diff options
| author | Jeff Forcier <jeff@bitprophet.org> | 2024-08-11 14:50:45 -0400 |
|---|---|---|
| committer | Jeff Forcier <jeff@bitprophet.org> | 2024-08-11 14:50:45 -0400 |
| commit | b8151e2d95e8eba7d746e76431fa13f913a149e9 (patch) | |
| tree | 78bd430d0713c6c45b0eb6a9a123da4dc9b86558 | |
| parent | 26f8d113b362295003a158395d38b0e90b7b7c42 (diff) | |
| parent | 02242c5620a7b910c255e458f7b4c0708f15b31e (diff) | |
Merge branch '3.4'
| -rw-r--r-- | paramiko/pkey.py | 16 | ||||
| -rw-r--r-- | paramiko/transport.py | 16 | ||||
| -rw-r--r-- | sites/www/changelog.rst | 4 |
3 files changed, 34 insertions, 2 deletions
diff --git a/paramiko/pkey.py b/paramiko/pkey.py index ef371002..f0b2d6d4 100644 --- a/paramiko/pkey.py +++ b/paramiko/pkey.py @@ -43,6 +43,20 @@ from paramiko.ssh_exception import SSHException, PasswordRequiredException from paramiko.message import Message +# TripleDES is moving from `cryptography.hazmat.primitives.ciphers.algorithms` +# in cryptography>=43.0.0 to `cryptography.hazmat.decrepit.ciphers.algorithms` +# It will be removed from `cryptography.hazmat.primitives.ciphers.algorithms` +# in cryptography==48.0.0. +# +# Source References: +# - https://github.com/pyca/cryptography/commit/722a6393e61b3ac +# - https://github.com/pyca/cryptography/pull/11407/files +try: + from cryptography.hazmat.decrepit.ciphers.algorithms import TripleDES +except ImportError: + from cryptography.hazmat.primitives.ciphers.algorithms import TripleDES + + OPENSSH_AUTH_MAGIC = b"openssh-key-v1\x00" @@ -97,7 +111,7 @@ class PKey: "mode": modes.CBC, }, "DES-EDE3-CBC": { - "cipher": algorithms.TripleDES, + "cipher": TripleDES, "keysize": 24, "blocksize": 8, "mode": modes.CBC, diff --git a/paramiko/transport.py b/paramiko/transport.py index 83019170..ecd8c7bc 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -121,6 +121,20 @@ from paramiko.util import ( ) +# TripleDES is moving from `cryptography.hazmat.primitives.ciphers.algorithms` +# in cryptography>=43.0.0 to `cryptography.hazmat.decrepit.ciphers.algorithms` +# It will be removed from `cryptography.hazmat.primitives.ciphers.algorithms` +# in cryptography==48.0.0. +# +# Source References: +# - https://github.com/pyca/cryptography/commit/722a6393e61b3ac +# - https://github.com/pyca/cryptography/pull/11407/files +try: + from cryptography.hazmat.decrepit.ciphers.algorithms import TripleDES +except ImportError: + from cryptography.hazmat.primitives.ciphers.algorithms import TripleDES + + # for thread cleanup _active_threads = [] @@ -256,7 +270,7 @@ class Transport(threading.Thread, ClosingContextManager): "key-size": 32, }, "3des-cbc": { - "class": algorithms.TripleDES, + "class": TripleDES, "mode": modes.CBC, "block-size": 8, "key-size": 24, diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index d84df4f3..d908558c 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +- :bug:`2419` (fixed in :issue:`2421`) Massage our import of the TripleDES + cipher to support Cryptography >=43; this should prevent + ``CryptographyDeprecationWarning`` from appearing upon import. Thanks to + Erick Alejo for the report and Bryan Banda for the patch. - :bug:`2420` Modify a test-harness skiptest check to work with newer versions of Cryptography. Props to Paul Howarth for the patch. - :bug:`2353` Fix a 64-bit-ism in the test suite so the tests don't encounter a |