[Freeipa-devel] [PATCH 0014] [py3] Replace M2Crypto RC4 with python-cryptography ARC4
Christian Heimes
cheimes at redhat.com
Thu Jul 23 09:06:00 UTC 2015
On 2015-07-23 10:54, Jan Cholasta wrote:
> Hi,
>
> Dne 23.7.2015 v 10:43 Christian Heimes napsal(a):
>> This patch removes the dependency on M2Crypto in favor for cryptography.
>> Cryptography is more strict about the key size and doesn't support
>> non-standard key sizes:
>>
>>>>> from M2Crypto import RC4
>>>>> from ipaserver.dcerpc import arcfour_encrypt
>>>>> RC4.RC4(b'key').update(b'data')
>> 'o\r@\x8c'
>>>>> arcfour_encrypt(b'key', b'data')
>> Traceback (most recent call last):
>> ...
>> ValueError: Invalid key size (24) for RC4.
>>
>> Standard key sizes 40, 56, 64, 80, 128, 192 and 256 are supported:
>>
>>>>> arcfour_encrypt(b'key12', b'data')
>> '\xcd\xf80d'
>>>>> RC4.RC4(b'key12').update(b'data')
>> '\xcd\xf80d'
>>
>> http://cryptography.readthedocs.org/en/latest/hazmat/primitives/symmetric-encryption/#cryptography.hazmat.primitives.ciphers.algorithms.ARC4
>>
>> https://fedorahosted.org/freeipa/ticket/5148
>
> NACK on the spec file change. There is a BuildRequires and Requires on
> m2crypto, replace them with BuildRequires and Requires on
> python-cryptography.
Argh, m2crypto ... I was looking for M2Crypto (case sensitive). Here is
an updated patch.
An additional Requires: python-cryptography is not required.
server-trust-ad depends on ipa-server which depends on the ipa-python
package. The ipa-python package already has Requires: python-cryptography.
Christian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-cheimes-0014-2-py3-Replace-M2Crypto-RC4-with-python-cryptography-AR.patch
Type: text/x-patch
Size: 3605 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150723/7ddb54ca/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150723/7ddb54ca/attachment.sig>
More information about the Freeipa-devel
mailing list