--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openstack/glance/patches/01-nopycrypto.patch Mon Mar 31 16:44:02 2014 -0700
@@ -0,0 +1,106 @@
+In-house removal of PyCrypto dependency in Glance. This patch is
+Solaris-specific and not suitable for upstream.
+
+Convert urlsafe_encrypt() and urlsafe_decrypt() to use M2Crypto instead
+of PyCrypto.
+
+--- glance-2013.1.4/glance.egg-info/requires.txt.orig Thu Jan 16 22:08:47 2014
++++ glance-2013.1.4/glance.egg-info/requires.txt Thu Jan 16 22:23:01 2014
+@@ -11,7 +11,7 @@
+ sqlalchemy-migrate>=0.7
+ httplib2
+ kombu
+-pycrypto>=2.1.0alpha1
++M2Crypto>=0.21.1
+ iso8601>=0.1.4
+ oslo.config>=1.1.0
+ python-swiftclient>=1.2,<2
+--- glance-2013.1.4/glance/common/crypt.py.orig Thu Oct 17 11:22:18 2013
++++ glance-2013.1.4/glance/common/crypt.py Thu Jan 16 22:42:41 2014
+@@ -4,6 +4,8 @@
+ # Copyright 2011 OpenStack LLC.
+ # All Rights Reserved.
+ #
++# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
++#
+ # Licensed under the Apache License, Version 2.0 (the "License"); you may
+ # not use this file except in compliance with the License. You may obtain
+ # a copy of the License at
+@@ -21,12 +23,27 @@
+ """
+
+ import base64
++import os
+
+-from Crypto.Cipher import AES
+-from Crypto import Random
+-from Crypto.Random import random
++from M2Crypto.EVP import Cipher
+
++from glance.common import exception
+
++
++def _key_to_alg(key):
++ """Return a M2Crypto-compatible AES-CBC algorithm name given a key."""
++ aes_algs = {
++ 128: 'aes_128_cbc',
++ 192: 'aes_192_cbc',
++ 256: 'aes_256_cbc'
++ }
++
++ keylen = 8 * len(key)
++ if keylen not in aes_algs:
++ msg = ('Invalid AES key length, %d bits') % keylen
++ raise exception.Invalid(msg)
++ return aes_algs[keylen]
++
+ def urlsafe_encrypt(key, plaintext, blocksize=16):
+ """
+ Encrypts plaintext. Resulting ciphertext will contain URL-safe characters
+@@ -36,20 +53,12 @@
+
+ :returns : Resulting ciphertext
+ """
+- def pad(text):
+- """
+- Pads text to be encrypted
+- """
+- pad_length = (blocksize - len(text) % blocksize)
+- sr = random.StrongRandom()
+- pad = ''.join(chr(sr.randint(1, 0xFF)) for i in range(pad_length - 1))
+- # We use chr(0) as a delimiter between text and padding
+- return text + chr(0) + pad
+
+ # random initial 16 bytes for CBC
+- init_vector = Random.get_random_bytes(16)
+- cypher = AES.new(key, AES.MODE_CBC, init_vector)
+- padded = cypher.encrypt(pad(str(plaintext)))
++ init_vector = os.urandom(16)
++ cipher = Cipher(alg=_key_to_alg(key), key=key, iv=init_vector, op=1)
++ padded = cipher.update(str(plaintext))
++ padded = padded + cipher.final()
+ return base64.urlsafe_b64encode(init_vector + padded)
+
+
+@@ -63,6 +72,7 @@
+ """
+ # Cast from unicode
+ ciphertext = base64.urlsafe_b64decode(str(ciphertext))
+- cypher = AES.new(key, AES.MODE_CBC, ciphertext[:16])
+- padded = cypher.decrypt(ciphertext[16:])
+- return padded[:padded.rfind(chr(0))]
++ cipher = Cipher(alg=_key_to_alg(key), key=key, iv=ciphertext[:16], op=0)
++ padded = cipher.update(ciphertext[16:])
++ padded = padded + cipher.final()
++ return padded
+--- glance-2013.1.4/tools/pip-requires.orig Thu Oct 17 11:22:19 2013
++++ glance-2013.1.4/tools/pip-requires Thu Jan 16 22:22:56 2014
+@@ -15,7 +15,7 @@
+ sqlalchemy-migrate>=0.7
+ httplib2
+ kombu
+-pycrypto>=2.1.0alpha1
++M2Crypto>=0.21.1
+ iso8601>=0.1.4
+ oslo.config>=1.1.0
+