drop support for openssl < 1.1.1d (#8449)

This removes the OS random engine, which contained the only CPython PSF
licensed code in the repository. Accordingly, that license has now been
removed.

Author: reaperhulk

.github/workflows/ci.yml

@@ -136,7 +136,6 @@ jobs:
           - {IMAGE: "bullseye", TOXENV: "py39", RUNNER: "ubuntu-latest"}
           - {IMAGE: "bookworm", TOXENV: "py311", RUNNER: "ubuntu-latest"}
           - {IMAGE: "sid", TOXENV: "py311", RUNNER: "ubuntu-latest"}
-          - {IMAGE: "ubuntu-bionic", TOXENV: "py36", RUNNER: "ubuntu-latest"}
           - {IMAGE: "ubuntu-focal", TOXENV: "py38", RUNNER: "ubuntu-latest"}
           - {IMAGE: "ubuntu-jammy", TOXENV: "py310", RUNNER: "ubuntu-latest"}
           - {IMAGE: "ubuntu-rolling", TOXENV: "py310", RUNNER: "ubuntu-latest"}
@@ -182,7 +181,6 @@ jobs:
         run: mkdir -p "${HOME}/.cache/pip"
       - run: |
           echo "OPENSSL_FORCE_FIPS_MODE=1" >> $GITHUB_ENV
-          echo "CFLAGS=-DUSE_OSRANDOM_RNG_FOR_TESTING" >> $GITHUB_ENV
         if: matrix.IMAGE.FIPS
       - run: /venv/bin/python -m pip install -c ci-constraints-requirements.txt 'tox>3' coverage
       - run: '/venv/bin/tox -vvv --notest'
@@ -373,11 +371,11 @@ jobs:
           - {OS: 'macos-12', ARCH: 'x86_64'}
           - {OS: [self-hosted, macos, ARM64, tart], ARCH: 'arm64'}
         PYTHON:
-          - {VERSION: "3.6", TOXENV: "py36-nocoverage", EXTRA_CFLAGS: ""}
-          - {VERSION: "3.11", TOXENV: "py311", EXTRA_CFLAGS: "-DUSE_OSRANDOM_RNG_FOR_TESTING"}
+          - {VERSION: "3.6", TOXENV: "py36-nocoverage"}
+          - {VERSION: "3.11", TOXENV: "py311"}
         exclude:
           # We only test latest Python on arm64. The py36 won't work since there's no universal2 binary
-          - PYTHON: {VERSION: "3.6", TOXENV: "py36-nocoverage", EXTRA_CFLAGS: ""}
+          - PYTHON: {VERSION: "3.6", TOXENV: "py36-nocoverage"}
             RUNNER: {OS: [self-hosted, macos, ARM64, tart], ARCH: 'arm64'}
     name: "${{ matrix.PYTHON.TOXENV }} on macOS ${{ matrix.RUNNER.ARCH }}"
     timeout-minutes: 15
@@ -420,11 +418,10 @@ jobs:
         run: |
           OPENSSL_DIR=$(readlink -f ../openssl-macos-universal2/) \
             OPENSSL_STATIC=1 \
-            CFLAGS="-Werror -Wno-error=deprecated-declarations -Wno-error=incompatible-pointer-types-discards-qualifiers -Wno-error=unused-function -mmacosx-version-min=10.12 $EXTRA_CFLAGS" \
+            CFLAGS="-Werror -Wno-error=deprecated-declarations -Wno-error=incompatible-pointer-types-discards-qualifiers -Wno-error=unused-function -mmacosx-version-min=10.12" \
             tox -vvv --notest
         env:
           TOXENV: ${{ matrix.PYTHON.TOXENV }}
-          EXTRA_CFLAGS: ${{ matrix.PYTHON.EXTRA_CFLAGS }}
           CARGO_TARGET_DIR: ${{ format('{0}/src/rust/target/', github.workspace) }}
       - name: Tests
         run: tox --skip-pkg-install --  --color=yes --wycheproof-root=wycheproof
@@ -443,8 +440,8 @@ jobs:
           - {ARCH: 'x86', WINDOWS: 'win32'}
           - {ARCH: 'x64', WINDOWS: 'win64'}
         PYTHON:
-          - {VERSION: "3.6", TOXENV: "py36-nocoverage", CL_FLAGS: ""}
-          - {VERSION: "3.11", TOXENV: "py311", CL_FLAGS: "/D USE_OSRANDOM_RNG_FOR_TESTING"}
+          - {VERSION: "3.6", TOXENV: "py36-nocoverage"}
+          - {VERSION: "3.11", TOXENV: "py311"}
         JOB_NUMBER: [0, 1]
     name: "${{ matrix.PYTHON.TOXENV }} on ${{ matrix.WINDOWS.WINDOWS }} (part ${{ matrix.JOB_NUMBER }})"
     timeout-minutes: 15
@@ -481,7 +478,6 @@ jobs:
       - name: Configure
         run: |
             echo "OPENSSL_DIR=C:/openssl-${{ matrix.WINDOWS.WINDOWS }}" >> $GITHUB_ENV
-            echo "CL=${{ matrix.PYTHON.CL_FLAGS }}" >> $GITHUB_ENV
         shell: bash
 
       - name: Clone wycheproof

CHANGELOG.rst

@@ -8,6 +8,9 @@ Changelog
 
 .. note:: This version is not yet released and is under active development.
 
+* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL less than 1.1.1d has been
+  removed.  Users on older version of OpenSSL will need to upgrade.
+
 .. _v40-0-0:
 
 40.0.0 - 2023-03-24

LICENSE

@@ -1,6 +1,3 @@
 This software is made available under the terms of *either* of the licenses
 found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made
 under the terms of *both* these licenses.
-
-The code used in the OS random engine is derived from CPython, and is licensed
-under the terms of the PSF License Agreement.

LICENSE.PSF

@@ -3,7 +3,6 @@ include CONTRIBUTING.rst
 include LICENSE
 include LICENSE.APACHE
 include LICENSE.BSD
-include LICENSE.PSF
 include README.rst
 include tox.ini
 

MANIFEST.in

@@ -10,8 +10,8 @@ A list of supported versions can be found in our :doc:`/installation`
 documentation.
 
 In general the backend should be considered an internal implementation detail
-of the project, but there are some public methods available for more advanced
-control.
+of the project, but there are some public methods available for debugging
+purposes.
 
 .. data:: cryptography.hazmat.backends.openssl.backend
 
@@ -29,21 +29,6 @@ control.
             typically shown in hexadecimal (e.g. ``0x1010003f``). This is
             not necessarily the same version as it was compiled against.
 
-    .. method:: activate_osrandom_engine()
-
-        Activates the OS random engine. This will effectively disable OpenSSL's
-        default CSPRNG.
-
-    .. method:: osrandom_engine_implementation()
-
-        .. versionadded:: 1.7
-
-        Returns the implementation of OS random engine.
-
-    .. method:: activate_builtin_random()
-
-        This will activate the default OpenSSL CSPRNG.
-
 .. _legacy-provider:
 
 Legacy provider in OpenSSL 3.x
@@ -56,68 +41,5 @@ disable the legacy provider in OpenSSL 3.x. This will disable legacy
 cryptographic algorithms, including ``Blowfish``, ``CAST5``, ``SEED``,
 ``ARC4``, and ``RC2`` (which is used by some encrypted serialization formats).
 
-OS random engine
-----------------
-
-.. note::
-
-    As of OpenSSL 1.1.1d its CSPRNG is fork-safe by default.
-    ``cryptography`` does not compile or load the custom engine on
-    >= 1.1.1d.
-
-By default OpenSSL uses a user-space CSPRNG that is seeded from system random (
-``/dev/urandom`` or ``CryptGenRandom``). This CSPRNG is not reseeded
-automatically when a process calls ``fork()``. This can result in situations
-where two different processes can return similar or identical keys and
-compromise the security of the system.
-
-The approach this project has chosen to mitigate this vulnerability is to
-include an engine that replaces the OpenSSL default CSPRNG with one that
-sources its entropy from ``/dev/urandom`` on UNIX-like operating systems and
-uses ``CryptGenRandom`` on Windows. This method of pulling from the system pool
-allows us to avoid potential issues with `initializing the RNG`_ as well as
-protecting us from the ``fork()`` weakness.
-
-This engine is **active** by default when importing the OpenSSL backend. When
-active this engine will be used to generate all the random data OpenSSL
-requests.
-
-When importing only the binding it is added to the engine list but
-**not activated**.
-
-
-OS random sources
------------------
-
-On macOS and FreeBSD ``/dev/urandom`` is an alias for ``/dev/random``. The
-implementation on macOS uses the `Yarrow`_ algorithm. FreeBSD uses the
-`Fortuna`_ algorithm.
-
-On Windows the implementation of ``CryptGenRandom`` depends on which version of
-the operation system you are using. See the `Microsoft documentation`_ for more
-details.
-
-Linux uses its own PRNG design. ``/dev/urandom`` is a non-blocking source
-seeded from the same pool as ``/dev/random``.
-
-+------------------------------------------+------------------------------+
-| Windows                                  | ``CryptGenRandom()``         |
-+------------------------------------------+------------------------------+
-| Linux >= 3.17 with working               | ``getrandom()``              |
-| ``SYS_getrandom`` syscall                |                              |
-+------------------------------------------+------------------------------+
-| OpenBSD >= 5.6                           | ``getentropy()``             |
-+------------------------------------------+------------------------------+
-| BSD family (including macOS 10.12+) with | ``getentropy()``             |
-| ``SYS_getentropy`` in ``sys/syscall.h``  |                              |
-+------------------------------------------+------------------------------+
-| fallback                                 | ``/dev/urandom`` with        |
-|                                          | cached file descriptor       |
-+------------------------------------------+------------------------------+
-
 
