Software to automate the management and configuration of any infrastructure or application at scale. Get access to the Salt software package repository here:
3006.x is supposed to fully support FIPS environments. It was discovered that non of our current crypto libraries (pycrypto, pycryptodome, or m2crypto) are fully capable of FIPS compliant for encryption, signing, and key serialization.
The work has been started to migrate to python cryptography for our main crypto library and cryptography is capable of running (and validating) the algorithms used in a FIPS environment. It's time to pull the plug on those older libraries.
Make salt.crypt related bits use python cryptogrpahy.
Add an option to specify a FIPS compliant algorithm where needed.
Verify our test suite is properly validating FIPS compliance.
Description
3006.x is supposed to fully support FIPS environments. It was discovered that non of our current crypto libraries (pycrypto, pycryptodome, or m2crypto) are fully capable of FIPS compliant for encryption, signing, and key serialization.
The work has been started to migrate to python cryptography for our main crypto library and cryptography is capable of running (and validating) the algorithms used in a FIPS environment. It's time to pull the plug on those older libraries.
salt.crypt
related bits use python cryptogrpahy.