Message 109122 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	pitrou
Recipients	dmalcolm, gps, pitrou
Date	2010-07-02.19:27:45
SpamBayes Score	0.08262748
Marked as misclassified	No
Message-id	<1278098867.15.0.229559953481.issue9146@psf.upfronthosting.co.za>
In-reply-to

Content
First, is it only with 2.7 or 2.6? Second, I don't really get the point of the FIPS mode. The PDF you linked to seems full of bureaucratic jargon. Third, I can't reproduce under Mandriva, but perhaps it's because it's using OpenSSL 1.0.0 (which the PDF says isn't supported). Fourth, if MD5 is insecure and FIPS disables insecure algorithm, then why should hashlib allow MD5 hashing when FIPS mode is enabled? Fifth, please take a look at the OpenSSL initialization routine in _sslmodule.c and try to transplant it to the hashlib initialization routine: /* Init OpenSSL */ SSL_load_error_strings(); SSL_library_init(); OpenSSL_add_all_algorithms();

First, is it only with 2.7 or 2.6?
Second, I don't really get the point of the FIPS mode. The PDF you linked to seems full of bureaucratic jargon.
Third, I can't reproduce under Mandriva, but perhaps it's because it's using OpenSSL 1.0.0 (which the PDF says isn't supported).
Fourth, if MD5 is insecure and FIPS disables insecure algorithm, then why should hashlib allow MD5 hashing when FIPS mode is enabled?
Fifth, please take a look at the OpenSSL initialization routine in _sslmodule.c and try to transplant it to the hashlib initialization routine:

    /* Init OpenSSL */
    SSL_load_error_strings();
    SSL_library_init();
    OpenSSL_add_all_algorithms();

History
Date	User	Action	Args
2010-07-02 19:27:47	pitrou	set	recipients: + pitrou, gps, dmalcolm
2010-07-02 19:27:47	pitrou	set	messageid: <1278098867.15.0.229559953481.issue9146@psf.upfronthosting.co.za>
2010-07-02 19:27:45	pitrou	link	issue9146 messages
2010-07-02 19:27:45	pitrou	create