Author Scott Sturdivant
Recipients Scott Sturdivant, christian.heimes
Date 2019-07-12.21:13:13
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1562965993.74.0.405648137897.issue37576@roundup.psfhosted.org>
In-reply-to
Content
Using Py3{5,6,7} and OpenSSL 1.1.1b-fips, I have not encountered this error.  Once OpenSSL has been upgraded to 1.1.1c-fips, the SSL Malloc Error rears its ugly head.

Setup:

Fedora 30 has openssl-fips by default.

Install cryptography with 'pip install cryptography --no-binary=cryptography' so that it can link against your system openssl that is fips enabled.

To verify:

With openssl 1.1.1.b-fips, the following works:

>>> import urllib.request
>>> with urllib.request.urlopen('http://python.org/') as response:
...    html = response.read()
...
>>> from cryptography.hazmat.backends.openssl.backend import backend
>>> backend._lib.FIPS_mode_set(1)
1
>>> with urllib.request.urlopen('http://python.org/') as response:
...    html = response.read()
...

With openssl 1.1.1c-fips, an error is now raised:

>>> import urllib.request
>>> with urllib.request.urlopen('http://python.org/') as response:
...    html = response.read()
...
>>> from cryptography.hazmat.backends.openssl.backend import backend
>>> backend._lib.FIPS_mode_set(1)
1
>>> with urllib.request.urlopen('http://python.org/') as response:
...    html = response.read()
...
Traceback (most recent call last):
  File "/usr/lib64/python3.7/urllib/request.py", line 1317, in do_open
    encode_chunked=req.has_header('Transfer-encoding'))
  File "/usr/lib64/python3.7/http/client.py", line 1244, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/lib64/python3.7/http/client.py", line 1290, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/lib64/python3.7/http/client.py", line 1239, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib64/python3.7/http/client.py", line 1026, in _send_output
    self.send(msg)
  File "/usr/lib64/python3.7/http/client.py", line 966, in send
    self.connect()
  File "/usr/lib64/python3.7/http/client.py", line 1407, in connect
    server_hostname=server_hostname)
  File "/usr/lib64/python3.7/ssl.py", line 412, in wrap_socket
    session=session
  File "/usr/lib64/python3.7/ssl.py", line 853, in _create
    self.do_handshake()
  File "/usr/lib64/python3.7/ssl.py", line 1117, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL] malloc failure (_ssl.c:1056)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python3.7/urllib/request.py", line 222, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib64/python3.7/urllib/request.py", line 531, in open
    response = meth(req, response)
  File "/usr/lib64/python3.7/urllib/request.py", line 641, in http_response
    'http', request, response, code, msg, hdrs)
  File "/usr/lib64/python3.7/urllib/request.py", line 563, in error
    result = self._call_chain(*args)
  File "/usr/lib64/python3.7/urllib/request.py", line 503, in _call_chain
    result = func(*args)
  File "/usr/lib64/python3.7/urllib/request.py", line 755, in http_error_302
    return self.parent.open(new, timeout=req.timeout)
  File "/usr/lib64/python3.7/urllib/request.py", line 525, in open
    response = self._open(req, data)
  File "/usr/lib64/python3.7/urllib/request.py", line 543, in _open
    '_open', req)
  File "/usr/lib64/python3.7/urllib/request.py", line 503, in _call_chain
    result = func(*args)
  File "/usr/lib64/python3.7/urllib/request.py", line 1360, in https_open
    context=self._context, check_hostname=self._check_hostname)
  File "/usr/lib64/python3.7/urllib/request.py", line 1319, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [SSL] malloc failure (_ssl.c:1056)>
>>>
History
Date User Action Args
2019-07-12 21:13:13Scott Sturdivantsetrecipients: + Scott Sturdivant, christian.heimes
2019-07-12 21:13:13Scott Sturdivantsetmessageid: <1562965993.74.0.405648137897.issue37576@roundup.psfhosted.org>
2019-07-12 21:13:13Scott Sturdivantlinkissue37576 messages
2019-07-12 21:13:13Scott Sturdivantcreate