From barry.scott at forcepoint.com  Wed Oct 14 05:52:24 2020
From: barry.scott at forcepoint.com (Barry Scott)
Date: Wed, 14 Oct 2020 10:52:24 +0100
Subject: [Cryptography-dev] Adding set_cert_store to pyOpenSSL
Message-ID: <2042007.irdbgypaU6@fpbarry>

In an app that uses twisted that uses pyOpenSSL I found that
to it takes 1s CPU bound to setup a TLS session because the
twisted code copies the trust store into the context one cert
at a time.

I'm using openssl-1.1.1g and python 2.7.18 (yes I know...).

Here is the function in twisted that causes the 1s CPU bound loop:

class OpenSSLCertificateAuthorities(object):
    def __init__(self, caCerts):
        self._caCerts = caCerts

    def _addCACertsToContext(self, context):
        store = context.get_cert_store()
        for cert in self._caCerts:
            store.add_cert(cert)

The obvious way to fix this is to setup the X509Store at app
startup with the trusted certs. Then set that store on the context.

The new code would be:

class OpenSSLCertificateAuthorities(object):
    def __init__(self, caCerts):
        self._caCerts = caCerts
        self._store = X509Store()
        for cert in self._caCerts:
            self._store.add_cert(cert)

    def _addCACertsToContext(self, context):
        context.set_cert_store(self._store)

And the patch to pyOpenSSL is:

--- tmp1/pyopenssl-19.1.0/src/OpenSSL/SSL.py    2019-11-18 04:47:22.000000000 +0000
+++ tmp2/pyopenssl-19.1.0/src/OpenSSL/SSL.py    2020-10-13 15:11:02.255560148 +0100
@@ -1357,6 +1357,14 @@
         pystore._store = store
         return pystore
 
+    def set_cert_store(self, store):
+        """
+        Set the certificate store for the context.
+
+        :store: A X509Store object or None if it does not have one.
+        """
+        _lib.SSL_CTX_set_cert_store(self._context, store)
+
     def set_options(self, options):
         """
         Add options. Options set before are not cleared!

But I see this exception:

  File "ngtls_context_set.py", line 107, in _addCACertsToContext
    context.set_cert_store(self._store)
  File "/usr/local/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1366, in set_cert_store
    _lib.SSL_CTX_set_cert_store(self._context, store)
TypeError: initializer for ctype 'X509_STORE *' must be a cdata pointer, not X509Store

My searching has not lead me to a way to get a cdata pointer fpr X509Store.

What do I need to do to get set_cert_store working?

Barry




From momchil at bojinov.info  Thu Oct 15 07:30:00 2020
From: momchil at bojinov.info (momchil at bojinov.info)
Date: Thu, 15 Oct 2020 14:30:00 +0300
Subject: [Cryptography-dev] private_key.decrypt painfully slow
In-Reply-To: <CABj5TKQ-nxiprP9CxU1sBPa-7_u+dxjAoZhi5316DOyqtP3baQ@mail.gmail.com>
References: <007101d6969b$7e7f7d70$7b7e7850$@bojinov.info>
 <CABj5TKQ-nxiprP9CxU1sBPa-7_u+dxjAoZhi5316DOyqtP3baQ@mail.gmail.com>
Message-ID: <009b01d6a2e6$84e7cd50$8eb767f0$@bojinov.info>

OK. That?s done

 

I m compressing first encrypting second

 

Next question: I m compressing 1Mb chunks at a time. 

Can I encrypt those chunks safely instead of waiting for the compression to finish and then encrypt it all ?

 

From: Cryptography-dev <cryptography-dev-bounces+momchil=bojinov.info at python.org> On Behalf Of Paul Kehrer
Sent: Wednesday, September 30, 2020 12:14 AM
To: cryptography-dev at python.org
Subject: Re: [Cryptography-dev] private_key.decrypt painfully slow

 

Yes, you want a hybrid encryption scheme here. Generate a symmetric key, use that to encrypt the payload, and encrypt the key itself under the public key.

