Replace Pycrypto with PycryptoDome

Proposers

• Guillermo Calviño (Canonical)
• Gulsum Atici (Canonical)
• Mark Beierl (Canonical)
• Patricia Reinoso (Canonical)

Description

OSM uses unmaintained Pycrypto module which is vulnerable to heap-based buffer overflow and allows remote attackers to execute arbitrary code in the Python application. CVE Details Besides, common module only provides synchronous encrypt/decrypt methods although some modules requires asynchronous methods.

This feature is proposing to replace PyCrypto module with PyCryptodome and writing the async encrypt/decrypt methods in common. Hence, all modules calls the required encrypt/decrypt methods from common module instead of implementing their own methods.

Steps

• 1 Replace PyCrypto module with PyCryptodome
• 2 Writing the async encrypt/decrypt methods in common

Demo or definition of done

• Create a new network service including NFs configured with charms
• NS status should be active

This work is considered done when all the implementations, tests and documentation is contributed to use PyCryptoDome.

Presentation

Implementation Plan