From e813f9c50c101578c2b9bdfa4cc326c5fd3e0733 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
Date: Tue, 23 Jul 2013 12:19:45 +0100
Subject: [PATCH] avoid the uneeded dependency on Crypto.Random
Crypto.Random was added in python-crypto-2.1.0 to replace
the problematic randpool in 2.0.1: http://www.pycrypto.org/randpool-broken
However on Linux os.urandom() should be fine to set IV.
I'm not sure it's necessary to pad with random bytes,
but I'm leaving that as is for now:
http://www.codekoala.com/blog/2009/aes-encryption-python-using-pycrypto/#comment-25921785
http://eli.thegreenplace.net/2010/06/25/aes-encryption-of-files-in-python-with-pycrypto/
---
glance/common/crypt.py | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/glance/common/crypt.py b/glance/common/crypt.py
index f719d11..971fe4f 100644
--- a/glance/common/crypt.py
+++ b/glance/common/crypt.py
@@ -20,10 +20,7 @@ Routines for URL-safe encrypting/decrypting
"""
import base64
-
from Crypto.Cipher import AES
-from Crypto import Random
-from Crypto.Random import random
def urlsafe_encrypt(key, plaintext, blocksize=16):
@@ -40,13 +37,12 @@ def urlsafe_encrypt(key, plaintext, blocksize=16):
Pads text to be encrypted
"""
pad_length = (blocksize - len(text) % blocksize)
- sr = random.StrongRandom()
- pad = ''.join(chr(sr.randint(1, 0xFF)) for i in range(pad_length - 1))
+ pad = os.urandom(pad_length - 1)
# We use chr(0) as a delimiter between text and padding
return text + chr(0) + pad
# random initial 16 bytes for CBC
- init_vector = Random.get_random_bytes(16)
+ init_vector = os.urandom(16)
cypher = AES.new(key, AES.MODE_CBC, init_vector)
padded = cypher.encrypt(pad(str(plaintext)))
return base64.urlsafe_b64encode(init_vector + padded)