New submission from Scott Sturdivant <scott.sturdiv...@gmail.com>:
Using Py3{5,6,7} and OpenSSL 1.1.1b-fips, I have not encountered this error.
Once OpenSSL has been upgraded to 1.1.1c-fips, the SSL Malloc Error rears its
ugly head.
Setup:
Fedora 30 has openssl-fips by default.
Install cryptography with 'pip install cryptography --no-binary=cryptography'
so that it can link against your system openssl that is fips enabled.
To verify:
With openssl 1.1.1.b-fips, the following works:
>>> import urllib.request
>>> with urllib.request.urlopen('http://python.org/') as response:
... html = response.read()
...
>>> from cryptography.hazmat.backends.openssl.backend import backend
>>> backend._lib.FIPS_mode_set(1)
1
>>> with urllib.request.urlopen('http://python.org/') as response:
... html = response.read()
...
With openssl 1.1.1c-fips, an error is now raised:
>>> import urllib.request
>>> with urllib.request.urlopen('http://python.org/') as response:
... html = response.read()
...
>>> from cryptography.hazmat.backends.openssl.backend import backend
>>> backend._lib.FIPS_mode_set(1)
1
>>> with urllib.request.urlopen('http://python.org/') as response:
... html = response.read()
...
Traceback (most recent call last):
File "/usr/lib64/python3.7/urllib/request.py", line 1317, in do_open
encode_chunked=req.has_header('Transfer-encoding'))
File "/usr/lib64/python3.7/http/client.py", line 1244, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib64/python3.7/http/client.py", line 1290, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib64/python3.7/http/client.py", line 1239, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib64/python3.7/http/client.py", line 1026, in _send_output
self.send(msg)
File "/usr/lib64/python3.7/http/client.py", line 966, in send
self.connect()
File "/usr/lib64/python3.7/http/client.py", line 1407, in connect
server_hostname=server_hostname)
File "/usr/lib64/python3.7/ssl.py", line 412, in wrap_socket
session=session
File "/usr/lib64/python3.7/ssl.py", line 853, in _create
self.do_handshake()
File "/usr/lib64/python3.7/ssl.py", line 1117, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL] malloc failure (_ssl.c:1056)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python3.7/urllib/request.py", line 222, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib64/python3.7/urllib/request.py", line 531, in open
response = meth(req, response)
File "/usr/lib64/python3.7/urllib/request.py", line 641, in http_response
'http', request, response, code, msg, hdrs)
File "/usr/lib64/python3.7/urllib/request.py", line 563, in error
result = self._call_chain(*args)
File "/usr/lib64/python3.7/urllib/request.py", line 503, in _call_chain
result = func(*args)
File "/usr/lib64/python3.7/urllib/request.py", line 755, in http_error_302
return self.parent.open(new, timeout=req.timeout)
File "/usr/lib64/python3.7/urllib/request.py", line 525, in open
response = self._open(req, data)
File "/usr/lib64/python3.7/urllib/request.py", line 543, in _open
'_open', req)
File "/usr/lib64/python3.7/urllib/request.py", line 503, in _call_chain
result = func(*args)
File "/usr/lib64/python3.7/urllib/request.py", line 1360, in https_open
context=self._context, check_hostname=self._check_hostname)
File "/usr/lib64/python3.7/urllib/request.py", line 1319, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [SSL] malloc failure (_ssl.c:1056)>
>>>
----------
assignee: christian.heimes
components: SSL
messages: 347755
nosy: Scott Sturdivant, christian.heimes
priority: normal
severity: normal
status: open
title: SSL Malloc Error w/OpenSSL 1.1.1c-fips & FIPS_mode_set(1)
type: behavior
versions: Python 3.5, Python 3.6, Python 3.7
_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue37576>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
