Merge remote-tracking branch 'origin/master' into 3962.pre-determined-rsa-keys

2025-02-20 17:52:50 +00:00 · 2023-01-06 17:30:01 -05:00 · 2023-01-06 17:30:01 -05:00 · 01b14fe05c
commit 01b14fe05c
parent 2dc6466ef5 3c3697d39a
4 changed files with 26 additions and 5 deletions
--- a/newsfragments/3914.minor
+++ b/newsfragments/3914.minor
--- a/newsfragments/3953.minor
+++ b/newsfragments/3953.minor
--- a/src/allmydata/crypto/rsa.py
+++ b/src/allmydata/crypto/rsa.py
@ -15,6 +15,8 @@ from __future__ import annotations

 from typing_extensions import TypeAlias

+from functools import partial
+
 from cryptography.exceptions import InvalidSignature
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import hashes
@ -68,20 +70,39 @@ def create_signing_keypair_from_string(private_key_der: bytes) -> tuple[PrivateK

    :returns: 2-tuple of (private_key, public_key)
    """
-    priv_key = load_der_private_key(
+    load = partial(
+        load_der_private_key,
        private_key_der,
        password=None,
        backend=default_backend(),
    )
-    if not isinstance(priv_key, rsa.RSAPrivateKey):
+
+    try:
+        # Load it once without the potentially expensive OpenSSL validation
+        # checks.  These have superlinear complexity.  We *will* run them just
+        # below - but first we'll apply our own constant-time checks.
+        unsafe_priv_key = load(unsafe_skip_rsa_key_validation=True)
+    except TypeError:
+        # cryptography<39 does not support this parameter, so just load the
+        # key with validation...
+        unsafe_priv_key = load()
+        # But avoid *reloading* it since that will run the expensive
+        # validation *again*.
+        load = lambda: unsafe_priv_key
+
+    if not isinstance(unsafe_priv_key, rsa.RSAPrivateKey):
        raise ValueError(
            "Private Key did not decode to an RSA key"
        )
-    if priv_key.key_size != 2048:
+    if unsafe_priv_key.key_size != 2048:
        raise ValueError(
            "Private Key must be 2048 bits"
        )
-    return priv_key, priv_key.public_key()
+
+    # Now re-load it with OpenSSL's validation applied.
+    safe_priv_key = load()
+
+    return safe_priv_key, safe_priv_key.public_key()


 def der_string_from_signing_key(private_key: PrivateKey) -> bytes:
--- a/tox.ini
+++ b/tox.ini
@ -7,7 +7,7 @@
 # the tox-gh-actions package.
 [gh-actions]
 python =
-    3.7: py37-coverage,typechecks,codechecks
+    3.7: py37-coverage
    3.8: py38-coverage
    3.9: py39-coverage
    3.10: py310-coverage