summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKali Kaneko <kali@leap.se>2016-06-15 17:01:38 -0400
committerKali Kaneko <kali@leap.se>2016-06-15 17:01:38 -0400
commit48ff88a7781165b98285d6c25ec5d49d49cc3503 (patch)
tree38d980a14f3476cac99de9bc137a6e86d6f87772
parent532917f5248d0149497d6dcebfd2a1386daaff94 (diff)
[bug] initialize OpenSSL context just once
Do not initialize the openssl context on each call to decrypt. I'm not 100% sure of the causal chain, but it seems that the initialization of the osrandom engine that openssl backend does might be breaking havoc when sqlcipher is calling rand_bytes concurrently. further testing is needed to confirm this is the ultimate cause, but in my tests this change avoids the occurrence of the dreaded Floating Point Exception in soledad/sqlcipher. - Resolves: #8180
-rw-r--r--client/src/leap/soledad/client/crypto.py8
1 files changed, 4 insertions, 4 deletions
diff --git a/client/src/leap/soledad/client/crypto.py b/client/src/leap/soledad/client/crypto.py
index b75d4301..f7d92372 100644
--- a/client/src/leap/soledad/client/crypto.py
+++ b/client/src/leap/soledad/client/crypto.py
@@ -39,6 +39,8 @@ logger = logging.getLogger(__name__)
MAC_KEY_LENGTH = 64
+crypto_backend = MultiBackend([OpenSSLBackend()])
+
def encrypt_sym(data, key):
"""
@@ -59,8 +61,7 @@ def encrypt_sym(data, key):
(len(key) * 8))
iv = os.urandom(16)
- backend = MultiBackend([OpenSSLBackend()])
- cipher = Cipher(algorithms.AES(key), modes.CTR(iv), backend=backend)
+ cipher = Cipher(algorithms.AES(key), modes.CTR(iv), backend=crypto_backend)
encryptor = cipher.encryptor()
ciphertext = encryptor.update(data) + encryptor.finalize()
@@ -87,9 +88,8 @@ def decrypt_sym(data, key, iv):
soledad_assert(
len(key) == 32, # 32 x 8 = 256 bits.
'Wrong key size: %s (must be 256 bits long).' % len(key))
- backend = MultiBackend([OpenSSLBackend()])
iv = binascii.a2b_base64(iv)
- cipher = Cipher(algorithms.AES(key), modes.CTR(iv), backend=backend)
+ cipher = Cipher(algorithms.AES(key), modes.CTR(iv), backend=crypto_backend)
decryptor = cipher.decryptor()
return decryptor.update(data) + decryptor.finalize()