Bug 619878
Summary: | Remove python-crypto's crypto implementations, rewriting in terms of libgcrypt | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Dave Malcolm <dmalcolm> |
Component: | python-crypto | Assignee: | Dave Malcolm <dmalcolm> |
Status: | CLOSED WONTFIX | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 6.0 | CC: | ddumas, jdennis, jrieden, mitr, rousseau, sgrubb, tmraz |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-01-26 21:25:08 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Dave Malcolm
2010-07-30 18:46:16 UTC
The certification of the python-crypto is probably not possible with the new revision of the FIPS-140 standard. But do we really need to have the python-crypto certified? If the only users of python-crypto are limited to some marginal functionality it could be probably kept out of the certified subset. As for the rewrite using some certified library - that's probably the only option if it is decided that we have to have all crypto certified. In that case it should be rewritten using the libncrypto which is a wrapper library for the kernel crypto algorithms. I'll try to reply on other parts later, but (In reply to comment #22) > In that case > it should be rewritten using the libncrypto which is a wrapper library for the > kernel crypto algorithms. I don't think libncrypto should be used by "ordinary" applications - we want to consolidate the libraries used by applications, not fragment them more. Upstreams will probably not want to use a Linux-specific library anyway. Development Management has reviewed and declined this request. You may appeal this decision by reopening this request. See also bug 675708 |