From 3e38e7b89dde858d590c40ebeee3ede9f6f3b5f4 Mon Sep 17 00:00:00 2001 From: Florent Daigniere Date: Sun, 27 Nov 2022 15:41:21 +0100 Subject: [PATCH 1/3] Remove the dependency on pyOpenSSL --- core/admin/mailu/dkim.py | 15 ++++++++------- core/admin/mailu/schemas.py | 4 ++-- core/base/requirements-dev.txt | 1 - core/base/requirements-prod.txt | 1 - 4 files changed, 10 insertions(+), 11 deletions(-) diff --git a/core/admin/mailu/dkim.py b/core/admin/mailu/dkim.py index e682c64c..5719a62e 100644 --- a/core/admin/mailu/dkim.py +++ b/core/admin/mailu/dkim.py @@ -2,20 +2,21 @@ They are thus represented as ASCII armored PEM. """ -from OpenSSL import crypto +from cryptography.hazmat.primitives import serialization +from cryptography.hazmat.primitives.asymmetric import rsa -def gen_key(key_type=crypto.TYPE_RSA, bits=2048): +def gen_key(bits=2048): """ Generate and return a new RSA key. """ - key = crypto.PKey() - key.generate_key(key_type, bits) - return crypto.dump_privatekey(crypto.FILETYPE_PEM, key) + k = rsa.generate_private_key(public_exponent=65537, key_size=bits) + return k.private_bytes(encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption()) def strip_key(pem): """ Return only the b64 part of the ASCII armored PEM. """ - key = crypto.load_privatekey(crypto.FILETYPE_PEM, pem) - public_pem = crypto.dump_publickey(crypto.FILETYPE_PEM, key) + + priv_key = serialization.load_pem_private_key(pem, password=None) + public_pem = priv_key.public_key().public_bytes(encoding=serialization.Encoding.PEM,format=serialization.PublicFormat.SubjectPublicKeyInfo) return public_pem.replace(b"\n", b"").split(b"-----")[2] diff --git a/core/admin/mailu/schemas.py b/core/admin/mailu/schemas.py index ca3530fa..bae9be16 100644 --- a/core/admin/mailu/schemas.py +++ b/core/admin/mailu/schemas.py @@ -19,7 +19,7 @@ from marshmallow_sqlalchemy.fields import RelatedList from flask_marshmallow import Marshmallow -from OpenSSL import crypto +from cryptography.hazmat.primitives import serialization from pygments import highlight from pygments.token import Token @@ -609,7 +609,7 @@ class DkimKeyField(fields.String): # check key validity try: - crypto.load_privatekey(crypto.FILETYPE_PEM, value) + serialization.load_pem_private_key(value, password=None) except crypto.Error as exc: raise ValidationError(f'invalid dkim key {bad_key!r}') from exc else: diff --git a/core/base/requirements-dev.txt b/core/base/requirements-dev.txt index ebcdde92..52874a86 100644 --- a/core/base/requirements-dev.txt +++ b/core/base/requirements-dev.txt @@ -27,7 +27,6 @@ mysql-connector-python==8.0.29 passlib psycopg2-binary Pygments -pyOpenSSL PyYAML redis SQLAlchemy diff --git a/core/base/requirements-prod.txt b/core/base/requirements-prod.txt index 4cf70cd0..8b861cd5 100644 --- a/core/base/requirements-prod.txt +++ b/core/base/requirements-prod.txt @@ -51,7 +51,6 @@ psycopg2-binary==2.9.5 pycares==4.2.2 pycparser==2.21 Pygments==2.13.0 -pyOpenSSL==22.1.0 pyparsing==3.0.9 python-dateutil==2.8.2 pytz==2022.6 From b553d025eb029fe4189f0c51fbe60332203540e5 Mon Sep 17 00:00:00 2001 From: Florent Daigniere Date: Tue, 29 Nov 2022 13:32:40 +0100 Subject: [PATCH 2/3] remove newline --- core/admin/mailu/dkim.py | 1 - 1 file changed, 1 deletion(-) diff --git a/core/admin/mailu/dkim.py b/core/admin/mailu/dkim.py index 5719a62e..7eda45d7 100644 --- a/core/admin/mailu/dkim.py +++ b/core/admin/mailu/dkim.py @@ -16,7 +16,6 @@ def gen_key(bits=2048): def strip_key(pem): """ Return only the b64 part of the ASCII armored PEM. """ - priv_key = serialization.load_pem_private_key(pem, password=None) public_pem = priv_key.public_key().public_bytes(encoding=serialization.Encoding.PEM,format=serialization.PublicFormat.SubjectPublicKeyInfo) return public_pem.replace(b"\n", b"").split(b"-----")[2] From c565e69a018317ff46802770a3d78fd13ca44ca1 Mon Sep 17 00:00:00 2001 From: Florent Daigniere Date: Tue, 29 Nov 2022 13:34:22 +0100 Subject: [PATCH 3/3] as requested --- core/admin/mailu/schemas.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/admin/mailu/schemas.py b/core/admin/mailu/schemas.py index bae9be16..4a9792ec 100644 --- a/core/admin/mailu/schemas.py +++ b/core/admin/mailu/schemas.py @@ -609,8 +609,8 @@ class DkimKeyField(fields.String): # check key validity try: - serialization.load_pem_private_key(value, password=None) - except crypto.Error as exc: + serialization.load_pem_private_key(bytes(value, "ascii"), password=None) + except (UnicodeEncodeError, ValueError) as exc: raise ValidationError(f'invalid dkim key {bad_key!r}') from exc else: return value