| Message ID | 20220509141202.14844-1-bage@linutronix.de |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [swugenerator] Reimplement pycrypto use with stdlib's secrets | expand |
Hi Bastian, On 09.05.22 16:12, Bastian Germann wrote: > swugenerator makes use of PyCrypto's Random module only. There is a secrets > module in all supported (setup.py) Python versions that has an alternative. > > PyCrypto is no longer maintained, so replace it by the stdlib secrets module. > Thanks. > Signed-off-by: Bastian Germann <bage@linutronix.de> > --- > requirements.txt | 1 - > setup.py | 1 - > swugenerator/generator.py | 5 ++--- > 3 files changed, 2 insertions(+), 5 deletions(-) > > diff --git a/requirements.txt b/requirements.txt > index 23e3174..646d61c 100644 > --- a/requirements.txt > +++ b/requirements.txt > @@ -1,3 +1,2 @@ > libconf~=2.0.1 > setuptools~=57.0.0 > -crypto~=1.4.1 > \ No newline at end of file > diff --git a/setup.py b/setup.py > index 846e24a..5b1fee8 100644 > --- a/setup.py > +++ b/setup.py > @@ -24,7 +24,6 @@ setup( > install_requires=[ > 'libconf~=2.0.1', > 'setuptools~=57.0.0', > - 'pycrypto~=2.6.1', > ], > > python_requires='>=3.6', > diff --git a/swugenerator/generator.py b/swugenerator/generator.py > index 281d8a5..1a226e9 100644 > --- a/swugenerator/generator.py > +++ b/swugenerator/generator.py > @@ -6,11 +6,10 @@ import os > import re > import codecs > import libconf > +import secrets > import subprocess > from tempfile import TemporaryDirectory > > -from Crypto import Random > - > from swugenerator.SWUFile import swufile > from swugenerator.artifact import Artifact > > @@ -34,7 +33,7 @@ class SWUGenerator: > > @staticmethod > def generate_iv(): > - return Random.get_random_bytes(16).hex() > + return secrets.token_hex(16) > > def _read_swdesc(self): > with codecs.open(self.swdescription, 'r') as f: Reviewed-by: Stefano Babic <sbabic@denx.de> Best regards, Stefano Babic
diff --git a/requirements.txt b/requirements.txt index 23e3174..646d61c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,2 @@ libconf~=2.0.1 setuptools~=57.0.0 -crypto~=1.4.1 \ No newline at end of file diff --git a/setup.py b/setup.py index 846e24a..5b1fee8 100644 --- a/setup.py +++ b/setup.py @@ -24,7 +24,6 @@ setup( install_requires=[ 'libconf~=2.0.1', 'setuptools~=57.0.0', - 'pycrypto~=2.6.1', ], python_requires='>=3.6', diff --git a/swugenerator/generator.py b/swugenerator/generator.py index 281d8a5..1a226e9 100644 --- a/swugenerator/generator.py +++ b/swugenerator/generator.py @@ -6,11 +6,10 @@ import os import re import codecs import libconf +import secrets import subprocess from tempfile import TemporaryDirectory -from Crypto import Random - from swugenerator.SWUFile import swufile from swugenerator.artifact import Artifact @@ -34,7 +33,7 @@ class SWUGenerator: @staticmethod def generate_iv(): - return Random.get_random_bytes(16).hex() + return secrets.token_hex(16) def _read_swdesc(self): with codecs.open(self.swdescription, 'r') as f:
swugenerator makes use of PyCrypto's Random module only. There is a secrets module in all supported (setup.py) Python versions that has an alternative. PyCrypto is no longer maintained, so replace it by the stdlib secrets module. Signed-off-by: Bastian Germann <bage@linutronix.de> --- requirements.txt | 1 - setup.py | 1 - swugenerator/generator.py | 5 ++--- 3 files changed, 2 insertions(+), 5 deletions(-)