mirror of
https://opendev.org/x/pyghmi
synced 2025-01-18 02:04:09 +00:00
9fa2095fe7
The patch had a lingering incompatibily to address. Change-Id: If7d23efbfdb7cfa2400920e5b9ae04282e66a9a7
77 lines
3.1 KiB
Diff
77 lines
3.1 KiB
Diff
diff -urN pyghmi/lower-constraints.txt pyghmi-wheezy/lower-constraints.txt
|
|
--- pyghmi/lower-constraints.txt 2018-08-30 09:41:36.771908238 -0400
|
|
+++ pyghmi-wheezy/lower-constraints.txt 2019-02-08 14:27:21.322413226 -0500
|
|
@@ -1,5 +1,4 @@
|
|
coverage===4.0
|
|
-cryptography===2.1
|
|
fixtures===3.0.0
|
|
openstackdocstheme==1.18.1
|
|
oslotest===3.2.0
|
|
diff -urN pyghmi/pyghmi/ipmi/private/session.py pyghmi-wheezy/pyghmi/ipmi/private/session.py
|
|
--- pyghmi/pyghmi/ipmi/private/session.py 2019-02-08 14:26:57.039077089 -0500
|
|
+++ pyghmi-wheezy/pyghmi/ipmi/private/session.py 2019-02-08 14:28:35.048397582 -0500
|
|
@@ -28,8 +28,8 @@
|
|
import threading
|
|
|
|
|
|
-from cryptography.hazmat.backends import default_backend
|
|
-from cryptography.hazmat.primitives.ciphers import algorithms, Cipher, modes
|
|
+from Cryptodome.Cipher import AES
|
|
+
|
|
|
|
import pyghmi.exceptions as exc
|
|
from pyghmi.ipmi.private import constants
|
|
@@ -309,10 +309,6 @@
|
|
# can do something like reassign our threading and select modules
|
|
socketchecking = None
|
|
|
|
- # Maintain single Cryptography backend for all IPMI sessions (seems to be
|
|
- # thread-safe)
|
|
- _crypto_backend = default_backend()
|
|
-
|
|
@classmethod
|
|
def _cleanup(cls):
|
|
for sesskey in list(cls.bmc_handlers):
|
|
@@ -872,14 +868,9 @@
|
|
iv = os.urandom(16)
|
|
message += iv
|
|
payloadtocrypt = bytes(payload + _aespad(payload))
|
|
- crypter = Cipher(
|
|
- algorithm=algorithms.AES(self.aeskey),
|
|
- mode=modes.CBC(iv),
|
|
- backend=self._crypto_backend
|
|
- )
|
|
- encryptor = crypter.encryptor()
|
|
- message += encryptor.update(payloadtocrypt
|
|
- ) + encryptor.finalize()
|
|
+ crypter = AES.new(self.aeskey, AES.MODE_CBC, iv)
|
|
+ crypted = crypter.encrypt(payloadtocrypt)
|
|
+ message += crypted
|
|
else: # no confidetiality algorithm
|
|
message.append(psize & 0xff)
|
|
message.append(psize >> 8)
|
|
@@ -1366,14 +1357,9 @@
|
|
payload = data[16:16 + psize]
|
|
if encrypted:
|
|
iv = data[16:32]
|
|
- crypter = Cipher(
|
|
- algorithm=algorithms.AES(self.aeskey),
|
|
- mode=modes.CBC(bytes(iv)),
|
|
- backend=self._crypto_backend
|
|
- )
|
|
- decryptor = crypter.decryptor()
|
|
- payload = bytearray(decryptor.update(bytes(payload[16:])
|
|
- ) + decryptor.finalize())
|
|
+ decrypter = AES.new(self.aeskey, AES.MODE_CBC, iv)
|
|
+ decrypted = decrypter.decrypt(payload[16:])
|
|
+ payload = bytearray(decrypted)
|
|
padsize = payload[-1] + 1
|
|
payload = payload[:-padsize]
|
|
if ptype == 0:
|
|
diff -urN pyghmi/requirements.txt pyghmi-wheezy/requirements.txt
|
|
--- pyghmi/requirements.txt 2018-08-15 08:43:19.779309677 -0400
|
|
+++ pyghmi-wheezy/requirements.txt 2019-02-08 14:27:21.322413226 -0500
|
|
@@ -1 +1 @@
|
|
-cryptography>=2.1 # BSD/Apache-2.0
|
|
+pycryptodomex>=2.6
|