[issue9216] FIPS support for hashlib
Christian Heimes
report at bugs.python.org
Fri Apr 24 10:47:47 EDT 2020
Christian Heimes <lists at cheimes.de> added the comment:
I'm against exposing the function as hashlib.get_fips_mode() because it is an internal implementation detail. I don't want to confuse users or make users think that "if hashlib.get_fips_mode()" is sufficient for feature tests. For starters there are multiple levels and versions of the FIPS standard like FIPS-140-2 and FIPS-140-3.
Instead if doing a FIPS test, users and applications should perform a feature test and handle the error. The approach is future-proof and can also cover crypto policies restriction like minimum key sizes.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue9216>
_______________________________________
More information about the Python-bugs-list
mailing list