vaclavcadek · November 4, 2024 12:31
diff --git a/Dockerfile b/Dockerfile
 # Dockerfile
 FROM quay.io/centos/centos:stream9

 # Enable better debugging
 SHELL ["/bin/bash", "-x", "-c"]

 # Install Python and required packages
 RUN dnf update -y && \
    dnf install -y python3 python3-pip openssl openssl-devel gcc python3-devel \
    crypto-policies-scripts && \
    dnf clean all

 # Verify Python installation
 RUN python3 --version && \
    pip3 --version

 # Set crypto policies to FIPS
 RUN update-crypto-policies --set FIPS && \
    update-crypto-policies --show

 # Install Python packages
 RUN pip3 install --no-cache-dir cryptography pyOpenSSL

 # Copy your Python script to the container
 # Assume the script is named script.py and is in the same directory as this Dockerfile
 COPY fips_mode.py /app/fips_mode.py

 # Create a directory for our application
 WORKDIR /app

 # Make the script executable
 RUN chmod +x /app/fips_mode.py && \
    ls -la /app/fips_mode.py

 # Set environment variables for FIPS
 ENV OPENSSL_FORCE_FIPS_MODE=1
 ENV OPENSSL_FIPS=1

 # Run the Python script directly
 CMD ["python3", "/app/fips_mode.py"]
diff --git a/fips_mode.py b/fips_mode.py
 import hashlib

 print("Modules imported successfully")

 print("Starting FIPS check...")

 # Test basic operation
 message = b"Hello, FIPS!"

 print("\nTesting SHA-384 (should work):")
 hash_sha384 = hashlib.sha384(message).hexdigest()
 print(f"SHA-384 hash: {hash_sha384}")

 print("\nTesting MD5 (should fail in FIPS mode):")
 try:
    hash_md5 = hashlib.md5(message).hexdigest()
    print("Warning: MD5 succeeded - FIPS mode not enforced")
 except ValueError as e:
    print("Success: MD5 blocked - FIPS mode working")

 print("\nScript completed")
	# Dockerfile
	FROM quay.io/centos/centos:stream9

	# Enable better debugging
	SHELL ["/bin/bash", "-x", "-c"]

	# Install Python and required packages
	RUN dnf update -y && \
	dnf install -y python3 python3-pip openssl openssl-devel gcc python3-devel \
	crypto-policies-scripts && \
	dnf clean all

	# Verify Python installation
	RUN python3 --version && \
	pip3 --version

	# Set crypto policies to FIPS
	RUN update-crypto-policies --set FIPS && \
	update-crypto-policies --show

	# Install Python packages
	RUN pip3 install --no-cache-dir cryptography pyOpenSSL

	# Copy your Python script to the container
	# Assume the script is named script.py and is in the same directory as this Dockerfile
	COPY fips_mode.py /app/fips_mode.py

	# Create a directory for our application
	WORKDIR /app

	# Make the script executable
	RUN chmod +x /app/fips_mode.py && \
	ls -la /app/fips_mode.py

	# Set environment variables for FIPS
	ENV OPENSSL_FORCE_FIPS_MODE=1
	ENV OPENSSL_FIPS=1

	# Run the Python script directly
	CMD ["python3", "/app/fips_mode.py"]
	import hashlib

	print("Modules imported successfully")

	print("Starting FIPS check...")

	# Test basic operation
	message = b"Hello, FIPS!"

	print("\nTesting SHA-384 (should work):")
	hash_sha384 = hashlib.sha384(message).hexdigest()
	print(f"SHA-384 hash: {hash_sha384}")

	print("\nTesting MD5 (should fail in FIPS mode):")
	try:
	hash_md5 = hashlib.md5(message).hexdigest()
	print("Warning: MD5 succeeded - FIPS mode not enforced")
	except ValueError as e:
	print("Success: MD5 blocked - FIPS mode working")

	print("\nScript completed")