 

Composing this in a safe manner is tricky though, so you may want to consider PyNaCl for this.

 

On Tue, Sep 29, 2020 at 4:03 PM <momchil at bojinov.info <mailto:momchil at bojinov.info> > wrote:

Hello,

 

New guy.

 

Not much of a python dev but I managed to put together some code to encrypt/decrypt files using RSA

But like the entire fine, not just some intermediate password

 

public_key.encrypt of 11 Mb ( ~47 000 * 190 byte pieces) file took about 8 seconds

private_key.decrypt of the same file took 143 seconds

 

profiler said 142 of those came from _openssl.EVP_PKEY_decrypt

 

I m running x64 Python version 3.8.5

And I just installed the cryptography module today through pip

 

Am I being stupid trying to do this and not go with asymmetric encryption for the intermediate and go symmetric from there ?

 

Regards,

Momchil 

_______________________________________________
Cryptography-dev mailing list
Cryptography-dev at python.org <mailto:Cryptography-dev at python.org> 
https://mail.python.org/mailman/listinfo/cryptography-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/cryptography-dev/attachments/20201015/1662d457/attachment.html>

From jonathan.trinh at moesol.com  Fri Oct 16 12:43:39 2020
From: jonathan.trinh at moesol.com (Jonathan Trinh)
Date: Fri, 16 Oct 2020 09:43:39 -0700
Subject: [Cryptography-dev] Cryptography v3.2 publish to PyPi
Message-ID: <e28804a7-9c73-9c4b-2a42-06b677da073c@moesol.com>

Hello,


I would like to take advantage of Cryptography v3.2, but currently the 
version in PyPi is 3.1.1. I plan on using the new SMIME. Can someone 
with the proper permissions to publish the latest to PyPi?


Thanks!


From alex.gaynor at gmail.com  Fri Oct 16 14:00:34 2020
From: alex.gaynor at gmail.com (Alex Gaynor)
Date: Fri, 16 Oct 2020 14:00:34 -0400
Subject: [Cryptography-dev] Cryptography v3.2 publish to PyPi
In-Reply-To: <e28804a7-9c73-9c4b-2a42-06b677da073c@moesol.com>
References: <e28804a7-9c73-9c4b-2a42-06b677da073c@moesol.com>
Message-ID: <CAFRnB2VK5NXXDwYAUFORqoOepYbWc38vn6hsHd4P2nF2E=+XbQ@mail.gmail.com>

We're not yet ready to do a release, and have things remaining in that
milestone https://github.com/pyca/cryptography/milestone/34 -- including
changes to the SMIME API.

Alex

On Fri, Oct 16, 2020 at 1:59 PM Jonathan Trinh via Cryptography-dev <
cryptography-dev at python.org> wrote:

> Hello,
>
>
> I would like to take advantage of Cryptography v3.2, but currently the
> version in PyPi is 3.1.1. I plan on using the new SMIME. Can someone
> with the proper permissions to publish the latest to PyPi?
>
>
> Thanks!
>
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev
>


-- 
All that is necessary for evil to succeed is for good people to do nothing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/cryptography-dev/attachments/20201016/a861093b/attachment.html>

From jonathan.trinh at moesol.com  Mon Oct 19 13:28:40 2020
From: jonathan.trinh at moesol.com (Jonathan Trinh)
Date: Mon, 19 Oct 2020 10:28:40 -0700
Subject: [Cryptography-dev] Cryptography v3.2 publish to PyPi
In-Reply-To: <CAFRnB2VK5NXXDwYAUFORqoOepYbWc38vn6hsHd4P2nF2E=+XbQ@mail.gmail.com>
References: <e28804a7-9c73-9c4b-2a42-06b677da073c@moesol.com>
 <CAFRnB2VK5NXXDwYAUFORqoOepYbWc38vn6hsHd4P2nF2E=+XbQ@mail.gmail.com>
Message-ID: <63d323c0-5287-bd3a-b19f-265e6a011303@moesol.com>

Alex,


Thanks for informing me of this. Good to know, I will hold off and wait 
for the release when it is ready.



