From b40f1fcac47a4f01dd4cd61bf585c91fa61d7cbb Mon Sep 17 00:00:00 2001
From: Thomas Faivre <thomas.faivre@6wind.com>
Date: Tue, 28 Mar 2017 13:12:17 +0200
Subject: [PATCH] layers/tls: fix shell start with old cryptography

Seen on Redhat-7 with distribution version of python-cryptography
(1.3.1):
  File "/usr/lib/python2.7/site-packages/scapy/layers/tls/crypto/ffdh.py", line 207, in <module>
    params = pn.parameters(default_backend())
AttributeError: 'DHParameterNumbers' object has no attribute 'parameters'

This is due to an API change in cryptography 1.7 which is the required version
for scapy. Althought, we should still be able to launch the shell.

Check if cryptography is valid before filling FFDH_GROUPS.

Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>
---
 scapy/layers/tls/crypto/ffdh.py | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/scapy/layers/tls/crypto/ffdh.py b/scapy/layers/tls/crypto/ffdh.py
index 7451c96e..cd648519 100644
--- a/scapy/layers/tls/crypto/ffdh.py
+++ b/scapy/layers/tls/crypto/ffdh.py
@@ -9,8 +9,12 @@ XXX These groups (and the ones from RFC 7919) should be registered to
 the cryptography library. And this file should eventually be removed.
 """
 
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives.asymmetric import dh
+from scapy.config import conf
+if conf.crypto_valid:
+    from cryptography.hazmat.backends import default_backend
+    from cryptography.hazmat.primitives.asymmetric import dh
+else:
+    default_backend = dh = None
 
 from scapy.utils import long_converter
 
@@ -202,10 +206,11 @@ _ffdh_raw_params = { 'modp768' : modp768,
                      'modp8192': modp8192  }
 
 FFDH_GROUPS = {}
-for name, group in _ffdh_raw_params.iteritems():
-    pn = dh.DHParameterNumbers(group.m, group.g)
-    params = pn.parameters(default_backend())
-    FFDH_GROUPS[name] = [params, group.mLen]
+if dh and default_backend:
+    for name, group in _ffdh_raw_params.iteritems():
+        pn = dh.DHParameterNumbers(group.m, group.g)
+        params = pn.parameters(default_backend())
+        FFDH_GROUPS[name] = [params, group.mLen]
 
 
 #from scapy.layers.tls.crypto.pkcs1 import pkcs_os2ip, pkcs_i2osp
-- 
GitLab