From 94fb12f224a7fe5df9271acaffc4e76aa6e1cc2b Mon Sep 17 00:00:00 2001 From: Ben Noonan Date: Wed, 3 Sep 2025 17:55:55 +0100 Subject: [PATCH 1/7] c --- kmip/services/kmip_client.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/kmip/services/kmip_client.py b/kmip/services/kmip_client.py index 7f72adf7..f717cdea 100644 --- a/kmip/services/kmip_client.py +++ b/kmip/services/kmip_client.py @@ -285,13 +285,14 @@ def open(self): six.reraise(*last_error) def _create_socket(self, sock): - self.socket = ssl.wrap_socket( - sock, + context = ssl.SSLContext(self.ssl_version) + context.load_cert_chain( keyfile=self.keyfile, - certfile=self.certfile, - cert_reqs=self.cert_reqs, - ssl_version=self.ssl_version, - ca_certs=self.ca_certs, + certfile=self.certfile,) + context.verify_mode = self.cert_reqs + context.load_verify_locations(cadatself.ca_certs) + self.socket = context.wrap_socket( + sock, do_handshake_on_connect=self.do_handshake_on_connect, suppress_ragged_eofs=self.suppress_ragged_eofs) self.socket.settimeout(self.timeout) From 8871d8c36ea58f9f745389269b1167f54ead08ff Mon Sep 17 00:00:00 2001 From: Ben Noonan Date: Wed, 3 Sep 2025 18:18:01 +0100 Subject: [PATCH 2/7] typo --- kmip/services/kmip_client.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kmip/services/kmip_client.py b/kmip/services/kmip_client.py index f717cdea..e2fc0ee9 100644 --- a/kmip/services/kmip_client.py +++ b/kmip/services/kmip_client.py @@ -288,9 +288,9 @@ def _create_socket(self, sock): context = ssl.SSLContext(self.ssl_version) context.load_cert_chain( keyfile=self.keyfile, - certfile=self.certfile,) + certfile=self.certfile) context.verify_mode = self.cert_reqs - context.load_verify_locations(cadatself.ca_certs) + context.load_verify_locations(cadata=self.ca_certs) self.socket = context.wrap_socket( sock, do_handshake_on_connect=self.do_handshake_on_connect, From 9cbad9392f665311ca50ee5aa5b8c1c22321f932 Mon Sep 17 00:00:00 2001 From: Ben Noonan Date: Mon, 8 Sep 2025 17:29:08 +0100 Subject: [PATCH 3/7] file --- kmip/services/kmip_client.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kmip/services/kmip_client.py b/kmip/services/kmip_client.py index e2fc0ee9..b88f2c65 100644 --- a/kmip/services/kmip_client.py +++ b/kmip/services/kmip_client.py @@ -290,7 +290,7 @@ def _create_socket(self, sock): keyfile=self.keyfile, certfile=self.certfile) context.verify_mode = self.cert_reqs - context.load_verify_locations(cadata=self.ca_certs) + context.load_verify_locations(cafile=self.ca_certs) self.socket = context.wrap_socket( sock, do_handshake_on_connect=self.do_handshake_on_connect, From 1498e41ae5572e2a54366d2fa28130cae68deab7 Mon Sep 17 00:00:00 2001 From: Ben Noonan Date: Mon, 8 Sep 2025 17:38:18 +0100 Subject: [PATCH 4/7] algo --- kmip/services/server/crypto/engine.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kmip/services/server/crypto/engine.py b/kmip/services/server/crypto/engine.py index f8727d4a..9e61fd0d 100644 --- a/kmip/services/server/crypto/engine.py +++ b/kmip/services/server/crypto/engine.py @@ -18,13 +18,14 @@ from cryptography import exceptions as errors from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.decrepit.ciphers import algorithms from cryptography.hazmat.primitives import serialization, hashes, hmac, cmac from cryptography.hazmat.primitives import padding as symmetric_padding from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.hazmat.primitives.asymmetric import padding as \ asymmetric_padding from cryptography.hazmat.primitives import ciphers, keywrap -from cryptography.hazmat.primitives.ciphers import algorithms, modes +from cryptography.hazmat.primitives.ciphers import modes from cryptography.hazmat.primitives.kdf import hkdf from cryptography.hazmat.primitives.kdf import kbkdf from cryptography.hazmat.primitives.kdf import pbkdf2 From bf332e842f9a8e5df6e619ecad82ec8cfbd957b6 Mon Sep 17 00:00:00 2001 From: Ben Noonan Date: Mon, 8 Sep 2025 17:44:46 +0100 Subject: [PATCH 5/7] some old, some new --- kmip/services/server/crypto/engine.