Hi,

Dne 23.7.2015 v 10:43 Christian Heimes napsal(a):
This patch removes the dependency on M2Crypto in favor for cryptography.
Cryptography is more strict about the key size and doesn't support
non-standard key sizes:

from M2Crypto import RC4
from ipaserver.dcerpc import arcfour_encrypt
RC4.RC4(b'key').update(b'data')
'o\r@\x8c'
arcfour_encrypt(b'key', b'data')
Traceback (most recent call last):
...
ValueError: Invalid key size (24) for RC4.

Standard key sizes 40, 56, 64, 80, 128, 192 and 256 are supported:

arcfour_encrypt(b'key12', b'data')
'\xcd\xf80d'
RC4.RC4(b'key12').update(b'data')
'\xcd\xf80d'

http://cryptography.readthedocs.org/en/latest/hazmat/primitives/symmetric-encryption/#cryptography.hazmat.primitives.ciphers.algorithms.ARC4
https://fedorahosted.org/freeipa/ticket/5148

NACK on the spec file change. There is a BuildRequires and Requires on m2crypto, replace them with BuildRequires and Requires on python-cryptography.

Honza

--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to