rpm/crypto-policies
SHA256
1
0
Fork 0
forked from pool/crypto-policies
Code Pull Requests Activity
crypto-policies/crypto-policies-FIPS.patch
Pedro Monreal Gonzalez 64434f6b7a Accepting request 921336 from home:pmonrealgonzalez:branches:security:tls 
- Remove the scripts and documentation regarding
  fips-finish-install and test-fips-setup
  * Add crypto-policies-FIPS.patch

- Update to version 20210917.c9d86d1:
  * openssl: fix disabling ChaCha20
  * pacify pylint 2.11: use format strings
  * pacify pylint 2.11: specify explicit encoding
  * fix minor things found by new pylint
  * update-crypto-policies: --check against regenerated
  * update-crypto-policies: fix --check's walking order
  * policygenerators/gnutls: revert disabling DTLS0.9...
  * policygenerators/java: add javasystem backend
  * LEGACY: bump 1023 key size to 1024
  * cryptopolicies: fix 'and' in deprecation warnings
  * *ssh: condition ecdh-sha2-nistp384 on SECP384R1
  * nss: hopefully the last fix for nss sigalgs check
  * cryptopolicies: Python 3.10 compatibility
  * nss: postponing check + testing at least something
  * Rename 'policy modules' to 'subpolicies'
  * validation.rules: fix a missing word in error
  * cryptopolicies: raise errors right after warnings
  * update-crypto-policies: capitalize warnings
  * cryptopolicies: syntax-precheck scope errors
  * .gitlab-ci.yml, Makefile: enable codespell
  * all: fix several typos
  * docs: don't leave zero TLS/DTLS protocols on
  * openssl: separate TLS/DTLS MinProtocol/MaxProtocol
  * alg_lists: order protocols new-to-old for consistency
  * alg_lists: max_{d,}tls_version

OBS-URL: https://build.opensuse.org/request/show/921336
OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=14
2021-09-27 08:09:29 +00:00

73 lines
2.8 KiB
Diff
Raw Blame History

Index: fedora-crypto-policies/Makefile
===================================================================
--- fedora-crypto-policies.orig/Makefile
+++ fedora-crypto-policies/Makefile
@@ -5,8 +5,8 @@ MANDIR?=/usr/share/man
CONFDIR?=/etc/crypto-policies
DESTDIR?=
MAN7PAGES=crypto-policies.7
-MAN8PAGES=update-crypto-policies.8 fips-finish-install.8 fips-mode-setup.8
-SCRIPTS=update-crypto-policies fips-finish-install fips-mode-setup
+MAN8PAGES=update-crypto-policies.8 fips-finish-install.8
+SCRIPTS=update-crypto-policies fips-finish-install
NUM_PROCS = $$(getconf _NPROCESSORS_ONLN)
PYVERSION = -3
DIFFTOOL?=meld
Index: fedora-crypto-policies/crypto-policies.7.txt
===================================================================
--- fedora-crypto-policies.orig/crypto-policies.7.txt
+++ fedora-crypto-policies/crypto-policies.7.txt
@@ -144,9 +144,6 @@ PROVIDED POLICIES
*FIPS*::
A policy to aid conformance to the *FIPS 140-2* requirements.
- This policy is used internally by the *fips-mode-setup(8)* tool
- which can switch the system into the *FIPS 140-2* mode.
- This policy provides at least 112-bit security.
* MACs: all *HMAC* with *SHA1* or better
* Curves: all prime >= 256 bits
@@ -255,12 +252,6 @@ COMMANDS
back ends and allows the system administrator to change the active
cryptographic policy.
-*fips-mode-setup(8)*::
- This command allows the system administrator to enable, or disable the
- system FIPS mode and also apply the *FIPS* cryptographic policy
- which limits the allowed algorithms and protocols to these allowed by
- the FIPS 140-2 requirements.
-
NOTES
-----
@@ -427,7 +418,7 @@ FILES
SEE ALSO
--------
-update-crypto-policies(8), fips-mode-setup(8)
+update-crypto-policies(8)
AUTHOR
Index: fedora-crypto-policies/python/update-crypto-policies.py
===================================================================
--- fedora-crypto-policies.orig/python/update-crypto-policies.py
+++ fedora-crypto-policies/python/update-crypto-policies.py
@@ -344,16 +344,12 @@ def apply_policy(pconfig, profile=None,
eprint("Warning: Using 'update-crypto-policies --set FIPS' "
"is not sufficient for")
eprint(" FIPS compliance.")
- eprint(" Use 'fips-mode-setup --enable' "
- "command instead.")
elif fips_mode():
eprint("Warning: Using 'update-crypto-policies --set' "
"in FIPS mode will make the system")
eprint(" non-compliant with FIPS.")
eprint(" It can also break "
"the ssh access to the system.")
- eprint(" Use 'fips-mode-setup --disable' "
- "to disable the system FIPS mode.")
if base_dir == DEFAULT_BASE_DIR:
if not os.geteuid() == 0:
View Git Blame Copy Permalink