From 48ff88a7781165b98285d6c25ec5d49d49cc3503 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Wed, 15 Jun 2016 17:01:38 -0400 Subject: [bug] initialize OpenSSL context just once Do not initialize the openssl context on each call to decrypt. I'm not 100% sure of the causal chain, but it seems that the initialization of the osrandom engine that openssl backend does might be breaking havoc when sqlcipher is calling rand_bytes concurrently. further testing is needed to confirm this is the ultimate cause, but in my tests this change avoids the occurrence of the dreaded Floating Point Exception in soledad/sqlcipher. - Resolves: #8180 --- client/src/leap/soledad/client/crypto.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/client/src/leap/soledad/client/crypto.py b/client/src/leap/soledad/client/crypto.py index b75d4301..f7d92372 100644 --- a/client/src/leap/soledad/client/crypto.py +++ b/client/src/leap/soledad/client/crypto.py @@ -39,6 +39,8 @@ logger = logging.getLogger(__name__) MAC_KEY_LENGTH = 64 +crypto_backend = MultiBackend([OpenSSLBackend()]) + def encrypt_sym(data, key): """ @@ -59,8 +61,7 @@ def encrypt_sym(data, key): (len(key) * 8)) iv = os.urandom(16) - backend = MultiBackend([OpenSSLBackend()]) - cipher = Cipher(algorithms.AES(key), modes.CTR(iv), backend=backend) + cipher = Cipher(algorithms.AES(key), modes.CTR(iv), backend=crypto_backend) encryptor = cipher.encryptor() ciphertext = encryptor.update(data) + encryptor.finalize() @@ -87,9 +88,8 @@ def decrypt_sym(data, key, iv): soledad_assert( len(key) == 32, # 32 x 8 = 256 bits. 'Wrong key size: %s (must be 256 bits long).' % len(key)) - backend = MultiBackend([OpenSSLBackend()]) iv = binascii.a2b_base64(iv) - cipher = Cipher(algorithms.AES(key), modes.CTR(iv), backend=backend) + cipher = Cipher(algorithms.AES(key), modes.CTR(iv), backend=crypto_backend) decryptor = cipher.decryptor() return decryptor.update(data) + decryptor.finalize() -- cgit v1.2.3