Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Program Crashes when Serializing ed25519 and ed448 Private Keys with DER Encoding, PKCS8 Format, and Password "\x00" #9000

Closed
arunanshub opened this issue May 31, 2023 · 4 comments · Fixed by #9001
Closed

Program Crashes when Serializing ed25519 and ed448 Private Keys with DER Encoding, PKCS8 Format, and Password "\x00" #9000

arunanshub opened this issue May 31, 2023 · 4 comments · Fixed by #9001

Comments

@arunanshub
Copy link

Issue description

When ed25519 and ed448 private keys are serialized using DER encoding, PKCS8 format and \x00 as password, it causes the thread to panic and crashes the program.

Steps to reproduce bug

from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import ed448, ed25519

ed25519_priv_key = ed25519.Ed25519PrivateKey.generate()
ed25519_priv_key.private_bytes(
    serialization.Encoding.DER,
    serialization.PrivateFormat.PKCS8,
    serialization.BestAvailableEncryption(b"\x00"),
)

ed448_priv_key = ed448.Ed448PrivateKey.generate()
ed448_priv_key.private_bytes(
    serialization.Encoding.DER,
    serialization.PrivateFormat.PKCS8,
    serialization.BestAvailableEncryption(b"\x00"),
)

NOTE: using any other password does raise an error.

cryptography installation

cryptography is installed via poetry with version constraint >=35.0.0:

[tool.poetry.dependencies]
python = "^3.8"
cryptography = ">=35.0.0"

Required Version numbers

  • pip: 23.0.1
  • cffi: 1.15.1
  • cryptography: 41.0.0
  • setuptools: 67.8.0
@alex
Copy link
Member

alex commented May 31, 2023

Can you please include the full output of the program? Was this something that previously worked?

@arunanshub
Copy link
Author

Sure, here is the traceback:

thread '<unnamed>' panicked at 'called `Result::unwrap()` on an `Err` value: NulError(0, [0])', /github/home/.cargo/registry/src/index.crates.io-6f17d22bba15001f/openssl-0.10.53/src/pkey.rs:366:55
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Traceback (most recent call last):
  File "[...]/test.py", line 5, in <module>
    ed25519_priv_key.private_bytes(
pyo3_runtime.PanicException: called `Result::unwrap()` on an `Err` value: NulError(0, [0])

Was this something that previously worked?

Yes, it worked in cryptography v40.0.2.

@alex
Copy link
Member

alex commented May 31, 2023

Ok, I see the problem. Thanks for the clear report.

@alex
Copy link
Member

alex commented May 31, 2023

sfackler/rust-openssl#1941 is the first step to fixing.

@alex alex linked a pull request May 31, 2023 that will close this issue
Added tests for NUL bytes in PKCS8 passphrases #9001
Merged
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 31, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Added tests for NUL bytes in PKCS8 passphrases alex/cryptography
2 participants
@alex @arunanshub