encrypt: use pkeyutl
When using encrypt with openssl >= 3 we get a warning put out on stderr that the rsautl tool is deprecated. This switches to the equivalent encryption using pkeyutl. This has been around since ~0.9.8 (2009) so I think we're fine using it unconditionally. Change-Id: Ia1983c33eae363492da51b8e88b8d7ae64c40987
This commit is contained in:
parent
69ef76bec6
commit
3263c10b56
@ -77,9 +77,14 @@ def encrypt_with_openssl(pubkey_path, plaintext, logger=None):
|
|||||||
'Input plaintext length: {} bytes'.format(len(plaintext)))
|
'Input plaintext length: {} bytes'.format(len(plaintext)))
|
||||||
logger.info('Number of chunks: {}'.format(chunks))
|
logger.info('Number of chunks: {}'.format(chunks))
|
||||||
|
|
||||||
cmd = ['openssl', 'rsautl', '-encrypt',
|
# NOTE(ianw) 2023-03-29 : previously this used the deprecated
|
||||||
'-oaep', '-pubin', '-inkey',
|
# rsautl tool, which hardcoded sha1 as the oaep hash; so zuul
|
||||||
pubkey_path]
|
# assumes that on decryption. Be careful modifying it.
|
||||||
|
cmd = ['openssl', 'pkeyutl', '-encrypt', '-pubin',
|
||||||
|
'-inkey', pubkey_path,
|
||||||
|
'-pkeyopt', 'rsa_padding_mode:oaep',
|
||||||
|
'-pkeyopt', 'rsa_oaep_md:sha1']
|
||||||
|
|
||||||
if logger:
|
if logger:
|
||||||
logger.debug('Invoking "%s" with each data chunk:' % ' '.join(cmd))
|
logger.debug('Invoking "%s" with each data chunk:' % ' '.join(cmd))
|
||||||
for count in range(chunks):
|
for count in range(chunks):
|
||||||
|
Loading…
Reference in New Issue
Block a user