Open Stack

Steve,

pycrypto is almost dead. The replacement is pycryptodome. BUT both
cannot be installed at the same time, so there is a struggle to get
all projects to work correctly with pycryptodome, Last i checked the
status was this:
http://git.openstack.org/cgit/openstack/requirements/tree/global-requirements.txt#n188

cryptography has been there in requirements since 2014:
https://review.openstack.org/#/c/93794/

So, i'd support projects wanting to use cryptography directly.

fwiw, i don't see a claim to support FIPS-140-2 in cryptography:
https://cryptography.io/en/latest/development/test-vectors/
https://github.com/pyca/cryptography/tree/master/vectors/cryptography_vectors/asymmetric/ECDSA

Thanks,
Dims



On Sun, Nov 6, 2016 at 3:05 AM, Steven Dake (stdake) <stdake at cisco.com> wrote:
> Requirements team,
>
>
>
> Currently Kolla uses pycrypto in our requirements.  I see a lot of big tent
> projects moving to cryptography.  Is this just my imagination, or was there
> a decision on this from the requirements team?  We are happy to comply with
> whatever dep management is considered appropriate for OpenStack ESPECIALLY
> as it relates to security and crypto libraries.
>
>
>
> I’d just like confirmation if we should move off pycrypto to cryptography,
> or if these two things offer similar functionality, or if I’m way off base
> here J.
>
>
>
> An orthogonal question I have received from one of our community members
> (Pavo on irc) is whether pycrypto (or if we move to cryptography) provide
> FIPS-140-2 compliance.
>
>
>
> Regards
>
> -steve
>
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



-- 
Davanum Srinivas :: https://twitter.com/dims