From e38aec72b27e43000d246566e1221f7a7d38e77a Mon Sep 17 00:00:00 2001
From: Martine Lenders <m.lenders@fu-berlin.de>
Date: Tue, 2 Nov 2021 13:28:42 +0100
Subject: [PATCH] pycrypto: use pycryptodome instead

`pycrypto` is unmaintained [[1]] since v2.6.1 (released October 2013).
This version, however, has some severe vulnerabilities [[2]] [[3]].

The recommendation is to use the API-compatible `pycryptodome` library.

[1]: https://github.com/pycrypto/pycrypto/issues/173
[2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7459
[3]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6594
---
 dist/tools/mcuboot/imgtool.md          | 2 +-
 dist/tools/packer/scripts/riot.sh      | 2 +-
 dist/tools/vagrant/freebsd/Vagrantfile | 2 +-
 tests/mcuboot/README.md                | 4 ++--
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/dist/tools/mcuboot/imgtool.md b/dist/tools/mcuboot/imgtool.md
index 38f81247e6..d1c7921783 100644
--- a/dist/tools/mcuboot/imgtool.md
+++ b/dist/tools/mcuboot/imgtool.md
@@ -6,7 +6,7 @@ operations that are necessary to manage keys and sign images.
 This program is written for Python3, and has several dependencies on
 Python libraries.  These can be installed using 'pip3' manually:
 
-    pip3 install --user pycrypto
+    pip3 install --user pycryptodome
     pip3 install --user pyasn1
     pip3 install --user ecdsa
 
diff --git a/dist/tools/packer/scripts/riot.sh b/dist/tools/packer/scripts/riot.sh
index 1681792a7a..22e609571e 100644
--- a/dist/tools/packer/scripts/riot.sh
+++ b/dist/tools/packer/scripts/riot.sh
@@ -17,7 +17,7 @@ sudo -u /${SSH_USERNAME} pip3 install --user iotlabwscli iotlabsshcli iotlabcli
 
 # Python tools
 sudo -u /${SSH_USERNAME} pip3 install --user aiocoap pyocd paho-mqtt pyserial flake8 tox \
-            pyasn1 ecdsa pexpect pycrypto ed25519 cbor cryptography \
+            pyasn1 ecdsa pexpect pycryptodome ed25519 cbor cryptography \
             scapy codespell protobuf jupyterlab \
             #
 
diff --git a/dist/tools/vagrant/freebsd/Vagrantfile b/dist/tools/vagrant/freebsd/Vagrantfile
index 8b50b93f1e..b16a52bd45 100644
--- a/dist/tools/vagrant/freebsd/Vagrantfile
+++ b/dist/tools/vagrant/freebsd/Vagrantfile
@@ -1,7 +1,7 @@
 $init_riot = <<-INIT_RIOT
   # vim for xxd
   pkg install -y bash git gmake gcc cmake afl afl++ \
-      python3 py37-pip py37-scipy py37-pycrypto py37-cython py37-scapy \
+      python3 py37-pip py37-scipy py37-pycryptodome py37-cython py37-scapy \
       vim
   chsh -s /usr/local/bin/bash vagrant
   if ! [ -d /home/vagrant/RIOT ]; then
diff --git a/tests/mcuboot/README.md b/tests/mcuboot/README.md
index 61e5672e57..da68a5cd2f 100644
--- a/tests/mcuboot/README.md
+++ b/tests/mcuboot/README.md
@@ -15,14 +15,14 @@ system.
 Before running the test, be sure that you meet the following Python3
 dependencies:
 
-  - pycrypto
+  - pycryptodome
   - ecdsa
   - pyasn1
 
 If you don't have one of those, you can install them with the commands:
 
 ```console
-pip3 install --user pycrypto ecdsa pyasn1
+pip3 install --user pycryptodome ecdsa pyasn1
 ```
 
 This test can be called using `make mcuboot` to produce such ELF file,