Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
systemsmanagement:saltstack:bundle:next:python311:Debian10
saltbundlepy-paramiko
support-cryptography-25-and-above.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File support-cryptography-25-and-above.patch of Package saltbundlepy-paramiko
From 36fbe57629cbbb7bf0f4a1e98c43352b82fe181d Mon Sep 17 00:00:00 2001 From: Andrew Wason <rectalogic@rectalogic.com> Date: Wed, 6 Feb 2019 10:56:53 -0500 Subject: [PATCH 1/4] Move to cryptography 2.5 and stop using deprecated APIs. Fixes #1369 --- .travis.yml | 4 ++-- paramiko/ecdsakey.py | 4 ++-- paramiko/kex_ecdh_nist.py | 37 +++++++++++++++++++++++++++++-------- setup.py | 2 +- tests/test_kex.py | 12 ++++++------ 5 files changed, 40 insertions(+), 19 deletions(-) Index: paramiko-2.4.2/paramiko/ecdsakey.py =================================================================== --- paramiko-2.4.2.orig/paramiko/ecdsakey.py +++ paramiko-2.4.2/paramiko/ecdsakey.py @@ -160,12 +160,12 @@ class ECDSAKey(PKey): pointinfo = msg.get_binary() try: - numbers = ec.EllipticCurvePublicNumbers.from_encoded_point( + key = ec.EllipticCurvePublicKey.from_encoded_point( self.ecdsa_curve.curve_class(), pointinfo ) + self.verifying_key = key except ValueError: raise SSHException("Invalid public key") - self.verifying_key = numbers.public_key(backend=default_backend()) @classmethod def supported_key_format_identifiers(cls): Index: paramiko-2.4.2/paramiko/kex_ecdh_nist.py =================================================================== --- paramiko-2.4.2.orig/paramiko/kex_ecdh_nist.py +++ paramiko-2.4.2/paramiko/kex_ecdh_nist.py @@ -9,6 +9,7 @@ from paramiko.py3compat import byte_chr, from paramiko.ssh_exception import SSHException from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.asymmetric import ec +from cryptography.hazmat.primitives import serialization from binascii import hexlify _MSG_KEXECDH_INIT, _MSG_KEXECDH_REPLY = range(30, 32) @@ -36,7 +37,12 @@ class KexNistp256: m = Message() m.add_byte(c_MSG_KEXECDH_INIT) # SEC1: V2.0 2.3.3 Elliptic-Curve-Point-to-Octet-String Conversion - m.add_string(self.Q_C.public_numbers().encode_point()) + m.add_string( + self.Q_C.public_bytes( + serialization.Encoding.X962, + serialization.PublicFormat.UncompressedPoint, + ) + ) self.transport._send_message(m) self.transport._expect_packet(_MSG_KEXECDH_REPLY) @@ -58,11 +64,11 @@ class KexNistp256: def _parse_kexecdh_init(self, m): Q_C_bytes = m.get_string() - self.Q_C = ec.EllipticCurvePublicNumbers.from_encoded_point( + self.Q_C = ec.EllipticCurvePublicKey.from_encoded_point( self.curve, Q_C_bytes ) K_S = self.transport.get_server_key().asbytes() - K = self.P.exchange(ec.ECDH(), self.Q_C.public_key(default_backend())) + K = self.P.exchange(ec.ECDH(), self.Q_C) K = long(hexlify(K), 16) # compute exchange hash hm = Message() @@ -75,7 +81,12 @@ class KexNistp256: hm.add_string(K_S) hm.add_string(Q_C_bytes) # SEC1: V2.0 2.3.3 Elliptic-Curve-Point-to-Octet-String Conversion - hm.add_string(self.Q_S.public_numbers().encode_point()) + hm.add_string( + self.Q_S.public_bytes( + serialization.Encoding.X962, + serialization.PublicFormat.UncompressedPoint, + ) + ) hm.add_mpint(long(K)) H = self.hash_algo(hm.asbytes()).digest() self.transport._set_K_H(K, H) @@ -84,7 +95,12 @@ class KexNistp256: m = Message() m.add_byte(c_MSG_KEXECDH_REPLY) m.add_string(K_S) - m.add_string(self.Q_S.public_numbers().encode_point()) + m.add_string( + self.Q_S.public_bytes( + serialization.Encoding.X962, + serialization.PublicFormat.UncompressedPoint, + ) + ) m.add_string(sig) self.transport._send_message(m) self.transport._activate_outbound() @@ -92,11 +108,11 @@ class KexNistp256: def _parse_kexecdh_reply(self, m): K_S = m.get_string() Q_S_bytes = m.get_string() - self.Q_S = ec.EllipticCurvePublicNumbers.from_encoded_point( + self.Q_S = ec.EllipticCurvePublicKey.from_encoded_point( self.curve, Q_S_bytes ) sig = m.get_binary() - K = self.P.exchange(ec.ECDH(), self.Q_S.public_key(default_backend())) + K = self.P.exchange(ec.ECDH(), self.Q_S) K = long(hexlify(K), 16) # compute exchange hash and verify signature hm = Message() @@ -108,7 +124,12 @@ class KexNistp256: ) hm.add_string(K_S) # SEC1: V2.0 2.3.3 Elliptic-Curve-Point-to-Octet-String Conversion - hm.add_string(self.Q_C.public_numbers().encode_point()) + hm.add_string( + self.Q_C.public_bytes( + serialization.Encoding.X962, + serialization.PublicFormat.UncompressedPoint, + ) + ) hm.add_string(Q_S_bytes) hm.add_mpint(K) self.transport._set_K_H(K, self.hash_algo(hm.asbytes()).digest()) Index: paramiko-2.4.2/setup.py =================================================================== --- paramiko-2.4.2.orig/setup.py +++ paramiko-2.4.2/setup.py @@ -73,7 +73,7 @@ setup( ], install_requires=[ "bcrypt>=3.1.3", - "cryptography>=1.5", + "cryptography>=2.5", "pynacl>=1.0.1", "pyasn1>=0.1.7", ], Index: paramiko-2.4.3/tests/test_kex.py =================================================================== --- paramiko-2.4.3.orig/tests/test_kex.py 2019-06-24 00:45:29.000000000 +0200 +++ paramiko-2.4.3/tests/test_kex.py 2022-09-02 15:55:02.895289382 +0200 @@ -42,20 +42,20 @@ def dummy_generate_key_pair(obj): private_key_value = 94761803665136558137557783047955027733968423115106677159790289642479432803037 # noqa public_key_numbers = "042bdab212fa8ba1b7c843301682a4db424d307246c7e1e6083c41d9ca7b098bf30b3d63e2ec6278488c135360456cc054b3444ecc45998c08894cbc1370f5f989" # noqa - public_key_numbers_obj = ec.EllipticCurvePublicNumbers.from_encoded_point( + public_key_numbers_obj = ec.EllipticCurvePublicKey.from_encoded_point( ec.SECP256R1(), unhexlify(public_key_numbers) - ) + ).public_numbers() obj.P = ec.EllipticCurvePrivateNumbers( private_value=private_key_value, public_numbers=public_key_numbers_obj ).private_key(default_backend()) if obj.transport.server_mode: - obj.Q_S = ec.EllipticCurvePublicNumbers.from_encoded_point( + obj.Q_S = ec.EllipticCurvePublicKey.from_encoded_point( ec.SECP256R1(), unhexlify(public_key_numbers) - ).public_key(default_backend()) + ) return - obj.Q_C = ec.EllipticCurvePublicNumbers.from_encoded_point( + obj.Q_C = ec.EllipticCurvePublicKey.from_encoded_point( ec.SECP256R1(), unhexlify(public_key_numbers) - ).public_key(default_backend()) + ) class FakeKey(object):
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor