fixes pyca#11920 raise a clean Python error on DSA signing failure due to nilpotent (pyca#11921)

alex · web-flow · commit da437d16a95d · 2024-11-11T14:37:32.000Z
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
@@ -183,6 +183,10 @@ Custom asymmetric vectors
   encrypted at the PEM level with AES-128-CBC and password "a123456".
 * ``asymmetric/DER_Serialization/testrsa.der`` - The above as a DER-encoded
   RSAPrivateKey structure.
+* ``asymmetric/DSA/custom/nilpotent.pem`` -- A key where the field is actually
+  a ring and the generator of the multiplicative subgroup is actually
+  nilpotent with low degree. Taken from BoringSSL (see
+  ``TEST(DSATest, NilpotentGenerator)``).
 
 
 Key exchange
diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt
@@ -89,6 +89,7 @@ namespace
 namespaces
 macOS
 naïve
+nilpotent
 Nonces
 nonces
 online
diff --git a/src/cryptography/hazmat/bindings/_rust/openssl/__init__.pyi b/src/cryptography/hazmat/bindings/_rust/openssl/__init__.pyi
@@ -48,6 +48,7 @@ __all__ = [
 CRYPTOGRAPHY_IS_LIBRESSL: bool
 CRYPTOGRAPHY_IS_BORINGSSL: bool
 CRYPTOGRAPHY_OPENSSL_300_OR_GREATER: bool
+CRYPTOGRAPHY_OPENSSL_309_OR_GREATER: bool
 CRYPTOGRAPHY_OPENSSL_320_OR_GREATER: bool
 
 class Providers: ...
diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml
@@ -32,4 +32,4 @@ name = "cryptography_rust"
 crate-type = ["cdylib"]
 
 [lints.rust]
-unexpected_cfgs = { level = "warn", check-cfg = ['cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)', 'cfg(CRYPTOGRAPHY_OPENSSL_320_OR_GREATER)', 'cfg(CRYPTOGRAPHY_IS_LIBRESSL)', 'cfg(CRYPTOGRAPHY_IS_BORINGSSL)', 'cfg(CRYPTOGRAPHY_OSSLCONF, values("OPENSSL_NO_IDEA", "OPENSSL_NO_CAST", "OPENSSL_NO_BF", "OPENSSL_NO_CAMELLIA", "OPENSSL_NO_SEED", "OPENSSL_NO_SM4"))'] }
+unexpected_cfgs = { level = "warn", check-cfg = ['cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)', 'cfg(CRYPTOGRAPHY_OPENSSL_309_OR_GREATER)', 'cfg(CRYPTOGRAPHY_OPENSSL_320_OR_GREATER)', 'cfg(CRYPTOGRAPHY_IS_LIBRESSL)', 'cfg(CRYPTOGRAPHY_IS_BORINGSSL)', 'cfg(CRYPTOGRAPHY_OSSLCONF, values("OPENSSL_NO_IDEA", "OPENSSL_NO_CAST", "OPENSSL_NO_BF", "OPENSSL_NO_CAMELLIA", "OPENSSL_NO_SEED", "OPENSSL_NO_SM4"))'] }
diff --git a/src/rust/build.rs b/src/rust/build.rs
@@ -12,6 +12,9 @@ fn main() {
         if version >= 0x3_00_00_00_0 {
             println!("cargo:rustc-cfg=CRYPTOGRAPHY_OPENSSL_300_OR_GREATER");
         }
+        if version >= 0x3_00_09_00_0 {
+            println!("cargo:rustc-cfg=CRYPTOGRAPHY_OPENSSL_309_OR_GREATER");
+        }
         if version >= 0x3_02_00_00_0 {
             println!("cargo:rustc-cfg=CRYPTOGRAPHY_OPENSSL_320_OR_GREATER");
         }
diff --git a/src/rust/src/backend/dsa.rs b/src/rust/src/backend/dsa.rs
@@ -5,8 +5,9 @@
 use crate::backend::utils;
 use crate::buf::CffiBuf;
 use crate::error::{CryptographyError, CryptographyResult};
-use crate::exceptions;
+use crate::{error, exceptions};
 use pyo3::types::PyAnyMethods;
+use pyo3::ToPyObject;
 
