Message367194
Petr Viktorin and Christian Heimes convinced me that it's a bad idea to expose OpenSSL FIPS_mode() as a public hashlib.get_fips_mode() function. It is too specific to OpenSSL. For example, FIPS_mode() result is a number which is specific to OpenSSL. Other crypto libraries are likely to use different values.
Moreover, as I wrote in my previous message, other crypto libraries expose the FIPS mode differently. It may not just be a global FIPS mode.
Finally, there are different FIPS modes. For example, Gcrypt has an "Enforced FIPS" mode.
So I modified PR 19703 to only expose FIPS_mode() as a private _hashlib.get_fips_mode() function. Well, as done in RHEL in fact ;-) |
|
Date |
User |
Action |
Args |
2020-04-24 14:35:24 | vstinner | set | recipients:
+ vstinner, gregory.p.smith, pitrou, christian.heimes, rbcollins, rpetrov, doughellmann, dmalcolm, dholth, jpokorny, bkabrda, lukecarrier, icordasc, cstratak, yolanda.robla, hroncok, cheryl.sabella, Andrew DiPrinzio, miss-islington |
2020-04-24 14:35:24 | vstinner | set | messageid: <1587738924.14.0.857281379094.issue9216@roundup.psfhosted.org> |
2020-04-24 14:35:24 | vstinner | link | issue9216 messages |
2020-04-24 14:35:23 | vstinner | create | |
|