Message 347755 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Scott Sturdivant
Recipients	Scott Sturdivant, christian.heimes
Date	2019-07-12.21:13:13
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1562965993.74.0.405648137897.issue37576@roundup.psfhosted.org>
In-reply-to

Content
Using Py3{5,6,7} and OpenSSL 1.1.1b-fips, I have not encountered this error. Once OpenSSL has been upgraded to 1.1.1c-fips, the SSL Malloc Error rears its ugly head. Setup: Fedora 30 has openssl-fips by default. Install cryptography with 'pip install cryptography --no-binary=cryptography' so that it can link against your system openssl that is fips enabled. To verify: With openssl 1.1.1.b-fips, the following works: >>> import urllib.request >>> with urllib.request.urlopen('http://python.org/') as response: ... html = response.read() ... >>> from cryptography.hazmat.backends.openssl.backend import backend >>> backend._lib.FIPS_mode_set(1) 1 >>> with urllib.request.urlopen('http://python.org/') as response: ... html = response.read() ... With openssl 1.1.1c-fips, an error is now raised: >>> import urllib.request >>> with urllib.request.urlopen('http://python.org/') as response: ... html = response.read() ... >>> from cryptography.hazmat.backends.openssl.backend import backend >>> backend._lib.FIPS_mode_set(1) 1 >>> with urllib.request.urlopen('http://python.org/') as response: ... html = response.read() ... Traceback (most recent call last): File "/usr/lib64/python3.7/urllib/request.py", line 1317, in do_open encode_chunked=req.has_header('Transfer-encoding')) File "/usr/lib64/python3.7/http/client.py", line 1244, in request self._send_request(method, url, body, headers, encode_chunked) File "/usr/lib64/python3.7/http/client.py", line 1290, in _send_request self.endheaders(body, encode_chunked=encode_chunked) File "/usr/lib64/python3.7/http/client.py", line 1239, in endheaders self._send_output(message_body, encode_chunked=encode_chunked) File "/usr/lib64/python3.7/http/client.py", line 1026, in _send_output self.send(msg) File "/usr/lib64/python3.7/http/client.py", line 966, in send self.connect() File "/usr/lib64/python3.7/http/client.py", line 1407, in connect server_hostname=server_hostname) File "/usr/lib64/python3.7/ssl.py", line 412, in wrap_socket session=session File "/usr/lib64/python3.7/ssl.py", line 853, in _create self.do_handshake() File "/usr/lib64/python3.7/ssl.py", line 1117, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL] malloc failure (_ssl.c:1056) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib64/python3.7/urllib/request.py", line 222, in urlopen return opener.open(url, data, timeout) File "/usr/lib64/python3.7/urllib/request.py", line 531, in open response = meth(req, response) File "/usr/lib64/python3.7/urllib/request.py", line 641, in http_response 'http', request, response, code, msg, hdrs) File "/usr/lib64/python3.7/urllib/request.py", line 563, in error result = self._call_chain(args) File "/usr/lib64/python3.7/urllib/request.py", line 503, in _call_chain result = func(args) File "/usr/lib64/python3.7/urllib/request.py", line 755, in http_error_302 return self.parent.open(new, timeout=req.timeout) File "/usr/lib64/python3.7/urllib/request.py", line 525, in open response = self._open(req, data) File "/usr/lib64/python3.7/urllib/request.py", line 543, in _open '_open', req) File "/usr/lib64/python3.7/urllib/request.py", line 503, in _call_chain result = func(*args) File "/usr/lib64/python3.7/urllib/request.py", line 1360, in https_open context=self._context, check_hostname=self._check_hostname) File "/usr/lib64/python3.7/urllib/request.py", line 1319, in do_open raise URLError(err) urllib.error.URLError: <urlopen error [SSL] malloc failure (_ssl.c:1056)> >>>

Using Py3{5,6,7} and OpenSSL 1.1.1b-fips, I have not encountered this error.  Once OpenSSL has been upgraded to 1.1.1c-fips, the SSL Malloc Error rears its ugly head.

Setup:

Fedora 30 has openssl-fips by default.

Install cryptography with 'pip install cryptography --no-binary=cryptography' so that it can link against your system openssl that is fips enabled.

To verify:

With openssl 1.1.1.b-fips, the following works:

>>> import urllib.request
>>> with urllib.request.urlopen('http://python.org/') as response:
...    html = response.read()
...
>>> from cryptography.hazmat.backends.openssl.backend import backend
>>> backend._lib.FIPS_mode_set(1)
1
>>> with urllib.request.urlopen('http://python.org/') as response:
...    html = response.read()
...

With openssl 1.1.1c-fips, an error is now raised:

>>> import urllib.request
>>> with urllib.request.urlopen('http://python.org/') as response:
...    html = response.read()
...
>>> from cryptography.hazmat.backends.openssl.backend import backend
>>> backend._lib.FIPS_mode_set(1)
1
>>> with urllib.request.urlopen('http://python.org/') as response:
...    html = response.read()
...
Traceback (most recent call last):
  File "/usr/lib64/python3.7/urllib/request.py", line 1317, in do_open
    encode_chunked=req.has_header('Transfer-encoding'))
  File "/usr/lib64/python3.7/http/client.py", line 1244, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/lib64/python3.7/http/client.py", line 1290, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/lib64/python3.7/http/client.py", line 1239, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib64/python3.7/http/client.py", line 1026, in _send_output
    self.send(msg)
  File "/usr/lib64/python3.7/http/client.py", line 966, in send
    self.connect()
  File "/usr/lib64/python3.7/http/client.py", line 1407, in connect
    server_hostname=server_hostname)
  File "/usr/lib64/python3.7/ssl.py", line 412, in wrap_socket
    session=session
  File "/usr/lib64/python3.7/ssl.py", line 853, in _create
    self.do_handshake()
  File "/usr/lib64/python3.7/ssl.py", line 1117, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL] malloc failure (_ssl.c:1056)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python3.7/urllib/request.py", line 222, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib64/python3.7/urllib/request.py", line 531, in open
    response = meth(req, response)
  File "/usr/lib64/python3.7/urllib/request.py", line 641, in http_response
    'http', request, response, code, msg, hdrs)
  File "/usr/lib64/python3.7/urllib/request.py", line 563, in error
    result = self._call_chain(*args)
  File "/usr/lib64/python3.7/urllib/request.py", line 503, in _call_chain
    result = func(*args)
  File "/usr/lib64/python3.7/urllib/request.py", line 755, in http_error_302
    return self.parent.open(new, timeout=req.timeout)
  File "/usr/lib64/python3.7/urllib/request.py", line 525, in open
    response = self._open(req, data)
  File "/usr/lib64/python3.7/urllib/request.py", line 543, in _open
    '_open', req)
  File "/usr/lib64/python3.7/urllib/request.py", line 503, in _call_chain
    result = func(*args)
  File "/usr/lib64/python3.7/urllib/request.py", line 1360, in https_open
    context=self._context, check_hostname=self._check_hostname)
  File "/usr/lib64/python3.7/urllib/request.py", line 1319, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [SSL] malloc failure (_ssl.c:1056)>
>>>

History
Date	User	Action	Args
2019-07-12 21:13:13	Scott Sturdivant	set	recipients: + Scott Sturdivant, christian.heimes
2019-07-12 21:13:13	Scott Sturdivant	set	messageid: <1562965993.74.0.405648137897.issue37576@roundup.psfhosted.org>
2019-07-12 21:13:13	Scott Sturdivant	link	issue37576 messages
2019-07-12 21:13:13	Scott Sturdivant	create