archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

openssl_publickey: fix handling of OpenSSH private keys with passphrase (#54192)

Browse Source 
* Cleanup.
* Make sure that OpenSSH passphrases are handled correctly.
* Add changelog.
pull/54229/head
Felix Fontein 6 years ago committed by Abhijeet Kasurde
parent 3c20a9b12b
commit 1a94cf140c
2 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File

2
changelogs/fragments/54192-openssl_publickey-openssh-passphrase.yml
Unescape Escape View File

@ -0,0 +1,2 @@
bugfixes:
- "openssl_publickey - fixed crash on Python 3 when OpenSSH private keys were used with passphrases."

13
lib/ansible/modules/crypto/openssl_publickey.py
Unescape Escape View File

@ -18,7 +18,7 @@ version_added: "2.3"
short_description: Generate an OpenSSL public key from its private key. short_description: Generate an OpenSSL public key from its private key.
description: description:
- This module allows one to (re)generate OpenSSL public keys from their private keys. - This module allows one to (re)generate OpenSSL public keys from their private keys.
- It uses the pyOpenSSL python library to interact with openssl. - It uses the pyOpenSSL python library to interact with openssl.
- Keys are generated in PEM format. - Keys are generated in PEM format.
- This module works only if the version of PyOpenSSL is recent enough (> 16.0.0). - This module works only if the version of PyOpenSSL is recent enough (> 16.0.0).
requirements: requirements:
@ -131,7 +131,6 @@ fingerprint:
sha512: "fd:ed:5e:39:48:5f:9f:fe:7f:25:06:3f:79:08:cd:ee:a5:e7:b3:3d:13:82:87:1f:84:e1:f5:c7:28:77:53:94:86:56:38:69:f0:d9:35:22:01:1e:a6:60:...:0f:9b" sha512: "fd:ed:5e:39:48:5f:9f:fe:7f:25:06:3f:79:08:cd:ee:a5:e7:b3:3d:13:82:87:1f:84:e1:f5:c7:28:77:53:94:86:56:38:69:f0:d9:35:22:01:1e:a6:60:...:0f:9b"
''' '''
import hashlib
import os import os
import traceback import traceback
@ -147,7 +146,7 @@ else:
pyopenssl_found = True pyopenssl_found = True
from ansible.module_utils import crypto as crypto_utils from ansible.module_utils import crypto as crypto_utils
from ansible.module_utils._text import to_native from ansible.module_utils._text import to_native, to_bytes
from ansible.module_utils.basic import AnsibleModule, missing_required_lib from ansible.module_utils.basic import AnsibleModule, missing_required_lib
@ -183,9 +182,11 @@ class PublicKey(crypto_utils.OpenSSLObject):
if self.format == 'OpenSSH': if self.format == 'OpenSSH':
with open(self.privatekey_path, 'rb') as private_key_fh: with open(self.privatekey_path, 'rb') as private_key_fh:
privatekey_content = private_key_fh.read() privatekey_content = private_key_fh.read()
key = crypto_serialization.load_pem_private_key(privatekey_content, key = crypto_serialization.load_pem_private_key(
password=self.privatekey_passphrase, privatekey_content,
backend=default_backend()) password=None if self.privatekey_passphrase is None else to_bytes(self.privatekey_passphrase),
backend=default_backend()
)
publickey_content = key.public_key().public_bytes( publickey_content = key.public_key().public_bytes(
crypto_serialization.Encoding.OpenSSH, crypto_serialization.Encoding.OpenSSH,
crypto_serialization.PublicFormat.OpenSSH crypto_serialization.PublicFormat.OpenSSH

Write Preview
Loading…
Cancel
Save