Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fips: work on fips enforced systems - v1 #345

Closed
wants to merge 5 commits into from

Conversation

jasonish
Copy link
Member

@jasonish jasonish commented Jul 8, 2024

fix: set usedforsecurity=False for md5 operations

To work on machines with FIPS enfored, md5 can't be used for security,
and Python enforces this by default, but can be used with an extra
function argument.

Re-use md5_hexdigest as it wasn't be used so we can determine if this
function argument is available, as its only available on Python 3.9
and newer.

Bug: https://redmine.openinfosecfoundation.org/issues/4479

Plus some CI fixups.

jasonish added 5 commits July 8, 2024 16:05
To work on machines with FIPS enfored, md5 can't be used for security,
and Python enforces this by default, but can be used with an extra
function argument.

Re-use md5_hexdigest as it wasn't be used so we can determine if this
function argument is available, as its only available on Python 3.9
and newer.

Bug: #4479
@jasonish jasonish requested a review from inashivb July 8, 2024 22:25
@jasonish
Copy link
Member Author

jasonish commented Jul 9, 2024

I tested on an AlmaLinux 9 system with a kernel command line of fips=1. With this option, Python functions like hashlib.md5 fail unless usedforsecurity=False is added.

Copy link
Member

@inashivb inashivb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Haven't tested but the code looks good. 🚀

@jasonish
Copy link
Member Author

jasonish commented Dec 2, 2024

Merged.

@victorjulien
Copy link
Member

@jasonish can this be closed?

@jasonish jasonish closed this Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

3 participants