-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk9x3I8ACgkQrlYvE4MpobOFAgCfUN3TWe84TbsqtOJ+Zn2C8lcV
pN8AoK9ihiGm7SNa7AXT26lVHlX1MpJR
=OzI3
-----END PGP SIGNATURE-----
>From 9a3faf12297b5ce52e6ae3932253f40e3be6221a Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Tue, 31 Jan 2012 17:12:52 -0500
Subject: [PATCH 40/73] sepolgen: do not use md5 when calculating hash
signatures
FIPS does not allow md5 as a valid algorithm. Although we don't really
care about cryptographic strength since the algorithm isn't allowed to
be used at all use something strong, like sha256.
Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
sepolgen/src/sepolgen/yacc.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sepolgen/src/sepolgen/yacc.py b/sepolgen/src/sepolgen/yacc.py
index 2f3c09d..bc4536d 100644
--- a/sepolgen/src/sepolgen/yacc.py
+++ b/sepolgen/src/sepolgen/yacc.py
@@ -506,7 +506,7 @@ def initialize_vars():
Errorfunc = None # User defined error handler
- Signature = hashlib.md5() # Digital signature of the grammar rules, precedence
+ Signature = hashlib.sha256() # Digital signature of the grammar rules, precedence
# and other information. Used to determined when a
# parsing table needs to be regenerated.
--
1.7.9.3
