[openstack-dev] [requirements][kolla][security] pycrypto vs cryptography

Jeremy Stanley fungi at yuggoth.org
Sun Nov 6 16:44:12 UTC 2016

On 2016-11-06 14:59:03 +0000 (+0000), Jeremy Stanley wrote:
> On 2016-11-06 08:05:51 +0000 (+0000), Steven Dake (stdake) wrote:
> > An orthogonal question I have received from one of our community
> > members (Pavo on irc) is whether pycrypto (or if we move to
> > cryptography) provide FIPS-140-2 compliance.
> My understanding is that if you need, for example, a FIPS-compliant
> AES implementation under the hood, then this is dependent more on
> what backend libraries you're using... e.g.,
> https://www.openssl.org/docs/fips.html
> https://www.openssl.org/docs/fipsvalidation.html

I should clarify, I was referring specifically to
pyca/cryptography's OpenSSL backend. In contrast the pycrypto
maintainers seem to have copied and forked a variety of algorithms
(some of which seem to be based NIST/FIPS reference implementations
for C or backports from bits of Py3K stdlib but have undergone
subsequent modification), so very likely have not been put through
any sort of direct compliance validation:
et cetera...
Jeremy Stanley

More information about the OpenStack-dev mailing list