Last active
May 23, 2019 16:21
-
-
Save vkobel/52d795920aacd74afb4db15a89c39b8b to your computer and use it in GitHub Desktop.
paramiko crypto remove warnings patch for master(cf7d49d66f3b1fbc8b0853518a54050182b3b5eb)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/ecdsakey.py b/ecdsakey.py | |
| index b73a969e..353c5f9e 100644 | |
| --- a/ecdsakey.py | |
| +++ b/ecdsakey.py | |
| @@ -160,12 +160,12 @@ class ECDSAKey(PKey): | |
| pointinfo = msg.get_binary() | |
| try: | |
| - numbers = ec.EllipticCurvePublicNumbers.from_encoded_point( | |
| + key = ec.EllipticCurvePublicKey.from_encoded_point( | |
| self.ecdsa_curve.curve_class(), pointinfo | |
| ) | |
| + self.verifying_key = key | |
| except ValueError: | |
| raise SSHException("Invalid public key") | |
| - self.verifying_key = numbers.public_key(backend=default_backend()) | |
| @classmethod | |
| def supported_key_format_identifiers(cls): | |
| diff --git a/kex_ecdh_nist.py b/kex_ecdh_nist.py | |
| index 1d87442a..ad5c9c79 100644 | |
| --- a/kex_ecdh_nist.py | |
| +++ b/kex_ecdh_nist.py | |
| @@ -9,6 +9,7 @@ from paramiko.py3compat import byte_chr, long | |
| from paramiko.ssh_exception import SSHException | |
| from cryptography.hazmat.backends import default_backend | |
| from cryptography.hazmat.primitives.asymmetric import ec | |
| +from cryptography.hazmat.primitives import serialization | |
| from binascii import hexlify | |
| _MSG_KEXECDH_INIT, _MSG_KEXECDH_REPLY = range(30, 32) | |
| @@ -36,7 +37,12 @@ class KexNistp256: | |
| m = Message() | |
| m.add_byte(c_MSG_KEXECDH_INIT) | |
| # SEC1: V2.0 2.3.3 Elliptic-Curve-Point-to-Octet-String Conversion | |
| - m.add_string(self.Q_C.public_numbers().encode_point()) | |
| + m.add_string( | |
| + self.Q_C.public_bytes( | |
| + serialization.Encoding.X962, | |
| + serialization.PublicFormat.UncompressedPoint, | |
| + ) | |
| + ) | |
| self.transport._send_message(m) | |
| self.transport._expect_packet(_MSG_KEXECDH_REPLY) | |
| @@ -58,11 +64,11 @@ class KexNistp256: | |
| def _parse_kexecdh_init(self, m): | |
| Q_C_bytes = m.get_string() | |
| - self.Q_C = ec.EllipticCurvePublicNumbers.from_encoded_point( | |
| + self.Q_C = ec.EllipticCurvePublicKey.from_encoded_point( | |
| self.curve, Q_C_bytes | |
| ) | |
| K_S = self.transport.get_server_key().asbytes() | |
| - K = self.P.exchange(ec.ECDH(), self.Q_C.public_key(default_backend())) | |
| + K = self.P.exchange(ec.ECDH(), self.Q_C) | |
| K = long(hexlify(K), 16) | |
| # compute exchange hash | |
| hm = Message() | |
| @@ -75,7 +81,12 @@ class KexNistp256: | |
| hm.add_string(K_S) | |
| hm.add_string(Q_C_bytes) | |
| # SEC1: V2.0 2.3.3 Elliptic-Curve-Point-to-Octet-String Conversion | |
| - hm.add_string(self.Q_S.public_numbers().encode_point()) | |
| + hm.add_string( | |
| + self.Q_S.public_bytes( | |
| + serialization.Encoding.X962, | |
| + serialization.PublicFormat.UncompressedPoint, | |
| + ) | |
| + ) | |
| hm.add_mpint(long(K)) | |
| H = self.hash_algo(hm.asbytes()).digest() | |
| self.transport._set_K_H(K, H) | |
| @@ -84,7 +95,12 @@ class KexNistp256: | |
| m = Message() | |
| m.add_byte(c_MSG_KEXECDH_REPLY) | |
| m.add_string(K_S) | |
| - m.add_string(self.Q_S.public_numbers().encode_point()) | |
| + m.add_string( | |
| + self.Q_S.public_bytes( | |
| + serialization.Encoding.X962, | |
| + serialization.PublicFormat.UncompressedPoint, | |
| + ) | |
| + ) | |
| m.add_string(sig) | |
| self.transport._send_message(m) | |
| self.transport._activate_outbound() | |
| @@ -92,11 +108,11 @@ class KexNistp256: | |
| def _parse_kexecdh_reply(self, m): | |
| K_S = m.get_string() | |
| Q_S_bytes = m.get_string() | |
| - self.Q_S = ec.EllipticCurvePublicNumbers.from_encoded_point( | |
| + self.Q_S = ec.EllipticCurvePublicKey.from_encoded_point( | |
| self.curve, Q_S_bytes | |
| ) | |
| sig = m.get_binary() | |
| - K = self.P.exchange(ec.ECDH(), self.Q_S.public_key(default_backend())) | |
| + K = self.P.exchange(ec.ECDH(), self.Q_S) | |
| K = long(hexlify(K), 16) | |
| # compute exchange hash and verify signature | |
| hm = Message() | |
| @@ -108,7 +124,12 @@ class KexNistp256: | |
| ) | |
| hm.add_string(K_S) | |
| # SEC1: V2.0 2.3.3 Elliptic-Curve-Point-to-Octet-String Conversion | |
| - hm.add_string(self.Q_C.public_numbers().encode_point()) | |
| + hm.add_string( | |
| + self.Q_C.public_bytes( | |
| + serialization.Encoding.X962, | |
| + serialization.PublicFormat.UncompressedPoint, | |
| + ) | |
| + ) | |
| hm.add_string(Q_S_bytes) | |
| hm.add_mpint(K) | |
| self.transport._set_K_H(K, self.hash_algo(hm.asbytes()).digest()) |
Author
This seems to assume that paramiko's install dir is a git repository for some reason? (It's not for me)
I think that might be why I'm getting error: corrupt patch at line 115
This seems to assume that paramiko's install dir is a git repository for some reason? (It's not for me)
I think that might be why I'm gettingerror: corrupt patch at line 115
I'm running Debian Buster with Paramiko from the Debian repo and this worked for me:
cd /usr/lib/python3/dist-packages/paramiko
patch -p1 </tmp/patchfile.diff
@mnilsson76 , thank you, that did it.
I created a python script that will download/apply this patch: https://gist.github.com/cowlinator/1bc874dc1afb48fac86b69f4e6f8efc8
This script works on Windows (tested)
I believe this script will work on any OS (untested)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To apply this patch to a pre-existing package in your OS, given the patchfile is in
/tmp/patchfile.diff, and the current folder is paramiko's install dir (mine is/usr/lib/python3.7/site-packages/paramiko):git apply /tmp/patchfile(you might want to sudo depending on the cases)This patches 2 files: