--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openstack/heat/patches/04-nopycrypto.patch Tue Aug 05 08:29:43 2014 -0600
@@ -0,0 +1,47 @@
+In-house removal of PyCrypto dependency in Heat. This patch is
+Solaris-specific and not suitable for upstream.
+
+Convert encrypt() and decrypt() to use M2Crypto instead of PyCrypto.
+
+--- heat-2013.2.3/heat/common/crypt.py.~1~ 2014-04-03 11:44:49.000000000 -0700
++++ heat-2013.2.3/heat/common/crypt.py 2014-07-07 03:26:19.115102209 -0700
+@@ -14,9 +14,9 @@
+ # under the License.
+
+ import base64
+-from Crypto.Cipher import AES
+ from os import urandom
+
++from M2Crypto.EVP import Cipher
+ from oslo.config import cfg
+
+ from heat.openstack.common import log as logging
+@@ -36,9 +36,12 @@
+ def encrypt(auth_info):
+ if auth_info is None:
+ return None
+- iv = urandom(AES.block_size)
+- cipher = AES.new(cfg.CONF.auth_encryption_key[:32], AES.MODE_CFB, iv)
+- res = base64.b64encode(iv + cipher.encrypt(auth_info))
++ iv = urandom(16)
++ cipher = Cipher(alg='aes_256_cfb', key=cfg.CONF.auth_encryption_key[:32],
++ iv=iv, op=1)
++ padded = cipher.update(auth_info)
++ padded = padded + cipher.final()
++ res = base64.b64encode(iv + padded)
+ return res
+
+
+@@ -46,7 +49,9 @@
+ if auth_info is None:
+ return None
+ auth = base64.b64decode(auth_info)
+- iv = auth[:AES.block_size]
+- cipher = AES.new(cfg.CONF.auth_encryption_key[:32], AES.MODE_CFB, iv)
+- res = cipher.decrypt(auth[AES.block_size:])
++ iv = auth[:16]
++ cipher = Cipher(alg='aes_256_cfb', key=cfg.CONF.auth_encryption_key[:32],
++ iv=iv, op=0)
++ padded = cipher.update(auth[16:])
++ res = padded + cipher.final()
+ return res