+++ This bug was initially created as a clone of Bug #2203840 +++

Description of problem:
rhbz#2153471 introduced a fix for Bleichenbacher timing attacks. The new feature EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION breaks an assumption in upstream test case test_decrypt_invalid_decrypt. The test no longer fails with an exception.

Version-Release number of selected component (if applicable):
36.0.1-3.el9

How reproducible:
always

Steps to Reproduce:
1. Run the upstream test suite (spec file runs the test suite in %check)

Actual results:
=================================== FAILURES ===================================
________________ TestRSADecryption.test_decrypt_invalid_decrypt ________________

self = <tests.hazmat.primitives.test_rsa.TestRSADecryption object at 0x7fa9df2d4730>
backend = <OpenSSLBackend(version: OpenSSL 3.0.7 1 Nov 2022, FIPS: False)>

@pytest.mark.supported(
only_if=lambda backend: backend.rsa_padding_supported(
padding.PKCS1v15()
),
skip_message="Does not support PKCS1v1.5.",
)
def test_decrypt_invalid_decrypt(self, backend):
private_key = RSA_KEY_2048.private_key(backend)
with pytest.raises(ValueError):
> private_key.decrypt(b"\x00" * 256, padding.PKCS1v15())
E Failed: DID NOT RAISE <class 'ValueError'>

tests/hazmat/primitives/test_rsa.py:1562: Failed

Expected results:
No error

Additional info:
Issue was detected by OSCI, http://artifacts.osci.redhat.com/baseos-ci/brew-build/52/45/09/52450935/https___baseos-jenkins.rhev-ci-vms.eng.rdu2.redhat.com-ci-artemis/42237/tmpzxfeamhj.01/recipes/1/tasks/4/logs/taskout.log

Upstream fix: https://github.com/pyca/cryptography/pull/7895

— Additional comment from Christian Heimes on 2023-05-15 12:02:27 UTC —

The issue was introduced in openssl-3.0.7-17.el9

— Additional comment from Christian Heimes on 2023-05-15 12:46:29 UTC —

c9s PR: https://gitlab.com/redhat/centos-stream/rpms/python-cryptography/-/merge_requests/15

— Additional comment from Christian Heimes on 2023-05-15 12:54:06 UTC —

c9s scratch build with fix and openssl-devel-1:3.0.7-17.el9: https://kojihub.stream.rdu2.redhat.com/koji/taskinfo?taskID=2216605

— Additional comment from Florence Blanc-Renaud on 2023-05-23 16:47:33 UTC —

@amore@redhat.com As release lead for RHEL 9.3, can you sync with Christian and check what needs to be done for this BZ?
openssl-3.0.7-18.el9 is already available in the nightly composes but openssl-3.0.7-19.el9 is currently in gating.

— Additional comment from Christian Heimes on 2023-05-30 11:05:51 UTC —

Anuja and I discussed the matter on Slack. The test failure is internal and has no customer-facing implications. A sanity-only check is sufficient. If build with test passes with latest OpenSSL, then the fix works as expected.

c9s build: https://kojihub.stream.rdu2.redhat.com/koji/taskinfo?taskID=2275158

— Additional comment from Christian Heimes on 2023-05-30 12:22:46 UTC —

The c9s build took a bit longer because there was an outage of the s390x builder.

rhel-9-main build: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=52966821

— Additional comment from errata-xmlrpc on 2023-05-30 12:24:28 UTC —

This bug has been added to advisory RHSA-2023:113182 by Christian Heimes (cheimes@redhat.com)

— Additional comment from errata-xmlrpc on 2023-05-30 12:24:29 UTC —

Bug report changed to ON_QA status by Errata System.
A QE request has been submitted for advisory RHSA-2023:113182-03
https://errata.devel.redhat.com/advisory/113182

— Additional comment from errata-xmlrpc on 2023-05-30 12:24:40 UTC —

This bug has been added to advisory RHSA-2023:113182 by Christian Heimes (cheimes@redhat.com)

— Additional comment from anuja on 2023-06-28 12:51:41 UTC —

— Additional comment from anuja on 2023-06-28 14:02:14 UTC —

As per fix test will be marked as skipped.

tests/hazmat/primitives/test_rsa.py::TestRSADecryption::test_decrypt_invalid_decrypt SKIPPED

=========================== short test summary info ============================
SKIPPED [1600] tests/hazmat/primitives/utils.py:501: Does not support counter location: middle_fixed
SKIPPED [1] tests/utils.py:30: Requires OpenSSL without poly1305 support (<OpenSSLBackend(version: OpenSSL 3.0.7 1 Nov 2022, FIPS: False)>)
SKIPPED [1] tests/utils.py:30: Requires backend without RSA OAEP label support (<OpenSSLBackend(version: OpenSSL 3.0.7 1 Nov 2022, FIPS: False)>)
SKIPPED [1] tests/utils.py:30: Does not support PKCS1v1.5. (<OpenSSLBackend(version: OpenSSL 3.0.7 1 Nov 2022, FIPS: False)>)
SKIPPED [1] tests/utils.py:30: Requires FIPS (<OpenSSLBackend(version: OpenSSL 3.0.7 1 Nov 2022, FIPS: False)>)
SKIPPED [4] tests/hazmat/primitives/test_serialization.py:1919: Requires bcrypt module
SKIPPED [1] tests/utils.py:30: Requires that bcrypt exists (<OpenSSLBackend(version: OpenSSL 3.0.7 1 Nov 2022, FIPS: False)>)
SKIPPED [1] tests/utils.py:30: Requires backend support for ec.SECP192R1 (<OpenSSLBackend(version: OpenSSL 3.0.7 1 Nov 2022, FIPS: False)>)
SKIPPED [1] tests/utils.py:30: Does not support SM4 ECB (<OpenSSLBackend(version: OpenSSL 3.0.7 1 Nov 2022, FIPS: False)>)
SKIPPED [1] tests/utils.py:30: Does not support SM4 CBC (<OpenSSLBackend(version: OpenSSL 3.0.7 1 Nov 2022, FIPS: False)>)
SKIPPED [1] tests/utils.py:30: Does not support SM4 OFB (<OpenSSLBackend(version: OpenSSL 3.0.7 1 Nov 2022, FIPS: False)>)
SKIPPED [1] tests/utils.py:30: Does not support SM4 CFB (<OpenSSLBackend(version: OpenSSL 3.0.7 1 Nov 2022, FIPS: False)>)
SKIPPED [1] tests/utils.py:30: Does not support SM4 CTR (<OpenSSLBackend(version: OpenSSL 3.0.7 1 Nov 2022, FIPS: False)>)
SKIPPED [1] tests/utils.py:30: Requires OpenSSL without X25519 support (<OpenSSLBackend(version: OpenSSL 3.0.7 1 Nov 2022, FIPS: False)>)
SKIPPED [1] tests/utils.py:30: Requires OpenSSL without X448 support (<OpenSSLBackend(version: OpenSSL 3.0.7 1 Nov 2022, FIPS: False)>)
===================== 1007 passed, 1617 skipped in 41.62s ======================

Based on results marking bug as verified.

— Additional comment from errata-xmlrpc on 2023-11-07 00:17:51 UTC —

Bug report changed to RELEASE_PENDING status by Errata System.
Advisory RHSA-2023:113182-05 has been changed to PUSH_READY status.
https://errata.devel.redhat.com/advisory/113182

— Additional comment from errata-xmlrpc on 2023-11-07 08:52:12 UTC —

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: python-cryptography security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:6615