keystonemiddleware

Usage of pycrypto

Bug #1677308 reported by Lance Bragstad
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
keystonemiddleware
Fix Released
Low
Tin Lam

Bug Description

The pycrypto library is unmaintained. There is an effort across various OpenStack projects to move away from it and use something else that is better supported [0].

Keystonemiddleware uses pycrypto to encrypt and decrypt things before caching them [1]. At the time of opening this bug report, we can either use the drop-in replacement (pycryptdome [2]) or we can rewrite the crypto stuff in keystonemiddleware to use another supported crypto library (i.e. pyca/cryptography [3])

[0] http://lists.openstack.org/pipermail/openstack-dev/2017-March/113568.html
[1] http://lists.openstack.org/pipermail/openstack-dev/2017-March/114710.html
[2] https://pypi.python.org/pypi/pycryptodome
[3] https://cryptography.io/en/latest/

See original description
Lance Bragstad (lbragstad)
Changed in keystonemiddleware:
status: New → Confirmed
summary: - Remove usage of pycrypto
+ Usage of pycrypto
Changed in keystonemiddleware:
importance: Undecided → Low
Tin Lam (lamt)
Changed in keystonemiddleware:
assignee: nobody → Tin Lam (tl3438)
Lance Bragstad (lbragstad)
description: updated
description: updated
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystonemiddleware (master)

Fix proposed to branch: master
Review: https://review.openstack.org/451941

Changed in keystonemiddleware:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystonemiddleware (master)

Reviewed: https://review.openstack.org/451941
Committed: https://git.openstack.org/cgit/openstack/keystonemiddleware/commit/?id=e23cb36ac03c5e3a368cb8c493927cf8babc8dbc
Submitter: Jenkins
Branch: master

commit e23cb36ac03c5e3a368cb8c493927cf8babc8dbc
Author: Tin Lam <email address hidden>
Date: Thu Mar 30 13:17:44 2017 -0500

    Replace pycrypto with cryptography

    The pycrypto library is unmaintained, and keystonemiddleware currently
    uses pycrypto to encrypt and decrpyt things before caching them.
    This patch set removes the pycrypto dependency and updates the code
    to use the cryptography library. See [1]. Replacing the cryptographic
    library is backward compatible. See [2].

    [1] http://lists.openstack.org/pipermail/openstack-dev/2017-March/113568.html
    [2] http://paste.openstack.org/show/610186/

    Change-Id: Iced7f5115e49ccf4f7f5bf6813cb5988b95c248b
    Closes-Bug: #1677308

Changed in keystonemiddleware:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystonemiddleware 4.16.0

This issue was fixed in the openstack/keystonemiddleware 4.16.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.