From e813f9c50c101578c2b9bdfa4cc326c5fd3e0733 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=A1draig=20Brady?= Date: Tue, 23 Jul 2013 12:19:45 +0100 Subject: [PATCH] avoid the uneeded dependency on Crypto.Random Crypto.Random was added in python-crypto-2.1.0 to replace the problematic randpool in 2.0.1: http://www.pycrypto.org/randpool-broken However on Linux os.urandom() should be fine to set IV. I'm not sure it's necessary to pad with random bytes, but I'm leaving that as is for now: http://www.codekoala.com/blog/2009/aes-encryption-python-using-pycrypto/#comment-25921785 http://eli.thegreenplace.net/2010/06/25/aes-encryption-of-files-in-python-with-pycrypto/ --- glance/common/crypt.py | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/glance/common/crypt.py b/glance/common/crypt.py index f719d11..971fe4f 100644 --- a/glance/common/crypt.py +++ b/glance/common/crypt.py @@ -20,10 +20,7 @@ Routines for URL-safe encrypting/decrypting """ import base64 - from Crypto.Cipher import AES -from Crypto import Random -from Crypto.Random import random def urlsafe_encrypt(key, plaintext, blocksize=16): @@ -40,13 +37,12 @@ def urlsafe_encrypt(key, plaintext, blocksize=16): Pads text to be encrypted """ pad_length = (blocksize - len(text) % blocksize) - sr = random.StrongRandom() - pad = ''.join(chr(sr.randint(1, 0xFF)) for i in range(pad_length - 1)) + pad = os.urandom(pad_length - 1) # We use chr(0) as a delimiter between text and padding return text + chr(0) + pad # random initial 16 bytes for CBC - init_vector = Random.get_random_bytes(16) + init_vector = os.urandom(16) cypher = AES.new(key, AES.MODE_CBC, init_vector) padded = cypher.encrypt(pad(str(plaintext))) return base64.urlsafe_b64encode(init_vector + padded)