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/kmip/services/server/crypto/engine.py b/kmip/services/server/crypto/engine.py index 9e61fd0d..95f0cbb2 100644 --- a/kmip/services/server/crypto/engine.py +++ b/kmip/services/server/crypto/engine.py @@ -18,14 +18,14 @@ from cryptography import exceptions as errors from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.decrepit.ciphers import algorithms +from cryptography.hazmat.decrepit.ciphers import new_algorithms from cryptography.hazmat.primitives import serialization, hashes, hmac, cmac from cryptography.hazmat.primitives import padding as symmetric_padding from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.hazmat.primitives.asymmetric import padding as \ asymmetric_padding from cryptography.hazmat.primitives import ciphers, keywrap -from cryptography.hazmat.primitives.ciphers import modes +from cryptography.hazmat.primitives.ciphers import algorithms, modes from cryptography.hazmat.primitives.kdf import hkdf from cryptography.hazmat.primitives.kdf import kbkdf from cryptography.hazmat.primitives.kdf import pbkdf2 @@ -50,13 +50,13 @@ def __init__(self): # The IDEA algorithm is supported by cryptography but may not be # supported by certain backends, like OpenSSL. self._symmetric_key_algorithms = { - enums.CryptographicAlgorithm.TRIPLE_DES: algorithms.TripleDES, + enums.CryptographicAlgorithm.TRIPLE_DES: new_algorithms.TripleDES, enums.CryptographicAlgorithm.AES: algorithms.AES, - enums.CryptographicAlgorithm.BLOWFISH: algorithms.Blowfish, + enums.CryptographicAlgorithm.BLOWFISH: new_algorithms.Blowfish, enums.CryptographicAlgorithm.CAMELLIA: algorithms.Camellia, - enums.CryptographicAlgorithm.CAST5: algorithms.CAST5, - enums.CryptographicAlgorithm.IDEA: algorithms.IDEA, - enums.CryptographicAlgorithm.RC4: algorithms.ARC4 + enums.CryptographicAlgorithm.CAST5: new_algorithms.CAST5, + enums.CryptographicAlgorithm.IDEA: new_algorithms.IDEA, + enums.CryptographicAlgorithm.RC4: new_algorithms.ARC4 } self._asymmetric_key_algorithms = { enums.CryptographicAlgorithm.RSA: self._create_rsa_key_pair From e09026b1fa66f2edccb63ceab3e119496223260e Mon Sep 17 00:00:00 2001 From: Ben Noonan Date: Mon, 8 Sep 2025 17:48:46 +0100 Subject: [PATCH 6/7] silly --- kmip/services/server/crypto/engine.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kmip/services/server/crypto/engine.py b/kmip/services/server/crypto/engine.py index 95f0cbb2..1ad55851 100644 --- a/kmip/services/server/crypto/engine.py +++ b/kmip/services/server/crypto/engine.py @@ -18,7 +18,7 @@ from cryptography import exceptions as errors from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.decrepit.ciphers import new_algorithms +from cryptography.hazmat.decrepit.ciphers import algorithms as new_algorithms from cryptography.hazmat.primitives import serialization, hashes, hmac, cmac from cryptography.hazmat.primitives import padding as symmetric_padding from cryptography.hazmat.primitives.asymmetric import rsa From 8460bdbb78ee99bb7fb963e69a7cc10635766ef0 Mon Sep 17 00:00:00 2001 From: Ben Noonan Date: Mon, 8 Sep 2025 18:05:55 +0100 Subject: [PATCH 7/7] cache_ok --- kmip/pie/sqltypes.py | 1 + 1 file changed, 1 insertion(+) diff --git a/kmip/pie/sqltypes.py b/kmip/pie/sqltypes.py index 6b27616a..a0c6bffd 100644 --- a/kmip/pie/sqltypes.py +++ b/kmip/pie/sqltypes.py @@ -84,6 +84,7 @@ class EnumType(types.TypeDecorator): """ impl = types.Integer + cache_ok = False def __init__(self, cls): """