On 10/16/20 11:00 AM, Alex Gaynor wrote:
> We're not yet ready to do a release, and have things remaining in that 
> milestone https://github.com/pyca/cryptography/milestone/34 -- 
> including changes to the SMIME API.
>
> Alex
>
> On Fri, Oct 16, 2020 at 1:59 PM Jonathan Trinh via Cryptography-dev 
> <cryptography-dev at python.org <mailto:cryptography-dev at python.org>> wrote:
>
>     Hello,
>
>
>     I would like to take advantage of Cryptography v3.2, but currently
>     the
>     version in PyPi is 3.1.1. I plan on using the new SMIME. Can someone
>     with the proper permissions to publish the latest to PyPi?
>
>
>     Thanks!
>
>     _______________________________________________
>     Cryptography-dev mailing list
>     Cryptography-dev at python.org <mailto:Cryptography-dev at python.org>
>     https://mail.python.org/mailman/listinfo/cryptography-dev
>
>
>
> -- 
> All that is necessary for evil to succeed is for good people to do 
> nothing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/cryptography-dev/attachments/20201019/e753574b/attachment.html>

From barry.scott at forcepoint.com  Wed Oct 21 06:27:16 2020
From: barry.scott at forcepoint.com (Barry Scott)
Date: Wed, 21 Oct 2020 11:27:16 +0100
Subject: [Cryptography-dev] Adding set_cert_store to pyOpenSSL - patches
In-Reply-To: <2042007.irdbgypaU6@fpbarry>
References: <2042007.irdbgypaU6@fpbarry>
Message-ID: <4267708.LvFx2qVVIh@fpbarry>

On Wednesday, 14 October 2020 10:52:24 BST Barry Scott wrote:
> In an app that uses twisted that uses pyOpenSSL I found that
> to it takes 1s CPU bound to setup a TLS session because the
> twisted code copies the trust store into the context one cert
> at a time.
> 
> I'm using openssl-1.1.1g and python 2.7.18 (yes I know...).
> 
> Here is the function in twisted that causes the 1s CPU bound loop:
> 
> class OpenSSLCertificateAuthorities(object):
>     def __init__(self, caCerts):
>         self._caCerts = caCerts
> 
>     def _addCACertsToContext(self, context):
>         store = context.get_cert_store()
>         for cert in self._caCerts:
>             store.add_cert(cert)
> 
> The obvious way to fix this is to setup the X509Store at app
> startup with the trusted certs. Then set that store on the context.
> 
> The new code would be:
> 
> class OpenSSLCertificateAuthorities(object):
>     def __init__(self, caCerts):
>         self._caCerts = caCerts
>         self._store = X509Store()
>         for cert in self._caCerts:
>             self._store.add_cert(cert)
> 
>     def _addCACertsToContext(self, context):
>         context.set_cert_store(self._store)
> 
> And the patch to pyOpenSSL is:
> 
> --- tmp1/pyopenssl-19.1.0/src/OpenSSL/SSL.py    2019-11-18 04:47:22.000000000 +0000
> +++ tmp2/pyopenssl-19.1.0/src/OpenSSL/SSL.py    2020-10-13 15:11:02.255560148 +0100
> @@ -1357,6 +1357,14 @@
>          pystore._store = store
>          return pystore
>  
> +    def set_cert_store(self, store):
> +        """
> +        Set the certificate store for the context.
> +
> +        :store: A X509Store object or None if it does not have one.
> +        """
> +        _lib.SSL_CTX_set_cert_store(self._context, store)
> +
>      def set_options(self, options):
>          """
>          Add options. Options set before are not cleared!
> 
> But I see this exception:
> 
>   File "ngtls_context_set.py", line 107, in _addCACertsToContext
>     context.set_cert_store(self._store)
>   File "/usr/local/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1366, in set_cert_store
>     _lib.SSL_CTX_set_cert_store(self._context, store)
> TypeError: initializer for ctype 'X509_STORE *' must be a cdata pointer, not X509Store
> 
> My searching has not lead me to a way to get a cdata pointer fpr X509Store.
> 
> What do I need to do to get set_cert_store working?

