01-nopycrypto.patch revision 2521
2521N/AIn-house removal of PyCrypto dependency in Glance. This patch is
2521N/ASolaris-specific and not suitable for upstream.
2521N/A
2521N/AConvert urlsafe_encrypt() and urlsafe_decrypt() to use M2Crypto instead
2521N/Aof PyCrypto.
2521N/A
2521N/A--- glance-2013.1.4/glance.egg-info/requires.txt.orig Thu Jan 16 22:08:47 2014
2521N/A+++ glance-2013.1.4/glance.egg-info/requires.txt Thu Jan 16 22:23:01 2014
2521N/A@@ -11,7 +11,7 @@
2521N/A sqlalchemy-migrate>=0.7
2521N/A httplib2
2521N/A kombu
2521N/A-pycrypto>=2.1.0alpha1
2521N/A+M2Crypto>=0.21.1
2521N/A iso8601>=0.1.4
2521N/A oslo.config>=1.1.0
2521N/A python-swiftclient>=1.2,<2
2521N/A--- glance-2013.1.4/glance/common/crypt.py.orig Thu Oct 17 11:22:18 2013
2521N/A+++ glance-2013.1.4/glance/common/crypt.py Thu Jan 16 22:42:41 2014
2521N/A@@ -4,6 +4,8 @@
2521N/A # Copyright 2011 OpenStack LLC.
2521N/A # All Rights Reserved.
2521N/A #
2521N/A+# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
2521N/A+#
2521N/A # Licensed under the Apache License, Version 2.0 (the "License"); you may
2521N/A # not use this file except in compliance with the License. You may obtain
2521N/A # a copy of the License at
2521N/A@@ -21,12 +23,27 @@
2521N/A """
2521N/A
2521N/A import base64
2521N/A+import os
2521N/A
2521N/A-from Crypto.Cipher import AES
2521N/A-from Crypto import Random
2521N/A-from Crypto.Random import random
2521N/A+from M2Crypto.EVP import Cipher
2521N/A
2521N/A+from glance.common import exception
2521N/A
2521N/A+
2521N/A+def _key_to_alg(key):
2521N/A+ """Return a M2Crypto-compatible AES-CBC algorithm name given a key."""
2521N/A+ aes_algs = {
2521N/A+ 128: 'aes_128_cbc',
2521N/A+ 192: 'aes_192_cbc',
2521N/A+ 256: 'aes_256_cbc'
2521N/A+ }
2521N/A+
2521N/A+ keylen = 8 * len(key)
2521N/A+ if keylen not in aes_algs:
2521N/A+ msg = ('Invalid AES key length, %d bits') % keylen
2521N/A+ raise exception.Invalid(msg)
2521N/A+ return aes_algs[keylen]
2521N/A+
2521N/A def urlsafe_encrypt(key, plaintext, blocksize=16):
2521N/A """
2521N/A Encrypts plaintext. Resulting ciphertext will contain URL-safe characters
2521N/A@@ -36,20 +53,12 @@
2521N/A
2521N/A :returns : Resulting ciphertext
2521N/A """
2521N/A- def pad(text):
2521N/A- """
2521N/A- Pads text to be encrypted
2521N/A- """
2521N/A- pad_length = (blocksize - len(text) % blocksize)
2521N/A- sr = random.StrongRandom()
2521N/A- pad = ''.join(chr(sr.randint(1, 0xFF)) for i in range(pad_length - 1))
2521N/A- # We use chr(0) as a delimiter between text and padding
2521N/A- return text + chr(0) + pad
2521N/A
2521N/A # random initial 16 bytes for CBC
2521N/A- init_vector = Random.get_random_bytes(16)
2521N/A- cypher = AES.new(key, AES.MODE_CBC, init_vector)
2521N/A- padded = cypher.encrypt(pad(str(plaintext)))
2521N/A+ init_vector = os.urandom(16)
2521N/A+ cipher = Cipher(alg=_key_to_alg(key), key=key, iv=init_vector, op=1)
2521N/A+ padded = cipher.update(str(plaintext))
2521N/A+ padded = padded + cipher.final()
2521N/A return base64.urlsafe_b64encode(init_vector + padded)
2521N/A
2521N/A
2521N/A@@ -63,6 +72,7 @@
2521N/A """
2521N/A # Cast from unicode
2521N/A ciphertext = base64.urlsafe_b64decode(str(ciphertext))
2521N/A- cypher = AES.new(key, AES.MODE_CBC, ciphertext[:16])
2521N/A- padded = cypher.decrypt(ciphertext[16:])
2521N/A- return padded[:padded.rfind(chr(0))]
2521N/A+ cipher = Cipher(alg=_key_to_alg(key), key=key, iv=ciphertext[:16], op=0)
2521N/A+ padded = cipher.update(ciphertext[16:])
2521N/A+ padded = padded + cipher.final()
2521N/A+ return padded
2521N/A--- glance-2013.1.4/tools/pip-requires.orig Thu Oct 17 11:22:19 2013
2521N/A+++ glance-2013.1.4/tools/pip-requires Thu Jan 16 22:22:56 2014
2521N/A@@ -15,7 +15,7 @@
2521N/A sqlalchemy-migrate>=0.7
2521N/A httplib2
2521N/A kombu
2521N/A-pycrypto>=2.1.0alpha1
2521N/A+M2Crypto>=0.21.1
2521N/A iso8601>=0.1.4
2521N/A oslo.config>=1.1.0
2521N/A