rpms / awscli

Clone
Source Code
GIT

Blame SOURCES/python-rsa-to-cryptography.patch

c7 c7-beta c8 c8-beta c8s
  1.   c8-beta
  2.   SOURCES
  3.   python-rsa-to-cryptography.patch
Blob History Raw
b28e01 
diff -uNr a/awscli/customizations/cloudfront.py b/awscli/customizations/cloudfront.py
4e78bc 
--- a/awscli/customizations/cloudfront.py	2017-08-12 01:39:00.000000000 +0200
4e78bc 
+++ b/awscli/customizations/cloudfront.py	2018-01-05 09:40:09.445445687 +0100
b28e01 
@@ -14,7 +14,9 @@
b28e01 
 import time
b28e01 
 import random
b28e01
b28e01 
-import rsa
b28e01 
+from cryptography.hazmat.primitives import serialization, hashes
b28e01 
+from cryptography.hazmat.primitives.asymmetric import padding
b28e01 
+from cryptography.hazmat.backends import default_backend
b28e01 
 from botocore.utils import parse_to_aware_datetime
b28e01 
 from botocore.signers import CloudFrontSigner
b28e01
4e78bc 
@@ -254,7 +256,10 @@
b28e01
b28e01 
 class RSASigner(object):
b28e01 
     def __init__(self, private_key):
b28e01 
-        self.priv_key = rsa.PrivateKey.load_pkcs1(private_key.encode('utf8'))
4e78bc 
+        self.priv_key = serialization.load_pem_private_key(
4e78bc 
+            private_key.encode('utf8'), password=None,
4e78bc 
+            backend=default_backend())
b28e01
b28e01 
     def sign(self, message):
b28e01 
-        return rsa.sign(message, self.priv_key, 'SHA-1')
4e78bc 
+        return self.priv_key.sign(
4e78bc 
+            message, padding.PKCS1v15(), hashes.SHA1())
b28e01 
diff -uNr a/awscli/customizations/cloudtrail/validation.py b/awscli/customizations/cloudtrail/validation.py
4e78bc 
--- a/awscli/customizations/cloudtrail/validation.py	2017-08-12 01:39:00.000000000 +0200
4e78bc 
+++ b/awscli/customizations/cloudtrail/validation.py	2018-01-04 17:04:38.869212582 +0100
b28e01 
@@ -22,8 +22,10 @@
b28e01 
 from datetime import datetime, timedelta
b28e01 
 from dateutil import tz, parser
b28e01
b28e01 
-from pyasn1.error import PyAsn1Error
b28e01 
-import rsa
b28e01 
+from cryptography.hazmat.primitives import serialization, hashes
b28e01 
+from cryptography.hazmat.backends import default_backend
b28e01 
+from cryptography.hazmat.primitives.asymmetric import padding
b28e01 
+from cryptography.exceptions import InvalidSignature
b28e01
b28e01 
 from awscli.customizations.cloudtrail.utils import get_trail_by_arn, \
b28e01 
     get_account_id_from_arn
b28e01 
@@ -530,20 +532,18 @@
b28e01 
         """
b28e01 
         try:
b28e01 
             decoded_key = base64.b64decode(public_key)
b28e01 
-            public_key = rsa.PublicKey.load_pkcs1(decoded_key, format='DER')
b28e01 
+            public_key = serialization.load_der_public_key(decoded_key,
b28e01 
+                backend=default_backend())
b28e01 
             to_sign = self._create_string_to_sign(digest_data, inflated_digest)
b28e01 
             signature_bytes = binascii.unhexlify(digest_data['_signature'])
b28e01 
-            rsa.verify(to_sign, signature_bytes, public_key)
b28e01 
-        except PyAsn1Error:
b28e01 
+            public_key.verify(signature_bytes, to_sign, padding.PKCS1v15(),
b28e01 
+                hashes.SHA256())
b28e01 
+        except (ValueError, TypeError):
b28e01 
             raise DigestError(
b28e01 
                 ('Digest file\ts3://%s/%s\tINVALID: Unable to load PKCS #1 key'
b28e01 
                  ' with fingerprint %s')
b28e01 
                 % (bucket, key, digest_data['digestPublicKeyFingerprint']))
b28e01 
-        except rsa.pkcs1.VerificationError:
b28e01 
-            # Note from the Python-RSA docs: Never display the stack trace of
b28e01 
-            # a rsa.pkcs1.VerificationError exception. It shows where in the
b28e01 
-            # code the exception occurred, and thus leaks information about
b28e01 
-            # the key.
b28e01 
+        except InvalidSignature:
b28e01 
             raise DigestSignatureError(bucket, key)
b28e01
b28e01 
     def _create_string_to_sign(self, digest_data, inflated_digest):
b28e01 
diff -uNr a/awscli/customizations/ec2/decryptpassword.py b/awscli/customizations/ec2/decryptpassword.py
4e78bc 
--- a/awscli/customizations/ec2/decryptpassword.py	2017-08-12 01:39:00.000000000 +0200
4e78bc 
+++ b/awscli/customizations/ec2/decryptpassword.py	2018-01-04 16:24:42.565140244 +0100
b28e01 
@@ -13,7 +13,9 @@
b28e01 
 import logging
b28e01 
 import os
b28e01 
 import base64
b28e01 
-import rsa
b28e01 
+from cryptography.hazmat.primitives import serialization
b28e01 
+from cryptography.hazmat.backends import default_backend
b28e01 
+from cryptography.hazmat.primitives.asymmetric import padding
b28e01 
 from awscli.compat import six
b28e01
b28e01 
 from botocore import model
b28e01 
@@ -109,9 +111,11 @@
b28e01 
             try:
b28e01 
                 with open(self._key_path) as pk_file:
b28e01 
                     pk_contents = pk_file.read()
b28e01 
-                    private_key = rsa.PrivateKey.load_pkcs1(six.b(pk_contents))
b28e01 
+                    private_key = serialization.load_pem_private_key(
b28e01 
+                        six.b(pk_contents), password=None,
b28e01 
+                        backend=default_backend())
b28e01 
                     value = base64.b64decode(value)
b28e01 
-                    value = rsa.decrypt(value, private_key)
b28e01 
+                    value = private_key.decrypt(value, padding.PKCS1v15())
b28e01 
                     logger.debug(parsed)
b28e01 
                     parsed['PasswordData'] = value.decode('utf-8')
b28e01 
                     logger.debug(parsed)

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation