[PATCH] wireless-regdb: Port RSA signing to cryptography lib

[Bastian Germann]

Port the RSA signing from the deprecated M2Crypto library to the
cryptography library.

M2Crypto is no longer actively maintained. The cryptography library is
the recommended replacement, offering better maintenance.

Remove unused hashlib import.

Signed-off-by: Bastian Germann <bage at debian.org>
---
 db2bin.py | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/db2bin.py b/db2bin.py
index 29ae313..a4fa3e5 100755
--- a/db2bin.py
+++ b/db2bin.py
@@ -2,7 +2,6 @@
 
 from io import BytesIO, open
 import struct
-import hashlib
 from dbparse import DBParser
 import sys
 
@@ -125,19 +124,27 @@ if len(sys.argv) > 3:
     # Load RSA only now so people can use this script
     # without having those libraries installed to verify
     # their SQL changes
-    from M2Crypto import RSA
+    from cryptography.hazmat.primitives import hashes, serialization
+    from cryptography.hazmat.primitives.asymmetric import padding
+
+    # load the private key
+    with open(sys.argv[3], 'rb') as key_file:
+        key = serialization.load_pem_private_key(key_file.read(), password=None)
 
     # determine signature length
-    key = RSA.load_key(sys.argv[3])
-    hash = hashlib.sha1()
-    hash.update(output.getvalue())
-    sig = key.sign(hash.digest())
+    sig = key.sign(
+        output.getvalue(),
+        padding.PKCS1v15(),
+        hashes.SHA1()
+    )
     # write it to file
     siglen.set(len(sig))
     # sign again
-    hash = hashlib.sha1()
-    hash.update(output.getvalue())
-    sig = key.sign(hash.digest())
+    sig = key.sign(
+        output.getvalue(),
+        padding.PKCS1v15(),
+        hashes.SHA1()
+    )
 
     output.write(sig)
 else: