Merge #2567

2567: Remove the dependency on pyOpenSSL r=mergify[bot] a=nextgens ## What type of PR? enhancement ## What does this PR do? Remove the dependency on pyOpenSSL ### Related issue(s) ## Prerequisites Before we can consider review and merge, please make sure the following list is done and checked. If an entry in not applicable, you can check it or remove it from the list. - [ ] In case of feature or enhancement: documentation updated accordingly - [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file. Co-authored-by: Florent Daigniere <nextgens@freenetproject.org> Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2 years ago · e20efc5b99
parent a366116cae c565e69a01
commit e20efc5b99
4 changed files with 10 additions and 12 deletions
--- a/core/admin/mailu/dkim.py
+++ b/core/admin/mailu/dkim.py
@ -2,20 +2,20 @@
 They are thus represented as ASCII armored PEM.
 """

-from OpenSSL import crypto
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric import rsa


-def gen_key(key_type=crypto.TYPE_RSA, bits=2048):
+def gen_key(bits=2048):
    """ Generate and return a new RSA key.
    """
-    key = crypto.PKey()
-    key.generate_key(key_type, bits)
-    return crypto.dump_privatekey(crypto.FILETYPE_PEM, key)
+    k = rsa.generate_private_key(public_exponent=65537, key_size=bits)
+    return k.private_bytes(encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())


 def strip_key(pem):
    """ Return only the b64 part of the ASCII armored PEM.
    """
-    key = crypto.load_privatekey(crypto.FILETYPE_PEM, pem)
-    public_pem = crypto.dump_publickey(crypto.FILETYPE_PEM, key)
+    priv_key = serialization.load_pem_private_key(pem, password=None)
+    public_pem = priv_key.public_key().public_bytes(encoding=serialization.Encoding.PEM,format=serialization.PublicFormat.SubjectPublicKeyInfo)
    return public_pem.replace(b"\n", b"").split(b"-----")[2]
--- a/core/admin/mailu/schemas.py
+++ b/core/admin/mailu/schemas.py
@ -19,7 +19,7 @@ from marshmallow_sqlalchemy.fields import RelatedList

 from flask_marshmallow import Marshmallow

-from OpenSSL import crypto
+from cryptography.hazmat.primitives import serialization

 from pygments import highlight
 from pygments.token import Token
@ -609,8 +609,8 @@ class DkimKeyField(fields.String):

        # check key validity
        try:
-            crypto.load_privatekey(crypto.FILETYPE_PEM, value)
-        except crypto.Error as exc:
+            serialization.load_pem_private_key(bytes(value, "ascii"), password=None)
+        except (UnicodeEncodeError, ValueError) as exc:
            raise ValidationError(f'invalid dkim key {bad_key!r}') from exc
        else:
            return value
--- a/core/base/requirements-dev.txt
+++ b/core/base/requirements-dev.txt
@ -27,7 +27,6 @@ mysql-connector-python==8.0.29
 passlib
 psycopg2-binary
 Pygments
-pyOpenSSL
 PyYAML
 redis
 SQLAlchemy
--- a/core/base/requirements-prod.txt
+++ b/core/base/requirements-prod.txt
@ -51,7 +51,6 @@ psycopg2-binary==2.9.5
 pycares==4.2.2
 pycparser==2.21
 Pygments==2.13.0
-pyOpenSSL==22.1.0
 pyparsing==3.0.9
 python-dateutil==2.8.2
 pytz==2022.6