From 16e5c6ab21fd5e6a3993b8a17fe8f1fa11986d92 Mon Sep 17 00:00:00 2001 From: Eric Brown Date: Fri, 3 Jul 2015 00:20:05 -0700 Subject: [PATCH] Replace openssl calls with cryptography lib This patch is a code reduction cleanup fix. Exec calls to openssl can mostly be replaced with a proper python library called cryptography. Changed the following: * Removed convert_from_sshrsa_to_pkcs8 and _to_sequence since cryptography already has a method to do this conversion. * Replaced openssl rsautl call in ssh_encrypt_text and decrypt_text with cryptography's public key encrypt and decrypt methods. * Replaced call to openssl x509 with cryptography's load_pem_x509_certificate which also includes a way to retrieve the fingerprint. * generate_fingerprint's calls to paramiko were replaced with cryptography's serialization module. Cryptography supports all key sizes of elliptic curve keys whereas paramiko did not. * Removed the requirement on pyasn1 Change-Id: I750b49e6a73cd18af8199c1c859c9f6047252387 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 3c958f605..2ae360197 100644 --- a/requirements.txt +++ b/requirements.txt @@ -12,6 +12,7 @@ keystonemiddleware>=2.0.0 lxml>=2.3 Routes!=2.0,!=2.1,>=1.12.3;python_version=='2.7' Routes!=2.0,>=1.12.3;python_version!='2.7' +cryptography>=0.9.1 # Apache-2.0 WebOb>=1.2.3 greenlet>=0.3.2 PasteDeploy>=1.5.0 @@ -21,7 +22,6 @@ sqlalchemy-migrate>=0.9.6 netaddr>=0.7.12 netifaces>=0.10.4 paramiko>=1.13.0 -pyasn1 Babel>=1.3 iso8601>=0.1.9 jsonschema!=2.5.0,<3.0.0,>=2.0.0