diff options
Diffstat (limited to 'zuul/lib/encryption.py')
-rw-r--r-- | zuul/lib/encryption.py | 17 |
1 files changed, 3 insertions, 14 deletions
diff --git a/zuul/lib/encryption.py b/zuul/lib/encryption.py index 79e92e366..fd637b278 100644 --- a/zuul/lib/encryption.py +++ b/zuul/lib/encryption.py @@ -20,18 +20,6 @@ from cryptography.hazmat.primitives import hashes from functools import lru_cache -# OpenSSL 3.0.0 performs key validation in a very slow manner. Since -# our keys are internally generated and securely stored, we can skip -# validation. See https://github.com/pyca/cryptography/issues/7236 -backend = default_backend() -if hasattr(backend, '_rsa_skip_check_key'): - backend._rsa_skip_check_key = True -else: - import logging - logging.warning("Cryptography backend lacks _rsa_skip_check_key flag, " - "key loading may be slow") - - # https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#generation def generate_rsa_keypair(): """Generate an RSA keypair. @@ -42,7 +30,7 @@ def generate_rsa_keypair(): private_key = rsa.generate_private_key( public_exponent=65537, key_size=4096, - backend=backend, + backend=default_backend(), ) public_key = private_key.public_key() return (private_key, public_key) @@ -110,7 +98,8 @@ def deserialize_rsa_keypair(data, password=None): private_key = serialization.load_pem_private_key( data, password=password, - backend=backend, + backend=default_backend(), + unsafe_skip_rsa_key_validation=True, ) public_key = private_key.public_key() return (private_key, public_key) |