Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fips: work on fips enforced systems - v1 #345

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

fips: work on fips enforced systems - v1 #345

wants to merge 5 commits into from

Conversation

jasonish
Copy link
Member

@jasonish jasonish commented Jul 8, 2024
edited
Loading

fix: set usedforsecurity=False for md5 operations

To work on machines with FIPS enfored, md5 can't be used for security,
and Python enforces this by default, but can be used with an extra
function argument.

Re-use md5_hexdigest as it wasn't be used so we can determine if this
function argument is available, as its only available on Python 3.9
and newer.

Bug: https://redmine.openinfosecfoundation.org/issues/4479

Plus some CI fixups.

@jasonish
fix: set usedforsecurity=False for md5 operations
933521b 
To work on machines with FIPS enfored, md5 can't be used for security,
and Python enforces this by default, but can be used with an extra
function argument.

Re-use md5_hexdigest as it wasn't be used so we can determine if this
function argument is available, as its only available on Python 3.9
and newer.

Bug: #4479
@jasonish
github-ci: remove centos 7 build (eol)
e002eda
@jasonish
github-ci: add fedora 40; remove fedora 38
5d97502
@jasonish
github-ci: add Ubuntu 24.04 build
31e6627
@jasonish
github-ci: fix MacOS test
61b278b
@jasonish jasonish requested a review from inashivb July 8, 2024 22:25
@jasonish
Copy link
Member Author

jasonish commented Jul 9, 2024

I tested on an AlmaLinux 9 system with a kernel command line of fips=1. With this option, Python functions like hashlib.md5 fail unless usedforsecurity=False is added.

inashivb
inashivb approved these changes Jul 10, 2024
View reviewed changes
Copy link
Member

@inashivb inashivb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Haven't tested but the code looks good. 🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@inashivb inashivb inashivb approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jasonish @inashivb