress → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in pyopenssl (Debian):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.