Check whether _backend exists before calling internal function.

ansible-collections · Jan 26, 2024 · 384cafc · 384cafc
1 parent 8a8faa8
commit 384cafc
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/changelogs/fragments/700-private_key_info-cryptography.yml b/changelogs/fragments/700-private_key_info-cryptography.yml
@@ -0,0 +1,3 @@
+bugfixes:
+  - "openssl_privatekey_info - was using an internal function for determining whether a private key is consistent, that got removed in cryptography 42.0.0.
+     The code now checks whether that function exists before calling it (https://github.com/ansible-collections/community.crypto/pull/700)."
diff --git a/plugins/module_utils/crypto/module_backends/privatekey_info.py b/plugins/module_utils/crypto/module_backends/privatekey_info.py
@@ -119,7 +119,11 @@ def _check_dsa_consistency(key_public_data, key_private_data):
 
 def _is_cryptography_key_consistent(key, key_public_data, key_private_data):
     if isinstance(key, cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey):
-        return bool(key._backend._lib.RSA_check_key(key._rsa_cdata))
+        # key._backend was removed in cryptography 42.0.0
+        backend = getattr(key, '_backend', None)
+        if backend is None:
+            return None
+        return bool(backend._lib.RSA_check_key(key._rsa_cdata))
     if isinstance(key, cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey):
         result = _check_dsa_consistency(key_public_data, key_private_data)
         if result is not None: