openssl_publickey: fix handling of OpenSSH private keys with passphrase (#54192)

* Cleanup.
* Make sure that OpenSSH passphrases are handled correctly.
* Add changelog.
This commit is contained in:
Felix Fontein 2019-03-22 11:45:55 +01:00 committed by Abhijeet Kasurde
parent 3c20a9b12b
commit 1a94cf140c
2 changed files with 9 additions and 6 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- "openssl_publickey - fixed crash on Python 3 when OpenSSH private keys were used with passphrases."

View file

@ -131,7 +131,6 @@ fingerprint:
sha512: "fd:ed:5e:39:48:5f:9f:fe:7f:25:06:3f:79:08:cd:ee:a5:e7:b3:3d:13:82:87:1f:84:e1:f5:c7:28:77:53:94:86:56:38:69:f0:d9:35:22:01:1e:a6:60:...:0f:9b" sha512: "fd:ed:5e:39:48:5f:9f:fe:7f:25:06:3f:79:08:cd:ee:a5:e7:b3:3d:13:82:87:1f:84:e1:f5:c7:28:77:53:94:86:56:38:69:f0:d9:35:22:01:1e:a6:60:...:0f:9b"
''' '''
import hashlib
import os import os
import traceback import traceback
@ -147,7 +146,7 @@ else:
pyopenssl_found = True pyopenssl_found = True
from ansible.module_utils import crypto as crypto_utils from ansible.module_utils import crypto as crypto_utils
from ansible.module_utils._text import to_native from ansible.module_utils._text import to_native, to_bytes
from ansible.module_utils.basic import AnsibleModule, missing_required_lib from ansible.module_utils.basic import AnsibleModule, missing_required_lib
@ -183,9 +182,11 @@ class PublicKey(crypto_utils.OpenSSLObject):
if self.format == 'OpenSSH': if self.format == 'OpenSSH':
with open(self.privatekey_path, 'rb') as private_key_fh: with open(self.privatekey_path, 'rb') as private_key_fh:
privatekey_content = private_key_fh.read() privatekey_content = private_key_fh.read()
key = crypto_serialization.load_pem_private_key(privatekey_content, key = crypto_serialization.load_pem_private_key(
password=self.privatekey_passphrase, privatekey_content,
backend=default_backend()) password=None if self.privatekey_passphrase is None else to_bytes(self.privatekey_passphrase),
backend=default_backend()
)
publickey_content = key.public_key().public_bytes( publickey_content = key.public_key().public_bytes(
crypto_serialization.Encoding.OpenSSH, crypto_serialization.Encoding.OpenSSH,
crypto_serialization.PublicFormat.OpenSSH crypto_serialization.PublicFormat.OpenSSH