Message367195
I'm against exposing the function as hashlib.get_fips_mode() because it is an internal implementation detail. I don't want to confuse users or make users think that "if hashlib.get_fips_mode()" is sufficient for feature tests. For starters there are multiple levels and versions of the FIPS standard like FIPS-140-2 and FIPS-140-3.
Instead if doing a FIPS test, users and applications should perform a feature test and handle the error. The approach is future-proof and can also cover crypto policies restriction like minimum key sizes. |
|
Date |
User |
Action |
Args |
2020-04-24 14:47:47 | christian.heimes | set | recipients:
+ christian.heimes, gregory.p.smith, pitrou, vstinner, rbcollins, rpetrov, doughellmann, dmalcolm, dholth, jpokorny, bkabrda, lukecarrier, icordasc, cstratak, yolanda.robla, hroncok, cheryl.sabella, Andrew DiPrinzio, miss-islington |
2020-04-24 14:47:47 | christian.heimes | set | messageid: <1587739667.54.0.153608789129.issue9216@roundup.psfhosted.org> |
2020-04-24 14:47:47 | christian.heimes | link | issue9216 messages |
2020-04-24 14:47:47 | christian.heimes | create | |
|