PSARC 2015/535 OpenStack service updates for Kilo
PSARC 2015/458 aioeventlet - asyncio event loop scheduling callbacks in eventlet
PSARC 2015/460 msgpack - C/Python bindings for MessagePack (de)serializer data
PSARC 2015/466 openstackclient - OpenStack Command-line Client
PSARC 2015/467 oslo.versionedobjects - Oslo Versioned Objects library
PSARC 2015/468 pint - A physical quantities module
PSARC 2015/469 pysaml2 - A pure Python implementation of SAML2
PSARC 2015/471 semantic_version - A library implementing the 'SemVer' scheme
PSARC 2015/472 testresources - PyUnit extension for managing expensive test resources
PSARC 2015/473 testscenarios - Extensions to Python unittest to support scenarios
PSARC 2015/474 trollius - Port of the Tulip project (asyncio module, PEP 3156) on Python 2
PSARC 2015/475 urllib3 - HTTP library with thread-safe connection pooling, file post, and more
PSARC 2015/520 oslo.concurrency - Oslo Concurrency library
PSARC 2015/521 oslo.log - Oslo Logging Configuration library
PSARC 2015/529 oslo.policy - Oslo Policy library
PSARC 2015/530 psutil - Python system and process utilities
PSARC 2015/538 fixtures - Python module to support reusable state for writing clean tests
PSARC 2015/539 sqlparse - An SQL parser module for Python
PSARC 2016/017 extras - Useful extra utilities for Python
PSARC 2016/018 linecache2 - Port of the standard linecache module
PSARC 2016/019 python-mimeparse - Basic functions for parsing mime-types
PSARC 2016/020 testtools - Extensions to the Python unit testing framework
PSARC 2016/021 traceback2 - Port of the standard traceback module
PSARC 2016/014 OpenStack Cinder NFS driver for Solaris
22384068 OpenStack service updates for Kilo (Umbrella)
21974208 The Python module msgpack should be added to Userland
22010630 The Python trollius module should be added to Userland
22011755 The Python module pint should be added to Userland
22012256 The Python aioeventlet module should be added to Userland
22012282 The Python oslo.versionedobjects module should be added to Userland
22012317 The Python semantic_version module should be added to Userland
22012321 The Python testresources module should be added to Userland
22012329 The Python testscenarios module should be added to Userland
22012336 The Python urllib3 module should be added to Userland
22012343 The Python openstackclient module should be added to Userland
22299389 The Python oslo.concurrency module should be added to Userland
22299409 The Python oslo.log module should be added to Userland
22299418 The Python oslo.policy module should be added to Userland
22299469 The Python psutil module should be added to Userland
22337793 The Python sqlparse module should be added to Userland
22338325 The Python fixtures module should be added to Userland
22535728 The Python testtools module should be added to Userland
22535739 The Python extras module should be added to Userland
22535748 The Python linecache2 module should be added to Userland
22535753 The Python traceback2 module should be added to Userland
22535760 The Python python-mimeparse module should be added to Userland
18961001 Image filtering does not function as expected
21678935 NFS for Cinder in Solaris OpenStack
22548630 derived manifest should not enforce presence of global when installing from UAR
22629795 problem in SERVICE/KEYSTONE
In-house removal of PyCrypto dependency in keystonemiddleware. This
patch is Solaris-specific and not suitable for upstream.
--- keystonemiddleware-1.5.0/keystonemiddleware/auth_token/_memcache_crypt.py.~1~ 2015-03-11 11:41:14.000000000 -0600
+++ keystonemiddleware-1.5.0/keystonemiddleware/auth_token/_memcache_crypt.py 2015-04-27 17:30:54.664848743 -0600
@@ -17,7 +17,7 @@
Utilities for memcache encryption and integrity check.
Data should be serialized before entering these functions. Encryption
-has a dependency on the pycrypto. If pycrypto is not available,
+has a dependency on M2Crypto. If M2Crypto is not available,
CryptoUnavailableError will be raised.
This module will not be called unless signing or encryption is enabled
@@ -38,9 +38,10 @@ import sys
from keystonemiddleware.i18n import _
-# make sure pycrypto is available
+# make sure M2Crypto is available
try:
- from Crypto.Cipher import AES
+ from M2Crypto.EVP import Cipher
+ AES = Cipher
except ImportError:
AES = None
@@ -73,6 +74,13 @@ class CryptoUnavailableError(Exception):
pass
+class InvalidKeyLength(Exception):
+ """raise when AES key length is an invalid value.
+
+ """
+ pass
+
+
def assert_crypto_availability(f):
"""Ensure Crypto module is available."""
@@ -132,31 +140,44 @@ def sign_data(key, data):
return base64.b64encode(mac)
+def _key_to_alg(key):
+ """Return a M2Crypto-compatible AES-CBC algorithm name given a key."""
+ aes_algs = {
+ 128: 'aes_128_cbc',
+ 192: 'aes_192_cbc',
+ 256: 'aes_256_cbc'
+ }
+
+ keylen = 8 * len(key)
+ if keylen not in aes_algs:
+ msg = ('Invalid AES key length, %d bits') % keylen
+ raise InvalidKeyLength(msg)
+ return aes_algs[keylen]
+
+
@assert_crypto_availability
def encrypt_data(key, data):
"""Encrypt the data with the given secret key.
- Padding is n bytes of the value n, where 1 <= n <= blocksize.
"""
iv = os.urandom(16)
- cipher = AES.new(key, AES.MODE_CBC, iv)
- padding = 16 - len(data) % 16
- return iv + cipher.encrypt(data + six.int2byte(padding) * padding)
+ cipher = Cipher(alg=_key_to_alg(key), key=key, iv=iv, op=1)
+ result = cipher.update(data)
+ return iv + result + cipher.final()
@assert_crypto_availability
def decrypt_data(key, data):
"""Decrypt the data with the given secret key."""
iv = data[:16]
- cipher = AES.new(key, AES.MODE_CBC, iv)
+ cipher = Cipher(alg=_key_to_alg(key), key=key, iv=iv, op=0)
try:
- result = cipher.decrypt(data[16:])
+ result = cipher.update(data[16:])
+ result = result + cipher.final()
except Exception:
raise DecryptError(_('Encrypted data appears to be corrupted.'))
- # Strip the last n padding bytes where n is the last value in
- # the plaintext
- return result[:-1 * six.byte2int([result[-1]])]
+ return result
def protect_data(keys, data):