search

saltstack / salt

Software to automate the management and configuration of any infrastructure or application at scale. Get access to the Salt software package repository here:
https://repo.saltproject.io/
Apache License 2.0
13.98k stars 5.47k forks source link

[3006.x] Enable fips supported algorithms #66589

Closed dwoz closed 1 week ago

dwoz commented 1 month ago

What does this PR do?

Prevent the use of non-fips approved algorithms when fips is enabled.

What issues does this PR fix or reference?

Fixes: #66579

Previous Behavior

Crypto libraries PyCrypto, PyCryptodome, and M2Crypto would not properly enforce FIPS complaint algorithms are used. There was no way to use FIPS compliant aglorithms.

New Behavior

Python cryptography properly enforces only FIPS compliant libraries are used when the FIPS provder is enabled. Salt masters and minions are able to be configured to use FIPS compliant libraries.

Merge requirements satisfied?

[NOTICE] Bug fixes or features added to Salt require tests.

s0undt3ch commented 1 month ago

Also, at some point you'll want to at least add the test:full label, although, a faster iteration at first is wise to start tackling the failures sooner.

dwoz commented 1 month ago

Also, at some point you'll want to at least add the test:full label, although, a faster iteration at first is wise to start tackling the failures sooner.

Thanks, it's probably not worth reviewing stuff like this while it's still WIP.