[Freeipa-devel] [PATCH 0014] [py3] Replace M2Crypto RC4 with python-cryptography ARC4
Jan Cholasta
jcholast at redhat.com
Fri Jul 31 11:33:24 UTC 2015
Dne 23.7.2015 v 11:06 Christian Heimes napsal(a):
> On 2015-07-23 10:54, Jan Cholasta wrote:
>> Hi,
>>
>> Dne 23.7.2015 v 10:43 Christian Heimes napsal(a):
>>> This patch removes the dependency on M2Crypto in favor for cryptography.
>>> Cryptography is more strict about the key size and doesn't support
>>> non-standard key sizes:
>>>
>>>>>> from M2Crypto import RC4
>>>>>> from ipaserver.dcerpc import arcfour_encrypt
>>>>>> RC4.RC4(b'key').update(b'data')
>>> 'o\r@\x8c'
>>>>>> arcfour_encrypt(b'key', b'data')
>>> Traceback (most recent call last):
>>> ...
>>> ValueError: Invalid key size (24) for RC4.
>>>
>>> Standard key sizes 40, 56, 64, 80, 128, 192 and 256 are supported:
>>>
>>>>>> arcfour_encrypt(b'key12', b'data')
>>> '\xcd\xf80d'
>>>>>> RC4.RC4(b'key12').update(b'data')
>>> '\xcd\xf80d'
>>>
>>> http://cryptography.readthedocs.org/en/latest/hazmat/primitives/symmetric-encryption/#cryptography.hazmat.primitives.ciphers.algorithms.ARC4
>>>
>>> https://fedorahosted.org/freeipa/ticket/5148
>>
>> NACK on the spec file change. There is a BuildRequires and Requires on
>> m2crypto, replace them with BuildRequires and Requires on
>> python-cryptography.
>
> Argh, m2crypto ... I was looking for M2Crypto (case sensitive). Here is
> an updated patch.
>
> An additional Requires: python-cryptography is not required.
> server-trust-ad depends on ipa-server which depends on the ipa-python
> package. The ipa-python package already has Requires: python-cryptography.
Thanks, ACK.
Pushed to master: a908be2785d4388e3c97c7cd543c817c527d73c9
--
Jan Cholasta
More information about the Freeipa-devel
mailing list