[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 40/73] sepolgen: do not use md5 when calculating hash

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


   This patch looks good to me. acked.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9x3I8ACgkQrlYvE4MpobOFAgCfUN3TWe84TbsqtOJ+Zn2C8lcV
pN8AoK9ihiGm7SNa7AXT26lVHlX1MpJR
=OzI3
-----END PGP SIGNATURE-----

>From 9a3faf12297b5ce52e6ae3932253f40e3be6221a Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Tue, 31 Jan 2012 17:12:52 -0500
Subject: [PATCH 40/73] sepolgen: do not use md5 when calculating hash
 signatures

FIPS does not allow md5 as a valid algorithm.  Although we don't really
care about cryptographic strength since the algorithm isn't allowed to
be used at all use something strong, like sha256.

Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
 sepolgen/src/sepolgen/yacc.py |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sepolgen/src/sepolgen/yacc.py b/sepolgen/src/sepolgen/yacc.py
index 2f3c09d..bc4536d 100644
--- a/sepolgen/src/sepolgen/yacc.py
+++ b/sepolgen/src/sepolgen/yacc.py
@@ -506,7 +506,7 @@ def initialize_vars():
 
     Errorfunc    = None    # User defined error handler
 
-    Signature    = hashlib.md5()   # Digital signature of the grammar rules, precedence
+    Signature    = hashlib.sha256()   # Digital signature of the grammar rules, precedence
                                # and other information.  Used to determined when a
                                # parsing table needs to be regenerated.
 
-- 
1.7.9.3

[Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Powered by Linux