Browse Source

encrypt_secret: support OpenSSL 1.1.1

With OpenSSL, the format of 'openssl rsa -text' has changed a bit, now
the Public-Key is prefixed by RSA.

$ openssl rsa -text -pubin -in foo | head -n1
writing RSA key
RSA Public-Key: (4096 bit)

The change was introduce by this commit:
https://github.com/openssl/openssl/commit/9503ed8#diff-dbf726cfa20d03251a1eb72683972640R316

This patch ensures the bit length is still detected properly.

Change-Id: I1b956b207ac97a1ac700363605414834a81ad16a
changes/14/611414/3
Gonéri Le Bouder 3 years ago
parent
commit
4df1d87519
No known key found for this signature in database GPG Key ID: 49ED9B94765572E
1 changed files with 4 additions and 3 deletions
  1. +4
    -3
      tools/encrypt_secret.py

+ 4
- 3
tools/encrypt_secret.py View File

@ -118,10 +118,11 @@ def main():
openssl_version = subprocess.check_output(
['openssl', 'version']).split()[1]
if openssl_version.startswith(b'0.'):
m = re.match(r'^Modulus \((\d+) bit\):$', output, re.MULTILINE)
key_length_re = r'^Modulus \((?P<key_length>\d+) bit\):$'
else:
m = re.match(r'^Public-Key: \((\d+) bit\)$', output, re.MULTILINE)
nbits = int(m.group(1))
key_length_re = r'^(|RSA )Public-Key: \((?P<key_length>\d+) bit\)$'
m = re.match(key_length_re, output, re.MULTILINE)
nbits = int(m.group('key_length'))
nbytes = int(nbits / 8)
max_bytes = nbytes - 42 # PKCS1-OAEP overhead
chunks = int(math.ceil(float(len(plaintext)) / max_bytes))


Loading…
Cancel
Save