Workaround wheezy limitations

Debian wheezy is just too old to easily work with, for that platform, use the more amenable cryptodomex library. Change-Id: Ic21d9784158d9d3f529d8c17dbe60a49f244cc7c
2025-01-26 10:57:54 +00:00 · 2019-02-07 15:35:38 -05:00 · 2019-02-07 15:35:38 -05:00 · 3e65ed0189
commit 3e65ed0189
parent 3b7d79c5fc
2 changed files with 86 additions and 0 deletions
--- a/7
+++ b/7
@ -1,5 +1,12 @@
 #!/bin/bash
 cd `dirname $0`
+mkdir -p /tmp/pyghmi
+cp -a * /tmp/pyghmi
+cd /tmp/pyghmi
+if grep wheezy /etc/os-release; then
+    # wheezy is difficult on pyca, use cryptodomex for that platform
+    patch -p1 < wheezy.patch
+fi
 # If not PBR, use the setup.py.tmpl
 python -c 'import pbr' || ./makesetup
 VERSION=`python setup.py --version`
--- a/wheezy.patch
+++ b/wheezy.patch
@ -0,0 +1,79 @@
+diff --git a/lower-constraints.txt b/lower-constraints.txt
+index a02749a..1741a51 100644
+--- a/lower-constraints.txt
+++ b/lower-constraints.txt
+@@ -1,5 +1,4 @@
+ coverage===4.0
+-cryptography===2.1
+ fixtures===3.0.0
+ openstackdocstheme==1.18.1
+ oslotest===3.2.0
+diff --git a/pyghmi/ipmi/private/session.py b/pyghmi/ipmi/private/session.py
+index 0cd2043..c31020d 100644
+--- a/pyghmi/ipmi/private/session.py
+++ b/pyghmi/ipmi/private/session.py
+@@ -28,8 +28,8 @@ import struct
+ import threading
+ 
+ 
+-from cryptography.hazmat.backends import default_backend
+-from cryptography.hazmat.primitives.ciphers import algorithms, Cipher, modes
+from Cryptodome.Cipher import AES
+
+ 
+ import pyghmi.exceptions as exc
+ from pyghmi.ipmi.private import constants
+@@ -309,10 +309,6 @@ class Session(object):
+     # can do something like reassign our threading and select modules
+     socketchecking = None
+ 
+-    # Maintain single Cryptography backend for all IPMI sessions (seems to be
+-    # thread-safe)
+-    _crypto_backend = default_backend()
+-
+     @classmethod
+     def _cleanup(cls):
+         for sesskey in list(cls.bmc_handlers):
+@@ -872,14 +868,9 @@ class Session(object):
+                 iv = os.urandom(16)
+                 message += iv
+                 payloadtocrypt = bytes(payload + _aespad(payload))
+-                crypter = Cipher(
+-                    algorithm=algorithms.AES(self.aeskey),
+-                    mode=modes.CBC(iv),
+-                    backend=self._crypto_backend
+-                )
+-                encryptor = crypter.encryptor()
+-                message += encryptor.update(payloadtocrypt
+-                                            ) + encryptor.finalize()
+                crypter = AES.new(self.aeskey, AES.MODE_CBC, iv)
+                crypted = crypter.encrypt(payloadtocrypt)
+                message += crypted
+             else:  # no confidetiality algorithm
+                 message.append(psize & 0xff)
+                 message.append(psize >> 8)
+@@ -1367,14 +1358,9 @@ class Session(object):
+             payload = data[16:16 + psize]
+             if encrypted:
+                 iv = data[16:32]
+-                crypter = Cipher(
+-                    algorithm=algorithms.AES(self.aeskey),
+-                    mode=modes.CBC(bytes(iv)),
+-                    backend=self._crypto_backend
+-                )
+-                decryptor = crypter.decryptor()
+-                payload = bytearray(decryptor.update(bytes(payload[16:])
+-                                                     ) + decryptor.finalize())
+                decrypter = AES.new(self.aeskey, AES.MODE_CBC, iv)
+                decrypted = decrypter.decrypt(payload[16:])
+                payload = decrypted
+                 padsize = payload[-1] + 1
+                 payload = payload[:-padsize]
+             if ptype == 0:
+diff --git a/requirements.txt b/requirements.txt
+index 1fb58a9..26ff921 100644
+--- a/requirements.txt
+++ b/requirements.txt
+@@ -1 +1 @@
+-cryptography>=2.1  # BSD/Apache-2.0
+pycryptodomex>=2.6