PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
19120578 Request to integrate Heat into userland
In-house removal of PyCrypto dependency in Heat. This patch is
Solaris-specific and not suitable for upstream.
Convert encrypt() and decrypt() to use M2Crypto instead of PyCrypto.
--- heat-2013.2.3/heat/common/crypt.py.~1~ 2014-04-03 11:44:49.000000000 -0700
+++ heat-2013.2.3/heat/common/crypt.py 2014-07-07 03:26:19.115102209 -0700
@@ -14,9 +14,9 @@
# under the License.
import base64
-from Crypto.Cipher import AES
from os import urandom
+from M2Crypto.EVP import Cipher
from oslo.config import cfg
from heat.openstack.common import log as logging
@@ -36,9 +36,12 @@
def encrypt(auth_info):
if auth_info is None:
return None
- iv = urandom(AES.block_size)
- cipher = AES.new(cfg.CONF.auth_encryption_key[:32], AES.MODE_CFB, iv)
- res = base64.b64encode(iv + cipher.encrypt(auth_info))
+ iv = urandom(16)
+ cipher = Cipher(alg='aes_256_cfb', key=cfg.CONF.auth_encryption_key[:32],
+ iv=iv, op=1)
+ padded = cipher.update(auth_info)
+ padded = padded + cipher.final()
+ res = base64.b64encode(iv + padded)
return res
@@ -46,7 +49,9 @@
if auth_info is None:
return None
auth = base64.b64decode(auth_info)
- iv = auth[:AES.block_size]
- cipher = AES.new(cfg.CONF.auth_encryption_key[:32], AES.MODE_CFB, iv)
- res = cipher.decrypt(auth[AES.block_size:])
+ iv = auth[:16]
+ cipher = Cipher(alg='aes_256_cfb', key=cfg.CONF.auth_encryption_key[:32],
+ iv=iv, op=0)
+ padded = cipher.update(auth[16:])
+ res = padded + cipher.final()
return res