 9fa2095fe7
			
		
	
	9fa2095fe7
	
	
	
		
			
			The patch had a lingering incompatibily to address. Change-Id: If7d23efbfdb7cfa2400920e5b9ae04282e66a9a7
		
			
				
	
	
		
			77 lines
		
	
	
		
			3.1 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
			
		
		
	
	
			77 lines
		
	
	
		
			3.1 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
| diff -urN pyghmi/lower-constraints.txt pyghmi-wheezy/lower-constraints.txt
 | |
| --- pyghmi/lower-constraints.txt	2018-08-30 09:41:36.771908238 -0400
 | |
| +++ pyghmi-wheezy/lower-constraints.txt	2019-02-08 14:27:21.322413226 -0500
 | |
| @@ -1,5 +1,4 @@
 | |
|  coverage===4.0
 | |
| -cryptography===2.1
 | |
|  fixtures===3.0.0
 | |
|  openstackdocstheme==1.18.1
 | |
|  oslotest===3.2.0
 | |
| diff -urN pyghmi/pyghmi/ipmi/private/session.py pyghmi-wheezy/pyghmi/ipmi/private/session.py
 | |
| --- pyghmi/pyghmi/ipmi/private/session.py	2019-02-08 14:26:57.039077089 -0500
 | |
| +++ pyghmi-wheezy/pyghmi/ipmi/private/session.py	2019-02-08 14:28:35.048397582 -0500
 | |
| @@ -28,8 +28,8 @@
 | |
|  import threading
 | |
|  
 | |
|  
 | |
| -from cryptography.hazmat.backends import default_backend
 | |
| -from cryptography.hazmat.primitives.ciphers import algorithms, Cipher, modes
 | |
| +from Cryptodome.Cipher import AES
 | |
| +
 | |
|  
 | |
|  import pyghmi.exceptions as exc
 | |
|  from pyghmi.ipmi.private import constants
 | |
| @@ -309,10 +309,6 @@
 | |
|      # can do something like reassign our threading and select modules
 | |
|      socketchecking = None
 | |
|  
 | |
| -    # Maintain single Cryptography backend for all IPMI sessions (seems to be
 | |
| -    # thread-safe)
 | |
| -    _crypto_backend = default_backend()
 | |
| -
 | |
|      @classmethod
 | |
|      def _cleanup(cls):
 | |
|          for sesskey in list(cls.bmc_handlers):
 | |
| @@ -872,14 +868,9 @@
 | |
|                  iv = os.urandom(16)
 | |
|                  message += iv
 | |
|                  payloadtocrypt = bytes(payload + _aespad(payload))
 | |
| -                crypter = Cipher(
 | |
| -                    algorithm=algorithms.AES(self.aeskey),
 | |
| -                    mode=modes.CBC(iv),
 | |
| -                    backend=self._crypto_backend
 | |
| -                )
 | |
| -                encryptor = crypter.encryptor()
 | |
| -                message += encryptor.update(payloadtocrypt
 | |
| -                                            ) + encryptor.finalize()
 | |
| +                crypter = AES.new(self.aeskey, AES.MODE_CBC, iv)
 | |
| +                crypted = crypter.encrypt(payloadtocrypt)
 | |
| +                message += crypted
 | |
|              else:  # no confidetiality algorithm
 | |
|                  message.append(psize & 0xff)
 | |
|                  message.append(psize >> 8)
 | |
| @@ -1366,14 +1357,9 @@
 | |
|              payload = data[16:16 + psize]
 | |
|              if encrypted:
 | |
|                  iv = data[16:32]
 | |
| -                crypter = Cipher(
 | |
| -                    algorithm=algorithms.AES(self.aeskey),
 | |
| -                    mode=modes.CBC(bytes(iv)),
 | |
| -                    backend=self._crypto_backend
 | |
| -                )
 | |
| -                decryptor = crypter.decryptor()
 | |
| -                payload = bytearray(decryptor.update(bytes(payload[16:])
 | |
| -                                                     ) + decryptor.finalize())
 | |
| +                decrypter = AES.new(self.aeskey, AES.MODE_CBC, iv)
 | |
| +                decrypted = decrypter.decrypt(payload[16:])
 | |
| +                payload = bytearray(decrypted)
 | |
|                  padsize = payload[-1] + 1
 | |
|                  payload = payload[:-padsize]
 | |
|              if ptype == 0:
 | |
| diff -urN pyghmi/requirements.txt pyghmi-wheezy/requirements.txt
 | |
| --- pyghmi/requirements.txt	2018-08-15 08:43:19.779309677 -0400
 | |
| +++ pyghmi-wheezy/requirements.txt	2019-02-08 14:27:21.322413226 -0500
 | |
| @@ -1 +1 @@
 | |
| -cryptography>=2.1  # BSD/Apache-2.0
 | |
| +pycryptodomex>=2.6
 |