Blame SOURCES/python-rsa-to-cryptography.patch

adca06
diff -uNr a/awscli/customizations/cloudfront.py b/awscli/customizations/cloudfront.py
adca06
--- a/awscli/customizations/cloudfront.py	2017-08-12 01:39:00.000000000 +0200
adca06
+++ b/awscli/customizations/cloudfront.py	2018-01-05 09:40:09.445445687 +0100
adca06
@@ -14,7 +14,9 @@
adca06
 import time
adca06
 import random
adca06
 
adca06
-import rsa
adca06
+from cryptography.hazmat.primitives import serialization, hashes
adca06
+from cryptography.hazmat.primitives.asymmetric import padding
adca06
+from cryptography.hazmat.backends import default_backend
adca06
 from botocore.utils import parse_to_aware_datetime
adca06
 from botocore.signers import CloudFrontSigner
adca06
 
adca06
@@ -254,7 +256,10 @@
adca06
 
adca06
 class RSASigner(object):
adca06
     def __init__(self, private_key):
adca06
-        self.priv_key = rsa.PrivateKey.load_pkcs1(private_key.encode('utf8'))
adca06
+        self.priv_key = serialization.load_pem_private_key(
adca06
+            private_key.encode('utf8'), password=None,
adca06
+            backend=default_backend())
adca06
 
adca06
     def sign(self, message):
adca06
-        return rsa.sign(message, self.priv_key, 'SHA-1')
adca06
+        return self.priv_key.sign(
adca06
+            message, padding.PKCS1v15(), hashes.SHA1())
adca06
diff -uNr a/awscli/customizations/cloudtrail/validation.py b/awscli/customizations/cloudtrail/validation.py
adca06
--- a/awscli/customizations/cloudtrail/validation.py	2017-08-12 01:39:00.000000000 +0200
adca06
+++ b/awscli/customizations/cloudtrail/validation.py	2018-01-04 17:04:38.869212582 +0100
adca06
@@ -22,8 +22,10 @@
adca06
 from datetime import datetime, timedelta
adca06
 from dateutil import tz, parser
adca06
 
adca06
-from pyasn1.error import PyAsn1Error
adca06
-import rsa
adca06
+from cryptography.hazmat.primitives import serialization, hashes
adca06
+from cryptography.hazmat.backends import default_backend
adca06
+from cryptography.hazmat.primitives.asymmetric import padding
adca06
+from cryptography.exceptions import InvalidSignature
adca06
 
adca06
 from awscli.customizations.cloudtrail.utils import get_trail_by_arn, \
adca06
     get_account_id_from_arn
adca06
@@ -530,20 +532,18 @@
adca06
         """
adca06
         try:
adca06
             decoded_key = base64.b64decode(public_key)
adca06
-            public_key = rsa.PublicKey.load_pkcs1(decoded_key, format='DER')
adca06
+            public_key = serialization.load_der_public_key(decoded_key,
adca06
+                backend=default_backend())
adca06
             to_sign = self._create_string_to_sign(digest_data, inflated_digest)
adca06
             signature_bytes = binascii.unhexlify(digest_data['_signature'])
adca06
-            rsa.verify(to_sign, signature_bytes, public_key)
adca06
-        except PyAsn1Error:
adca06
+            public_key.verify(signature_bytes, to_sign, padding.PKCS1v15(),
adca06
+                hashes.SHA256())
adca06
+        except (ValueError, TypeError):
adca06
             raise DigestError(
adca06
                 ('Digest file\ts3://%s/%s\tINVALID: Unable to load PKCS #1 key'
adca06
                  ' with fingerprint %s')
adca06
                 % (bucket, key, digest_data['digestPublicKeyFingerprint']))
adca06
-        except rsa.pkcs1.VerificationError:
adca06
-            # Note from the Python-RSA docs: Never display the stack trace of
adca06
-            # a rsa.pkcs1.VerificationError exception. It shows where in the
adca06
-            # code the exception occurred, and thus leaks information about
adca06
-            # the key.
adca06
+        except InvalidSignature:
adca06
             raise DigestSignatureError(bucket, key)
adca06
 
adca06
     def _create_string_to_sign(self, digest_data, inflated_digest):
adca06
diff -uNr a/awscli/customizations/ec2/decryptpassword.py b/awscli/customizations/ec2/decryptpassword.py
adca06
--- a/awscli/customizations/ec2/decryptpassword.py	2017-08-12 01:39:00.000000000 +0200
adca06
+++ b/awscli/customizations/ec2/decryptpassword.py	2018-01-04 16:24:42.565140244 +0100
adca06
@@ -13,7 +13,9 @@
adca06
 import logging
adca06
 import os
adca06
 import base64
adca06
-import rsa
adca06
+from cryptography.hazmat.primitives import serialization
adca06
+from cryptography.hazmat.backends import default_backend
adca06
+from cryptography.hazmat.primitives.asymmetric import padding
adca06
 from awscli.compat import six
adca06
 
adca06
 from botocore import model
adca06
@@ -109,9 +111,11 @@
adca06
             try:
adca06
                 with open(self._key_path) as pk_file:
adca06
                     pk_contents = pk_file.read()
adca06
-                    private_key = rsa.PrivateKey.load_pkcs1(six.b(pk_contents))
adca06
+                    private_key = serialization.load_pem_private_key(
adca06
+                        six.b(pk_contents), password=None,
adca06
+                        backend=default_backend())
adca06
                     value = base64.b64decode(value)
adca06
-                    value = rsa.decrypt(value, private_key)
adca06
+                    value = private_key.decrypt(value, padding.PKCS1v15())
adca06
                     logger.debug(parsed)
adca06
                     parsed['PasswordData'] = value.decode('utf-8')
adca06
                     logger.debug(parsed)