[issue9216] FIPS support for hashlib
Dave Malcolm
report at bugs.python.org
Fri Sep 16 21:57:49 CEST 2011
Dave Malcolm <dmalcolm at redhat.com> added the comment:
The cumulative effect of the above patches (to _hashlib) are equivalent to what I've applied downstream to python 2 in RHEL 6.0 and Fedora 17 onwards, and python 3 in Fedora 17 onwards.
In those environments I've additionally patched hashlib to only use _hashlib, rather than falling back on _md5 etc, since otherwise you get confusing error messages from hashlib.md5() when it defers to _md5 due to FIPS enforcement. In my downstream builds we can be sure of building against OpenSSL, but this other part of the patch seems less appropriate for upstream python, given that upstream python tries to be flexible in terms of its dependencies.
Hope this makes sense.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue9216>
_______________________________________
More information about the Python-bugs-list
mailing list