Closed dwoz closed 1 week ago
Also, at some point you'll want to at least add the test:full
label, although, a faster iteration at first is wise to start tackling the failures sooner.
Also, at some point you'll want to at least add the
test:full
label, although, a faster iteration at first is wise to start tackling the failures sooner.
Thanks, it's probably not worth reviewing stuff like this while it's still WIP.
What does this PR do?
Prevent the use of non-fips approved algorithms when fips is enabled.
salt/crypt.py
to cryptography which validates the use of FIPS algorithmsWhat issues does this PR fix or reference?
Fixes: #66579
Previous Behavior
Crypto libraries PyCrypto, PyCryptodome, and M2Crypto would not properly enforce FIPS complaint algorithms are used. There was no way to use FIPS compliant aglorithms.
New Behavior
Python cryptography properly enforces only FIPS compliant libraries are used when the FIPS provder is enabled. Salt masters and minions are able to be configured to use FIPS compliant libraries.
Merge requirements satisfied?
[NOTICE] Bug fixes or features added to Salt require tests.