 #[pyo3::pyclass(
     frozen,
@@ -76,7 +77,12 @@ impl DsaPrivateKey {
         let mut signer = openssl::pkey_ctx::PkeyCtx::new(&self.pkey)?;
         signer.sign_init()?;
         let mut sig = vec![];
-        signer.sign_to_vec(data.as_bytes(), &mut sig)?;
+        signer.sign_to_vec(data.as_bytes(), &mut sig).map_err(|e| {
+            pyo3::exceptions::PyValueError::new_err((
+                "DSA signing failed. This generally indicates an invalid key.",
+                error::list_from_openssl_error(py, &e).to_object(py),
+            ))
+        })?;
         Ok(pyo3::types::PyBytes::new_bound(py, &sig))
     }
 
diff --git a/src/rust/src/lib.rs b/src/rust/src/lib.rs
@@ -199,6 +199,10 @@ mod _rust {
                 "CRYPTOGRAPHY_OPENSSL_300_OR_GREATER",
                 cfg!(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER),
             )?;
+            openssl_mod.add(
+                "CRYPTOGRAPHY_OPENSSL_309_OR_GREATER",
+                cfg!(CRYPTOGRAPHY_OPENSSL_309_OR_GREATER),
+            )?;
             openssl_mod.add(
                 "CRYPTOGRAPHY_OPENSSL_320_OR_GREATER",
                 cfg!(CRYPTOGRAPHY_OPENSSL_320_OR_GREATER),
diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py
@@ -12,6 +12,7 @@
 
 from cryptography import utils
 from cryptography.exceptions import InvalidSignature
+from cryptography.hazmat.bindings._rust import openssl as rust_openssl
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import dsa
 from cryptography.hazmat.primitives.asymmetric.utils import (
@@ -550,6 +551,30 @@ def test_prehashed_digest_mismatch(self, backend):
         with pytest.raises(ValueError):
             private_key.sign(digest, prehashed_alg)
 
+    @pytest.mark.supported(
+        only_if=lambda _: (
+            rust_openssl.CRYPTOGRAPHY_IS_LIBRESSL
+            or rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL
+            or rust_openssl.CRYPTOGRAPHY_OPENSSL_309_OR_GREATER
+        ),
+        skip_message="Requires OpenSSL 3.0.9+, LibreSSL, or BoringSSL",
+    )
+    def test_nilpotent(self):
+        try:
+            key = load_vectors_from_file(
+                os.path.join("asymmetric", "DSA", "custom", "nilpotent.pem"),
+                lambda pemfile: serialization.load_pem_private_key(
+                    pemfile.read().encode(), password=None
+                ),
+            )
+        except ValueError:
+            # LibreSSL simply rejects this key on load.
+            return
+        assert isinstance(key, dsa.DSAPrivateKey)
+
+        with pytest.raises(ValueError):
+            key.sign(b"anything", hashes.SHA256())
+
 
 class TestDSANumbers:
     def test_dsa_parameter_numbers(self):
diff --git a/vectors/cryptography_vectors/asymmetric/DSA/custom/nilpotent.pem b/vectors/cryptography_vectors/asymmetric/DSA/custom/nilpotent.pem
@@ -0,0 +1,5 @@
+-----BEGIN DSA PRIVATE KEY-----
+MGECAQACFQHH+MnFXh4NNlZiV/zUVb5a5ib3kwIVAOP8ZOKvDwabKzEr/moq3y1z
+E3vJAhUAl/2Ylx9fWbzHdh1URsc/c6IM/TECAQECFCsjU4AZRcuks45g1NMOUeCB
+Epvg
+-----END DSA PRIVATE KEY-----

Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,9 @@ fn main() {`
`12`	`12`	`if version >= 0x3_00_00_00_0 {`
`13`	`13`	`println!("cargo:rustc-cfg=CRYPTOGRAPHY_OPENSSL_300_OR_GREATER");`
`14`	`14`	`}`
	`15`	`+ if version >= 0x3_00_09_00_0 {`
	`16`	`+ println!("cargo:rustc-cfg=CRYPTOGRAPHY_OPENSSL_309_OR_GREATER");`
	`17`	`+ }`
`15`	`18`	`if version >= 0x3_02_00_00_0 {`
`16`	`19`	`println!("cargo:rustc-cfg=CRYPTOGRAPHY_OPENSSL_320_OR_GREATER");`
`17`	`20`	`}`