Here are the set of patches that I used to add set_cert_store and get the time to setup a context
from ~1000ms to 0.3ms:

Twisted needs access to set_cert_store.

set_cert_store is missing from cryptography
set_cert_store requires the use of X509_STORE_up_ref

X509_STORE_up_ref is missing from cryptography.

diff -r -u tmp1/cryptography-2.1.4/src/_cffi_src/openssl/x509_vfy.py tmp2/cryptography-2.1.4/src/_cffi_src/openssl/x509_vfy.py
--- tmp1/cryptography-2.1.4/src/_cffi_src/openssl/x509_vfy.py   2017-11-30 01:53:32.000000000 +0000
+++ tmp2/cryptography-2.1.4/src/_cffi_src/openssl/x509_vfy.py   2020-10-15 16:56:44.893834630 +0100
@@ -142,6 +142,7 @@
 int X509_STORE_set_default_paths(X509_STORE *);
 int X509_STORE_set_flags(X509_STORE *, unsigned long);
 void X509_STORE_free(X509_STORE *);
+int X509_STORE_up_ref(X509_STORE *);
 
 /* X509_STORE_CTX */
 X509_STORE_CTX *X509_STORE_CTX_new(void);


--- tmp1/pyopenssl-19.1.0/src/OpenSSL/SSL.py    2019-11-18 04:47:22.000000000 +0000
+++ tmp2/pyopenssl-19.1.0/src/OpenSSL/SSL.py    2020-10-16 11:14:06.933208747 +0100
@@ -1357,6 +1357,15 @@
         pystore._store = store
         return pystore
 
+    def set_cert_store(self, store):
+        """
+        Set the certificate store for the context.
+
+        :store: A X509Store object or None if it does not have one.
+        """
+        _lib.X509_STORE_up_ref( store._store )
+        _lib.SSL_CTX_set_cert_store(self._context, store._store)
+
     def set_options(self, options):
         """
         Add options. Options set before are not cleared!

And in twisted:

--- tmp1/twisted-twisted-19.7.0/src/twisted/internet/_sslverify.py      2019-07-28 10:17:29.000000000 +0100
+++ tmp2/twisted-twisted-19.7.0/src/twisted/internet/_sslverify.py      2020-10-16 12:03:54.653035837 +0100
@@ -963,12 +963,13 @@
         @type caCerts: L{list} of L{OpenSSL.crypto.X509}
         """
         self._caCerts = caCerts
+        self._store = X509Store()
 
+        for cert in self._caCerts:
+            self._store.add_cert(cert)
 
     def _addCACertsToContext(self, context):
-        store = context.get_cert_store()
-        for cert in self._caCerts:
-            store.add_cert(cert)
+        context.set_cert_store(self._store)

Do you want these patches as a PR?

Barry




From paul.l.kehrer at gmail.com  Sun Oct 25 22:30:39 2020
From: paul.l.kehrer at gmail.com (Paul Kehrer)
Date: Sun, 25 Oct 2020 19:30:39 -0700
Subject: [Cryptography-dev] PyCA cryptography 3.2 released
Message-ID: <CABj5TKT1Lo2YGndoPgKuGyGf-QKvHsuAwiBbQoo-_cxUew9m-A@mail.gmail.com>

PyCA cryptography 3.2 has been released to PyPI. cryptography includes both
high level recipes and low level interfaces to common cryptographic
algorithms such as symmetric ciphers, asymmetric algorithms, message
digests, X509, key derivation functions, and much more. We support Python
2.7, Python 3.5+, and PyPy.

Changelog (https://cryptography.io/en/latest/changelog/):
* SECURITY ISSUE: Attempted to make RSA PKCS#1v1.5 decryption more constant
time, to protect against Bleichenbacher vulnerabilities. Due to limitations
imposed by our API, we cannot completely mitigate this vulnerability and a
future release will contain a new API which is designed to be resilient to
these for contexts where it is required. Credit to Hubert Kario for
reporting the issue. CVE-2020-25659
* Support for OpenSSL 1.0.2 has been removed. Users on older versions of
OpenSSL will need to upgrade.
* Added basic support for PKCS7 signing (including SMIME) via
PKCS7SignatureBuilder.

-Paul Kehrer (reaperhulk)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/cryptography-dev/attachments/20201025/86258d3a/attachment.html>

From paul.l.kehrer at gmail.com  Wed Oct 28 00:30:47 2020
From: paul.l.kehrer at gmail.com (Paul Kehrer)
Date: Tue, 27 Oct 2020 21:30:47 -0700
Subject: [Cryptography-dev] PyCA cryptography 3.2.1 released
Message-ID: <CABj5TKS2nZnfLbYiE4PM3F5CdxNr86q7WYkUfR-TG8RetHiT2g@mail.gmail.com>

PyCA cryptography 3.2.1 has been released to PyPI. cryptography
includes both high level recipes and low level interfaces to
common cryptographic algorithms such as symmetric ciphers,
asymmetric algorithms, message digests, X509, key derivation functions, and
much more. We support Python 2.7, Python 3.5+, and PyPy.

Changelog (https://cryptography.io/en/latest/changelog.html#v3-2-1):
* Disable blinding on RSA public keys to address an error with some
versions of OpenSSL.

-Paul Kehrer (reaperhulk)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/cryptography-dev/attachments/20201027/fc2a9cdc/attachment.html>

From tristan at pyup.io  Wed Oct 28 09:28:09 2020
From: tristan at pyup.io (Tristan Laurillard)
Date: Wed, 28 Oct 2020 06:28:09 -0700
Subject: [Cryptography-dev] Affected version of CVE-2020-25659
Message-ID: <CALM1_Mnkx1NaOBQDJSkQXfRrmLONgnTXKM7hjktc=ycVnZcgug@mail.gmail.com>

Hello,

We maintain the Safety <http://pyup.io/safety/> vulnerability tool.

I have a small question regarding CVE-2020-25659: are all versions <=3.2
affected?

We need to know who we should warn.

Tristan Laurillard
Operations Manager
PyUp.io
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/cryptography-dev/attachments/20201028/75d876f1/attachment.html>

From alex.gaynor at gmail.com  Wed Oct 28 09:35:20 2020
From: alex.gaynor at gmail.com (Alex Gaynor)
Date: Wed, 28 Oct 2020 09:35:20 -0400
Subject: [Cryptography-dev] Affected version of CVE-2020-25659
In-Reply-To: <CALM1_Mnkx1NaOBQDJSkQXfRrmLONgnTXKM7hjktc=ycVnZcgug@mail.gmail.com>
References: <CALM1_Mnkx1NaOBQDJSkQXfRrmLONgnTXKM7hjktc=ycVnZcgug@mail.gmail.com>
Message-ID: <CAFRnB2X3YWytWAX+UA9wZsf0=1gdBmh7ok84ZNFetYoifToueg@mail.gmail.com>

Hi Tristan,

Yes, this impacts every version going back to 0.4 when this functionality
was first introduced.

Alex

On Wed, Oct 28, 2020 at 9:33 AM Tristan Laurillard <tristan at pyup.io> wrote:

> Hello,
>
> We maintain the Safety <http://pyup.io/safety/> vulnerability tool.
>
> I have a small question regarding CVE-2020-25659: are all versions <=3.2
> affected?
>
> We need to know who we should warn.
>
> Tristan Laurillard
> Operations Manager
> PyUp.io
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev
>


-- 
All that is necessary for evil to succeed is for good people to do nothing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/cryptography-dev/attachments/20201028/91d5bd1b/attachment.html>