Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: rhel-10.0
Component/s: awscli2
Labels:
None

Regression:
No
Severity:
None
Epic Link:
CLOUDX-1091
Commit Hashes:
456bf3f4429628df0ed48a69f05e977d3dcf422c

Pool Team:

rhel-sst-cloudexperience

Story Points:
8
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Products:

Red Hat Enterprise Linux
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Build fails with:

=================================== FAILURES ===================================
_____________ TestSha256RSADigestValidator.test_validates_digests ______________
self = <tests.unit.customizations.cloudtrail.test_validation.TestSha256RSADigestValidator testMethod=test_validates_digests>
    def test_validates_digests(self):
>       private_key = rsa.generate_private_key(65537, 512, default_backend())
tests/unit/customizations/cloudtrail/test_validation.py:365: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
/usr/lib64/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py:142: in generate_private_key
    _verify_rsa_parameters(public_exponent, key_size)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
public_exponent = 65537, key_size = 512
    def _verify_rsa_parameters(public_exponent: int, key_size: int) -> None:
        if public_exponent not in (3, 65537):
            raise ValueError(
                "public_exponent must be either 3 (for legacy compatibility) or "
                "65537. Almost everyone should choose 65537 here!"
            )
    
        if key_size < 1024:
>           raise ValueError("key_size must be at least 1024-bits.")
E           ValueError: key_size must be at least 1024-bits.
/usr/lib64/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py:154: ValueError

Upstream commit: https://github.com/aws/aws-cli/commit/456bf3f4429628df0ed48a69f05e977d3dcf422c

From 456bf3f4429628df0ed48a69f05e977d3dcf422c Mon Sep 17 00:00:00 2001
From: Kenneth Daily <kdaily@amazon.com>
Date: Fri, 6 Sep 2024 12:11:47 -0700
Subject: [PATCH] Update RSA private key size to 2048 in test.

This is required to unblock updating our
`cryptography` pin:

https://github.com/aws/aws-cli/pull/8895

This test was ported 5 years ago as is using a key
size of 512:

https://github.com/aws/aws-cli/pull/4846

As of `cryptography==43.0.0` the minimum key size
allowed is 512:

https://github.com/pyca/cryptography/commit/83dcbc190165ad5c1f86bddaee76e0b288803c43

This change bumps it up to a more reasonable value
of 2048. This has only a couple hundredths of a
second time difference to generate as tested on my
Mac.

relates to

CS-2604 Oct 2024 FTBFS Tracker

In Progress

Assignee:: Felix Kolwa

Reporter:: Florian Weimer

Developer:: Felix Kolwa

QA Contact:: Nicolas Munoz

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024/10/25 12:12 PM

Updated:: 2024/11/04 8:18 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates