Reviewed: https://review.openstack.org/59685 Committed: https://git.openstack.org/cgit/openstack/heat/commit/?id=e313efce5160ec48b0d7b292dbfea4b2311ebcd3 Submitter: Jenkins Branch: master commit e313efce5160ec48b0d7b292dbfea4b2311ebcd3 Author: Angus Salkeld <angus.salkeld at rackspace.com> Date: Wed Jan 15 12:31:58 2014 +1000 Use oslo crypto Use olso crypto as the new encryption solution. Change-Id: I80b76dc5acef5362c49c437bdefdf88f08983fc4 Closes-bug: #1251647 ** Changed in: heat Status: In Progress => Fix Committed -- You received this bug notification because you are a member of OpenStack Security Group, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1251647 Title: Heat does home-grown symmetric crypto (AES-CFB) for no apparent reason Status in Orchestration API (Heat): Fix Committed Status in OpenStack Security Advisories: Invalid Bug description: In the following commit: https://github.com/openstack/heat/commit/58cd52624b50476ed5ed1c5c0ba7cb1b4d7ba66d ... a decision was introduced to encrypt authentication information using unauthenticated AES-CFB. There's a few things I don't like about that commit, but suffice to say that heat/engine/auth.py should probably not be a place where symmetric crypto decisions are made. I've been told that there's a new public API for symmetric encryption, SymmetricCrypto that lives in openstack/common/crypto/utils.py: https://github.com/openstack/oslo- incubator/blob/master/openstack/common/crypto/utils.py#L99 I think that also gets a few things wrong, but at the very least Heat should use a centralized thing for encrypting stuff. (I'd love to complain about and work on SymmetricCrypto too, but that's not this ticket :) To manage notifications about this bug go to: https://bugs.launchpad.net/heat/+bug/1251647/+subscriptions