@ -465,39 +465,7 @@ class VaultAES:
""" Read plaintext data from in_file and write encrypted to out_file """
""" Read plaintext data from in_file and write encrypted to out_file """
# combine sha + data
raise AnsibleError ( " Encryption disabled for deprecated VaultAES class " )
this_sha = to_bytes ( sha256 ( data ) . hexdigest ( ) )
tmp_data = this_sha + b " \n " + data
in_file = BytesIO ( tmp_data )
in_file . seek ( 0 )
out_file = BytesIO ( )
bs = AES . block_size
# Get a block of random data. EL does not have Crypto.Random.new()
# so os.urandom is used for cross platform purposes
salt = os . urandom ( bs - len ( b ' Salted__ ' ) )
key , iv = self . aes_derive_key_and_iv ( password , salt , key_length , bs )
cipher = AES . new ( key , AES . MODE_CBC , iv )
full = to_bytes ( b ' Salted__ ' + salt )
out_file . write ( full )
finished = False
while not finished :
chunk = in_file . read ( 1024 * bs )
if len ( chunk ) == 0 or len ( chunk ) % bs != 0 :
padding_length = ( bs - len ( chunk ) % bs ) or bs
chunk + = to_bytes ( padding_length * chr ( padding_length ) , errors = ' strict ' , encoding = ' ascii ' )
finished = True
out_file . write ( cipher . encrypt ( chunk ) )
out_file . seek ( 0 )
enc_data = out_file . read ( )
tmp_data = hexlify ( enc_data )
return tmp_data
def decrypt ( self , data , password , key_length = 32 ) :
def decrypt ( self , data , password , key_length = 32 ) :