rpms/ipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity
c10s
ipa/0029-vault-handle-pyca-InternalError-exception-for-PKCS-1.patch
Florence Blanc-Renaud 255a8322a5 ipa-4.12.2-7 
- Resolves: RHEL-66599 vault-add fails in FIPS mode
- Resolves: RHEL-66598 ipa-migrate should also migrate DNS forward zones
- Resolves: RHEL-66597 ipa-migrate in stage mode fails with TypeError: 'NoneType' object is not iterable
- Resolves: RHEL-66595 Sentences truncated in man pages
- Resolves: RHEL-66592 IDP configuration in the IdM WebUI shows Organization is required
- Resolves: RHEL-65650 ipa-server-install with setup-dns fails 'job for ipa.service failed because the control process exited with error code'

Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
2024-11-12 09:00:18 +01:00

45 lines
1.7 KiB
Diff
Raw Permalink Blame History

From dad2f06ed6854abbd81b747c26de6c13dfea327b Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Wed, 30 Oct 2024 10:48:50 +0200
Subject: [PATCH] vault: handle pyca InternalError exception for PKCS#1 v1.5
padding
In FIPS mode one cannot use PKCS#1 v1.5 padding. OpenSSL did remove it
from the FIPS provider and will report an error that PyCA cannot
process, so it will raise its own InternalException.
Handle it the same way as ValueError.
Fixes: https://pagure.io/freeipa/issue/9689
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
---
ipaclient/plugins/vault.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ipaclient/plugins/vault.py b/ipaclient/plugins/vault.py
index 96edf09a2060e7b39e1e96c6fa65ae095ec18e73..75415c03a57242ae674636fa31a72db2fa56d6ea 100644
--- a/ipaclient/plugins/vault.py
+++ b/ipaclient/plugins/vault.py
@@ -37,6 +37,7 @@ from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.primitives.padding import PKCS7
from cryptography.hazmat.primitives.serialization import (
load_pem_public_key, load_pem_private_key)
+from cryptography.exceptions import InternalError as CryptographyInternalError
from ipaclient.frontend import MethodOverride
from ipalib import x509
@@ -717,7 +718,7 @@ class ModVaultData(Local):
algo.key,
padding.PKCS1v15()
)
- except ValueError:
+ except (ValueError, CryptographyInternalError):
wrapped_session_key = public_key.encrypt(
algo.key,
padding.OAEP(
--
2.47.0
Reference in New Issue View Git Blame Copy Permalink