[python] Pass bytes to cryptography.io's RSAPrivateKey.sign() #1732
Conversation
There was a problem hiding this comment.
Reviewed 1 of 1 files at r1, all commit messages.
Reviewable status: all files reviewed, all discussions resolved, not enough approvals from maintainers (1 more required)
-- commits line 10 at r1:
FYI: You can see this commit here: pyca/cryptography@0000b40
There was a problem hiding this comment.
Reviewed 1 of 1 files at r1, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion, not enough approvals from maintainers (1 more required) (waiting on @woju)
-- commits line 5 at r1:
-> Technically
Code quote:
Techically
There was a problem hiding this comment.
Reviewed all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @woju)
dimakuv
force-pushed
the
woju/fix-cryptography-bytes
branch
from
d7cb187
to
9f1b079
Compare
There was a problem hiding this comment.
Reviewed all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @kailun-qin)
Previously, kailun-qin (Kailun Qin) wrote…
->
Technically
Done
Previously, dimakuv (Dmitrii Kuvaiskii) wrote…
FYI: You can see this commit here: pyca/cryptography@0000b40
FYI: I expanded this sentence a bit to make it clearer what commit is meant here.
There was a problem hiding this comment.
Reviewed all commit messages.
Reviewable status:complete! all files reviewed, all discussions resolved
There was a problem hiding this comment.
Reviewable status: all files reviewed, 1 unresolved discussion
a discussion (no related file):
Upstream accepted bug and fixed this:
- Unconfirmed regression:
RSAPrivateKey.sign(data=)stopped acceptingbytearrayafter 42.0 pyca/cryptography#10256 - explicitly support bytes-like for signature/data in RSA sign/verify pyca/cryptography#10259
- pyca/cryptography@08b24d8
Now I'm not sure if we want to merge this on our side. I'd argue we can, because .to_bytes() should return bytes, but right now there is no technical reason to merge. At least we can reword the commit message.
In versions 42.0.0 and 42.0.1, cryptography.io accepted only bytes for arguments in various methods like `RSAPrivateKey.sign()`. This bug was fixed in v42.0.2, but let's fix Gramine to supply bytes instead of bytearray, so that `Sigstruct.to_bytes()` doesn't fail on those affected versions of cryptography.io. Corresponding upstream commit in `pyca/cryptography` repository that introduced the bug: 0000b402dd5edffa6a86ca560464e83a66fd91f5, and commit that fixed this bug: 08b24d87a64734ac7f5c575b309ad7d49c246353 Signed-off-by: Wojtek Porczyk <woju@invisiblethingslab.com>
There was a problem hiding this comment.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @woju)
a discussion (no related file):
Previously, woju (Wojtek Porczyk) wrote…
Upstream accepted bug and fixed this:
- Unconfirmed regression:
RSAPrivateKey.sign(data=)stopped acceptingbytearrayafter 42.0 pyca/cryptography#10256- explicitly support bytes-like for signature/data in RSA sign/verify pyca/cryptography#10259
- pyca/cryptography@08b24d8
Now I'm not sure if we want to merge this on our side. I'd argue we can, because
.to_bytes()should return bytes, but right now there is no technical reason to merge. At least we can reword the commit message.
Let me change the commit message slightly. Our fix makes sense to me, and it's better to be on the safe side (what if someone has 42.0.0 - 42.0.1 on their platform).
dimakuv
force-pushed
the
woju/fix-cryptography-bytes
branch
from
9f1b079
to
5286f20
Compare
There was a problem hiding this comment.
Reviewed all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion, not enough approvals from maintainers (1 more required) (waiting on @woju)
a discussion (no related file):
Previously, dimakuv (Dmitrii Kuvaiskii) wrote…
Let me change the commit message slightly. Our fix makes sense to me, and it's better to be on the safe side (what if someone has 42.0.0 - 42.0.1 on their platform).
@woju I changed the commit message. Can you check if this reads well to you?
There was a problem hiding this comment.
Reviewable status: all files reviewed, 1 unresolved discussion, not enough approvals from maintainers (1 more required) (waiting on @dimakuv)
a discussion (no related file):
Previously, dimakuv (Dmitrii Kuvaiskii) wrote…
@woju I changed the commit message. Can you check if this reads well to you?
I meant, the main thing that we're fixing is, to_bytes() does not return bytes, but bytearray, which is confusing. After next week no one will ever see the affected versions. But whatever, this is also OK, I'm +1-ing.
There was a problem hiding this comment.
Reviewed 1 of 1 files at r1, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @dimakuv)
a discussion (no related file):
to_bytes()does not return bytes, butbytearray, which is confusing
I'm in favor of merging this PR just because of this - the current code is just confusing, so why not fix it up.
There was a problem hiding this comment.
Reviewable status:
Description of the changes
See commit message.
Fixes: #1731
How to test this PR?
Check the reproducer in #1731.
Cc: @andre-w-fischer
This change is