Upgrade pyOpenSSL and cryptography

taoky · taoky · commit 336370adccc0 · 2025-04-29T20:32:42.000+08:00
diff --git a/requirements-manual.txt b/requirements-manual.txt
@@ -3,6 +3,7 @@
 Django==4.2.20
 asgiref==3.7.2
 django-allauth==65.0.2
+cryptography==44.0.1
 gevent==24.11.1
 Markdown==3.7
 psycopg==3.2.3
@@ -11,7 +12,7 @@ psycopg-pool==3.2.3
 pycryptodome==3.21.0
 pygments==2.18.0
 pymemcache==4.0.0
-pyOpenSSL==24.2.1
+pyOpenSSL==24.3.0
 PyYAML==6.0.2
 requests==2.32.3
 uWSGI==2.0.28
diff --git a/requirements.txt b/requirements.txt
@@ -2,7 +2,7 @@ asgiref==3.7.2
 certifi==2025.4.26
 cffi==1.17.1
 charset-normalizer==3.4.1
-cryptography==43.0.3
+cryptography==44.0.1
 Django==4.2.20
 django-allauth==65.0.2
 gevent==24.11.1
@@ -17,7 +17,7 @@ pycryptodome==3.21.0
 Pygments==2.18.0
 PyJWT==2.9.0
 pymemcache==4.0.0
-pyOpenSSL==24.2.1
+pyOpenSSL==24.3.0
 PyYAML==6.0.2
 requests==2.32.3
 setuptools==80.0.0
diff --git a/server/user/interface.py b/server/user/interface.py
@@ -1,5 +1,6 @@
 import base64
-import OpenSSL
+from cryptography.hazmat.primitives import serialization, hashes
+from cryptography.hazmat.primitives.asymmetric import padding
 from hashlib import sha256
 from uuid import uuid4
 
@@ -116,8 +117,10 @@ class User:
         'aff': RegexValidator(r'^.{1,100}$', '了解比赛的渠道格式错误'),
         'suspicious_reason': None,
     }
-    _private_key = OpenSSL.crypto.load_privatekey(
-        OpenSSL.crypto.FILETYPE_PEM, settings.PRIVATE_KEY)
+    _private_key = serialization.load_pem_private_key(
+        settings.PRIVATE_KEY.encode(),
+        password=None,
+    )
 
     def __init__(self, context, obj: models.User):
         self._context = context
@@ -154,8 +157,11 @@ def create(cls, context, group, user=None, **kwargs):
             user = get_user_model().objects.create_user(str(uuid4()))
         self = cls(context, models.User(user=user.pk))
         pk = str(user.pk)
-        sig = base64.b64encode(OpenSSL.crypto.sign(
-            self._private_key, pk.encode(), 'sha256')).decode()
+        sig = base64.b64encode(self._private_key.sign(
+            pk.encode(),
+            padding.PKCS1v15(),
+            hashes.SHA256()
+        )).decode()
         self._obj.token = pk + ':' + sig
         try:
             server.trigger.interface.Trigger.test_can_update_profile(context)
