Comments (7)
mmm... that looks like a bug. I have to see how to fix this using the generic C-API from upstream.
Are you doing a security audit of this library? In any case, your feedback is much appreciated.
from python-mbedtls.
No security audit, full story below:
I'm trying to port the python tools/libraries I'm writing to webassembly using pyodide
but I faced two major problems:
- pyodide has no SSL/TLS support (probably some issues with interfacing emscripten compiled openssl with python, also since webassembly doesn't support sockets the maintainers of pyodide don't want to spend resources on that. however I have a pretty niche usecase for using the in-memory SSL/TLS)
- no out of the box 3rd party crypto library. There isn't a single one which can compile easily in a way that pyodide can use because CFFI/rust/... long story, there are some caveats.
I've been searching for half a year to these major blocking issues, and by chance stumbled across your project which compiles out-of-the-box on pyodide/emscripten, has working TLS support and also provides C-backed crypto interface.
The missing crypto library support in pyodide is a major pain-point for many users as you might imagine and currently there is no 3rd party lib which works. Believe me I tried so many different approaches but they all failed.
Therefore I'm trying my best to improve this project so I (and probably many others) can have proper usability for cryptography-related projects.
Also I'm writing a custom crypto lib that will work cross-platforms with support for major existing crypto packages with a unified interface, it's nothing major but will help users writing libraries that will work on both pyodide and python. I'm mentioning this because I have working testcases for testing the integration of supported crypto modules (mbedtls included) and this is how I find the issues in your lib.
from python-mbedtls.
Interesting. I am glad my library is useful. :)
I am working on this now. I think I have the same kind of error on AEAD ciphers I still have to fix. I am not exactly sure how to test this, either.
How do you test it? test vectors?
from python-mbedtls.
I'm writing a wrapper library (it's for my project's not production grade) called unicrypto
which has test vectors, and also supports your project.
With this PR all tests cases passing except one, which is CFB
when the segment_size
is one (default is 8 which works). This is not related to this PR, but to the fact that I couldn't find a way to control the segment_size
parameter using the current API.
However, for me it's not a big issue currently, this is just a headsup.
With this being said, would you please push the current package to pyp
so I can reference it in the build environmnet?
from python-mbedtls.
And thank you for your hard work!
from python-mbedtls.
This is not related to this PR, but to the fact that I couldn't find a way to control the segment_size parameter using the current API.
I do not know either how to that on the backend.
With this being said, would you please push the current package to pyp so I can reference it in the build environmnet?
Yes, I guess it makes sense now. I am not happy with my TLSWrappedSocket code but these are enough fixes and changes to warrant a new release. I'll take care of that shortly.
from python-mbedtls.
FYI: 1.7.0 released just yet.
from python-mbedtls.
Related Issues (20)
- Possibility to change mbedtls_ssl_conf_read_timeout HOT 7
- Chunking while sending more than 1024B data during handshake HOT 5
- TLS error when running client.py and server.py HOT 2
- server.py and client.py still have bugs when running on the Ubuntu system. HOT 2
- DTLSConnection Id Support HOT 1
- Vulnerable shared libraries might make python-mbedtls vulnerable. Can you help upgrade to patch versions? HOT 3
- won't install/compile HOT 1
- fails to run HOT 2
- error control nb args HOT 1
- Executing server.py gives:
- server.py error HOT 2
- Tests fail if mbedtls built without ARIA support HOT 1
- Issue with loading private keys and trailing null bytes HOT 4
- AES GCM 128 and 256 fails TAG test vector HOT 2
- Provide an example of DTLS server and client with certificates instead of PSK HOT 14
- Possibility to change MTU (max_frag_len) fragmentation size. HOT 8
- TLSWrappedSocket.shutdown(int) does not send DTLS Alert Close Notify message (mbedtls_ssl_close_notify) HOT 4
- Python handle of "record from another epoch: expected 1, received 0" HOT 4
- test_version() test fails due to Mbed TLS spelling change HOT 2
- Random error in HelloVerifyRequest() HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from python-mbedtls.