Merge "encrypt: use pkeyutl"

This commit is contained in:
Zuul 2024-03-13 17:09:31 +00:00 committed by Gerrit Code Review
commit 73a1cc0268

View File

@ -79,9 +79,14 @@ def encrypt_with_openssl(pubkey_path, plaintext, logger=None):
'Input plaintext length: {} bytes'.format(len(plaintext))) 'Input plaintext length: {} bytes'.format(len(plaintext)))
logger.info('Number of chunks: {}'.format(chunks)) logger.info('Number of chunks: {}'.format(chunks))
cmd = ['openssl', 'rsautl', '-encrypt', # NOTE(ianw) 2023-03-29 : previously this used the deprecated
'-oaep', '-pubin', '-inkey', # rsautl tool, which hardcoded sha1 as the oaep hash; so zuul
pubkey_path] # assumes that on decryption. Be careful modifying it.
cmd = ['openssl', 'pkeyutl', '-encrypt', '-pubin',
'-inkey', pubkey_path,
'-pkeyopt', 'rsa_padding_mode:oaep',
'-pkeyopt', 'rsa_oaep_md:sha1']
if logger: if logger:
logger.debug('Invoking "%s" with each data chunk:' % ' '.join(cmd)) logger.debug('Invoking "%s" with each data chunk:' % ' '.join(cmd))
for count in range(chunks): for count in range(chunks):