Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openstack/glance/patches/01-nopycrypto.patch
author Drew Fisher <drew.fisher@oracle.com>
Mon, 31 Mar 2014 16:44:02 -0700
branchs11-update
changeset 3028 5e73a3a3f66a
child 1944 56ac2df1785b
permissions -rw-r--r--
PSARC/2013/350 OpenStack for Solaris (Umbrella) PSARC/2014/007 OpenStack client API components for Grizzly PSARC/2014/048 OpenStack Keystone (OpenStack Identity Service) PSARC/2014/049 OpenStack Nova (OpenStack Compute Service) PSARC/2014/054 OpenStack Cinder (OpenStack Block Storage Service) PSARC/2014/055 OpenStack Glance (OpenStack Image Service) PSARC/2014/058 OpenStack Horizon (OpenStack Dashboard) PSARC/2014/059 OpenStack Neutron (OpenStack Networking Service) 17531161 greenlet doesn't build with gcc 4.7.X 18143276 greenlet can crash with register window corruption on MP SPARC 18290089 integrate cinderclient 18290097 integrate glanceclient 18290102 integrate keystoneclient 18290109 integrate neutronclient 18290113 integrate novaclient 18290119 integrate swiftclient 18290125 integrate quantumclient 18307582 Request to integrate Cinder into userland 18307595 Request to integrate Glance into userland 18307626 Request to integrate Horizon into userland 18307641 Request to integrate Keystone into userland 18307650 Request to integrate Neutron into userland 18307659 Request to integrate Nova into userland 18321909 a few Python packages deliver both po and mo files 18362900 Dnsmasq's SMF method_credential is missing a privilege 18363793 Dnsmasq should use SIOCSXARP ioctl

In-house removal of PyCrypto dependency in Glance.  This patch is
Solaris-specific and not suitable for upstream.

Convert urlsafe_encrypt() and urlsafe_decrypt() to use M2Crypto instead
of PyCrypto.

--- glance-2013.1.4/glance.egg-info/requires.txt.orig	Thu Jan 16 22:08:47 2014
+++ glance-2013.1.4/glance.egg-info/requires.txt	Thu Jan 16 22:23:01 2014
@@ -11,7 +11,7 @@
 sqlalchemy-migrate>=0.7
 httplib2
 kombu
-pycrypto>=2.1.0alpha1
+M2Crypto>=0.21.1
 iso8601>=0.1.4
 oslo.config>=1.1.0
 python-swiftclient>=1.2,<2
--- glance-2013.1.4/glance/common/crypt.py.orig	Thu Oct 17 11:22:18 2013
+++ glance-2013.1.4/glance/common/crypt.py	Thu Jan 16 22:42:41 2014
@@ -4,6 +4,8 @@
 # Copyright 2011 OpenStack LLC.
 # All Rights Reserved.
 #
+# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+#
 #    Licensed under the Apache License, Version 2.0 (the "License"); you may
 #    not use this file except in compliance with the License. You may obtain
 #    a copy of the License at
@@ -21,12 +23,27 @@
 """
 
 import base64
+import os
 
-from Crypto.Cipher import AES
-from Crypto import Random
-from Crypto.Random import random
+from M2Crypto.EVP import Cipher
 
+from glance.common import exception
 
+
+def _key_to_alg(key):
+    """Return a M2Crypto-compatible AES-CBC algorithm name given a key."""
+    aes_algs = {
+        128: 'aes_128_cbc',
+        192: 'aes_192_cbc',
+        256: 'aes_256_cbc'
+    }
+
+    keylen = 8 * len(key)
+    if keylen not in aes_algs:
+        msg = ('Invalid AES key length, %d bits') % keylen
+        raise exception.Invalid(msg)
+    return aes_algs[keylen]
+
 def urlsafe_encrypt(key, plaintext, blocksize=16):
     """
     Encrypts plaintext. Resulting ciphertext will contain URL-safe characters
@@ -36,20 +53,12 @@
 
     :returns : Resulting ciphertext
     """
-    def pad(text):
-        """
-        Pads text to be encrypted
-        """
-        pad_length = (blocksize - len(text) % blocksize)
-        sr = random.StrongRandom()
-        pad = ''.join(chr(sr.randint(1, 0xFF)) for i in range(pad_length - 1))
-        # We use chr(0) as a delimiter between text and padding
-        return text + chr(0) + pad
 
     # random initial 16 bytes for CBC
-    init_vector = Random.get_random_bytes(16)
-    cypher = AES.new(key, AES.MODE_CBC, init_vector)
-    padded = cypher.encrypt(pad(str(plaintext)))
+    init_vector = os.urandom(16)
+    cipher = Cipher(alg=_key_to_alg(key), key=key, iv=init_vector, op=1)
+    padded = cipher.update(str(plaintext))
+    padded = padded + cipher.final()
     return base64.urlsafe_b64encode(init_vector + padded)
 
 
@@ -63,6 +72,7 @@
     """
     # Cast from unicode
     ciphertext = base64.urlsafe_b64decode(str(ciphertext))
-    cypher = AES.new(key, AES.MODE_CBC, ciphertext[:16])
-    padded = cypher.decrypt(ciphertext[16:])
-    return padded[:padded.rfind(chr(0))]
+    cipher = Cipher(alg=_key_to_alg(key), key=key, iv=ciphertext[:16], op=0)
+    padded = cipher.update(ciphertext[16:])
+    padded = padded + cipher.final()
+    return padded
--- glance-2013.1.4/tools/pip-requires.orig	Thu Oct 17 11:22:19 2013
+++ glance-2013.1.4/tools/pip-requires	Thu Jan 16 22:22:56 2014
@@ -15,7 +15,7 @@
 sqlalchemy-migrate>=0.7
 httplib2
 kombu
-pycrypto>=2.1.0alpha1
+M2Crypto>=0.21.1
 iso8601>=0.1.4
 oslo.config>=1.1.0
upstream/oracle/userland-gate