[Bug 263586] security/py-pycrypto: not compatible with python 3.8

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 26 Apr 2022 15:15:22 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263586

            Bug ID: 263586
           Summary: security/py-pycrypto: not compatible with python 3.8
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: sunpoet@FreeBSD.org
          Reporter: amdmi3@FreeBSD.org
          Assignee: sunpoet@FreeBSD.org
             Flags: maintainer-feedback?(sunpoet@FreeBSD.org)

- pycrypto is no longer maintained (see https://www.pycrypto.org/)
- it's also not compatible with python 3.8, for instance it uses time.clock()
(https://github.com/pycrypto/pycrypto/blob/master/lib/Crypto/Random/_UserFriendlyRNG.py#L77)
not present in python 3.8 (which results in problems such as
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263585)

So:
- The port should be marked DEPRECATED
- time.clock() call should be replaced with something compatible, for the time
being

For instance, this may work:

    self._clock_es.feed(struct.pack('=Q', time.monotonic_ns()))

Instead of fractional part of time.clock() converted to 4 bytes, it feeds 8
bytes of monotonic time with nanosecond precision, which should be even more
random.

-- 
You are receiving this mail because:
You are the assignee for the bug.