 .. _`OpenSSL`: https://www.openssl.org/
-.. _`initializing the RNG`: https://en.wikipedia.org/wiki/OpenSSL#Predictable_private_keys_.28Debian-specific.29
-.. _`Fortuna`: https://en.wikipedia.org/wiki/Fortuna_(PRNG)
-.. _`Yarrow`: https://en.wikipedia.org/wiki/Yarrow_algorithm
-.. _`Microsoft documentation`: https://docs.microsoft.com/en-us/windows/desktop/api/wincrypt/nf-wincrypt-cryptgenrandom

docs/openssl.rst

@@ -4,7 +4,7 @@ version = attr: cryptography.__version__
 description = cryptography is a package which provides cryptographic recipes and primitives to Python developers.
 long_description = file: README.rst
 long_description_content_type = text/x-rst
-license = (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0
+license = Apache-2.0 OR BSD-3-Clause
 url = https://github.com/pyca/cryptography
 author = The Python Cryptographic Authority and individual contributors
 author_email = [email protected]

setup.cfg

@@ -100,7 +100,6 @@ def _extra_compile_args(platform):
         "nid",
         "objects",
         "opensslv",
-        "osrandom_engine",
         "pem",
         "pkcs12",
         "rand",

src/_cffi_src/build_openssl.py

@@ -52,40 +52,25 @@
 #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_370 (0)
 #endif
 
-#if OPENSSL_VERSION_NUMBER < 0x10101000
-    #error "pyca/cryptography MUST be linked with Openssl 1.1.1 or later"
+#if OPENSSL_VERSION_NUMBER < 0x10101040
+    #error "pyca/cryptography MUST be linked with Openssl 1.1.1d or later"
 #endif
 
-#define CRYPTOGRAPHY_OPENSSL_111D_OR_GREATER \
-    (OPENSSL_VERSION_NUMBER >= 0x10101040 && !CRYPTOGRAPHY_IS_LIBRESSL)
 #define CRYPTOGRAPHY_OPENSSL_300_OR_GREATER \
     (OPENSSL_VERSION_NUMBER >= 0x30000000 && !CRYPTOGRAPHY_IS_LIBRESSL)
 
-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B \
-    (OPENSSL_VERSION_NUMBER < 0x10101020 || CRYPTOGRAPHY_IS_LIBRESSL)
-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111D \
-    (OPENSSL_VERSION_NUMBER < 0x10101040 || CRYPTOGRAPHY_IS_LIBRESSL)
 #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111E \
     (OPENSSL_VERSION_NUMBER < 0x10101050 || CRYPTOGRAPHY_IS_LIBRESSL)
-#if (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111D && !CRYPTOGRAPHY_IS_LIBRESSL && \
-    !defined(OPENSSL_NO_ENGINE)) || defined(USE_OSRANDOM_RNG_FOR_TESTING)
-#define CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE 1
-#else
-#define CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE 0
-#endif
-/* Ed25519 support is available from OpenSSL 1.1.1b and LibreSSL 3.7.0. */
+/* Ed25519 support is in all supported OpenSSLs as well as LibreSSL 3.7.0. */
 #define CRYPTOGRAPHY_HAS_WORKING_ED25519 \
-    (!CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B || \
+    (!CRYPTOGRAPHY_IS_LIBRESSL || \
     (CRYPTOGRAPHY_IS_LIBRESSL && !CRYPTOGRAPHY_LIBRESSL_LESS_THAN_370))
 """
 
 TYPES = """
-static const int CRYPTOGRAPHY_OPENSSL_111D_OR_GREATER;
 static const int CRYPTOGRAPHY_OPENSSL_300_OR_GREATER;
 
-static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B;
 static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111E;
-static const int CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE;
 static const int CRYPTOGRAPHY_HAS_WORKING_ED25519;
 
 static const int CRYPTOGRAPHY_LIBRESSL_LESS_THAN_370;

src/_cffi_src/openssl/cryptography.py

@@ -49,7 +49,7 @@
 #define ERR_LIB_PROV 0
 #endif
 
-#if !CRYPTOGRAPHY_OPENSSL_111D_OR_GREATER || CRYPTOGRAPHY_IS_BORINGSSL
+#ifndef EVP_R_XTS_DUPLICATED_KEYS
 static const int EVP_R_XTS_DUPLICATED_KEYS = 0;
 #endif