[TECH DEBT] Cryptography APIs

[ycedres]

Description of the tech debt to be addressed, include links and screenshots

Looking into the cryptographic APIs that are used throughout the code base I noticed pycryptodomex is a hard dependency and M2Crypto is apparently not. The reason to bring this up is that, for example, in salt/crypt.py M2Crytpo is favoured over Cryptodome.

Also in modules like TLS pyOpenSSL is used instead of pyca/cryptography, as recommended by the Python Cryptographic Authority.

Would it make sense to use just one cryptography library to reduce maintenance cost? pyca/cryptography seems to have a more thriving community and more activity than M2Crypto.

[welcome]

Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
Please be sure to review our Code of Conduct. Also, check out some of our community resources including:

• Community Wiki
• Salt’s Contributor Guide
• Join our Community Slack
• IRC on LiberaChat
• Salt Project YouTube channel
• Salt Project Twitch channel

There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar.
If you have additional questions, email us at saltproject@vmware.com. We’re glad you’ve joined our community and look forward to doing awesome things with you!

[OrangeDog]

The tls and x509 modules also duplicate a lot of features, with the former using pyOpenSSL and the latter M2Crypto.

[mcepl]

As the upstream maintainer of M2Crypto, I would highly encourage this package be moved from it and more towards cryptography, which seems to be the standard cryptography package these days.