--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openstack/glance/patches/01-nopycrypto.patch	Mon Mar 31 16:44:02 2014 -0700
@@ -0,0 +1,106 @@
+In-house removal of PyCrypto dependency in Glance.  This patch is
+Solaris-specific and not suitable for upstream.
+
+Convert urlsafe_encrypt() and urlsafe_decrypt() to use M2Crypto instead
+of PyCrypto.
+
+--- glance-2013.1.4/glance.egg-info/requires.txt.orig	Thu Jan 16 22:08:47 2014
++++ glance-2013.1.4/glance.egg-info/requires.txt	Thu Jan 16 22:23:01 2014
+@@ -11,7 +11,7 @@
+ sqlalchemy-migrate>=0.7
+ httplib2
+ kombu
+-pycrypto>=2.1.0alpha1
++M2Crypto>=0.21.1
+ iso8601>=0.1.4
+ oslo.config>=1.1.0
+ python-swiftclient>=1.2,<2
+--- glance-2013.1.4/glance/common/crypt.py.orig	Thu Oct 17 11:22:18 2013
++++ glance-2013.1.4/glance/common/crypt.py	Thu Jan 16 22:42:41 2014
+@@ -4,6 +4,8 @@
+ # Copyright 2011 OpenStack LLC.
+ # All Rights Reserved.
+ #
++# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
++#
+ #    Licensed under the Apache License, Version 2.0 (the "License"); you may
+ #    not use this file except in compliance with the License. You may obtain
+ #    a copy of the License at
+@@ -21,12 +23,27 @@
+ """
+ 
+ import base64
++import os
+ 
+-from Crypto.Cipher import AES
+-from Crypto import Random
+-from Crypto.Random import random
++from M2Crypto.EVP import Cipher
+ 
++from glance.common import exception
+ 
++
++def _key_to_alg(key):
++    """Return a M2Crypto-compatible AES-CBC algorithm name given a key."""
++    aes_algs = {
++        128: 'aes_128_cbc',
++        192: 'aes_192_cbc',
++        256: 'aes_256_cbc'
++    }
++
++    keylen = 8 * len(key)
++    if keylen not in aes_algs:
++        msg = ('Invalid AES key length, %d bits') % keylen
++        raise exception.Invalid(msg)
++    return aes_algs[keylen]
++
+ def urlsafe_encrypt(key, plaintext, blocksize=16):
+     """
+     Encrypts plaintext. Resulting ciphertext will contain URL-safe characters
+@@ -36,20 +53,12 @@
+ 
+     :returns : Resulting ciphertext
+     """
+-    def pad(text):
+-        """
+-        Pads text to be encrypted
+-        """
+-        pad_length = (blocksize - len(text) % blocksize)
+-        sr = random.StrongRandom()
+-        pad = ''.join(chr(sr.randint(1, 0xFF)) for i in range(pad_length - 1))
+-        # We use chr(0) as a delimiter between text and padding
+-        return text + chr(0) + pad
+ 
+     # random initial 16 bytes for CBC
+-    init_vector = Random.get_random_bytes(16)
+-    cypher = AES.new(key, AES.MODE_CBC, init_vector)
+-    padded = cypher.encrypt(pad(str(plaintext)))
++    init_vector = os.urandom(16)
++    cipher = Cipher(alg=_key_to_alg(key), key=key, iv=init_vector, op=1)
++    padded = cipher.update(str(plaintext))
++    padded = padded + cipher.final()
+     return base64.urlsafe_b64encode(init_vector + padded)
+ 
+ 
+@@ -63,6 +72,7 @@
+     """
+     # Cast from unicode
+     ciphertext = base64.urlsafe_b64decode(str(ciphertext))
+-    cypher = AES.new(key, AES.MODE_CBC, ciphertext[:16])
+-    padded = cypher.decrypt(ciphertext[16:])
+-    return padded[:padded.rfind(chr(0))]
++    cipher = Cipher(alg=_key_to_alg(key), key=key, iv=ciphertext[:16], op=0)
++    padded = cipher.update(ciphertext[16:])
++    padded = padded + cipher.final()
++    return padded
+--- glance-2013.1.4/tools/pip-requires.orig	Thu Oct 17 11:22:19 2013
++++ glance-2013.1.4/tools/pip-requires	Thu Jan 16 22:22:56 2014
+@@ -15,7 +15,7 @@
+ sqlalchemy-migrate>=0.7
+ httplib2
+ kombu
+-pycrypto>=2.1.0alpha1
++M2Crypto>=0.21.1
+ iso8601>=0.1.4
+ oslo.config>=1.1.0
+