Package: python3-cryptography
Version: 3.4.8-2
Severity: normal
Dear Maintainer,
the python3-cyrptography 3.4.8 as a known issue when used with OpenSSL 3, which
is resolved in more recent version of the upstream software. See [1]
The following code:
```python
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization as ser
priv_key = rsa.generate_private_key(65537, 1024)
priv_key_serialized = priv_key.private_bytes(
ser.Encoding.PEM,
ser.PrivateFormat.PKCS8,
ser.BestAvailableEncryption(b"helloworld"),
)
pub_key = ser.load_pem_public_key(priv_key_serialized)
```
Results in a password enter prompt, which originates from OpenSSL3:
```
Enter PEM pass phrase:
```
Upstream already implemented a solution for this [2]. Which got merged into
37.0.1.
Either python3-cyptography needs to be updated or the patch needs to be
backported.
regards,
Claudius
[1] https://github.com/pyca/cryptography/issues/7129
[2] https://github.com/pyca/cryptography/pull/7132
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.18.0-4-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages python3-cryptography depends on:
ii libc6 2.34-4
ii libssl3 3.0.5-2
ii python3 3.10.6-1
ii python3-cffi-backend [python3-cffi-backend-api-min] 1.15.1-1
pn python3-cffi-backend-api-max <none>
python3-cryptography recommends no packages.
Versions of packages python3-cryptography suggests:
pn python-cryptography-doc <none>
pn python3-cryptography-vectors <none>
-- no debconf information