--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openstack/heat/patches/04-nopycrypto.patch	Tue Sep 23 17:50:12 2014 -0700
@@ -0,0 +1,47 @@
+In-house removal of PyCrypto dependency in Heat. This patch is
+Solaris-specific and not suitable for upstream.
+
+Convert encrypt() and decrypt() to use M2Crypto instead of PyCrypto.
+
+--- heat-2013.2.3/heat/common/crypt.py.~1~	2014-04-03 11:44:49.000000000 -0700
++++ heat-2013.2.3/heat/common/crypt.py	2014-07-07 03:26:19.115102209 -0700
+@@ -14,9 +14,9 @@
+ #    under the License.
+ 
+ import base64
+-from Crypto.Cipher import AES
+ from os import urandom
+ 
++from M2Crypto.EVP import Cipher
+ from oslo.config import cfg
+ 
+ from heat.openstack.common import log as logging
+@@ -36,9 +36,12 @@
+ def encrypt(auth_info):
+     if auth_info is None:
+         return None
+-    iv = urandom(AES.block_size)
+-    cipher = AES.new(cfg.CONF.auth_encryption_key[:32], AES.MODE_CFB, iv)
+-    res = base64.b64encode(iv + cipher.encrypt(auth_info))
++    iv = urandom(16)
++    cipher = Cipher(alg='aes_256_cfb', key=cfg.CONF.auth_encryption_key[:32],
++                    iv=iv, op=1)
++    padded = cipher.update(auth_info)
++    padded = padded + cipher.final()
++    res = base64.b64encode(iv + padded)
+     return res
+ 
+ 
+@@ -46,7 +49,9 @@
+     if auth_info is None:
+         return None
+     auth = base64.b64decode(auth_info)
+-    iv = auth[:AES.block_size]
+-    cipher = AES.new(cfg.CONF.auth_encryption_key[:32], AES.MODE_CFB, iv)
+-    res = cipher.decrypt(auth[AES.block_size:])
++    iv = auth[:16]
++    cipher = Cipher(alg='aes_256_cfb', key=cfg.CONF.auth_encryption_key[:32],
++                    iv=iv, op=0)
++    padded = cipher.update(auth[16:])
++    res = padded + cipher.final()
+     return res