Skip to content

bpo-9216: [WIP] Support OpenSSL FIPS mode.#5548

Closed
stratakis wants to merge 1 commit intopython:masterfrom
stratakis:usedforsecurity
Closed

bpo-9216: [WIP] Support OpenSSL FIPS mode.#5548
stratakis wants to merge 1 commit intopython:masterfrom
stratakis:usedforsecurity

Conversation

@stratakis
Copy link
Contributor

@stratakis stratakis commented Feb 5, 2018
edited by bedevere-bot
Loading

Add a usedforsecurity keyword argument to the various
digest algorithms in hashlib, which whitelists digest algorithms
that while forbidden in a FIPS environment, are not utilized
for security.

Based on Dave Malcolm's patch from https://bugs.python.org/issue9216.

https://bugs.python.org/issue9216

@stratakis
Support OpenSSL FIPS mode.
849655d 
Add a usedforsecurity keyword argument to the various
digest algorithms in hashlib, which whitelists digest algorithms
that while forbidden in a FIPS environment, are not utilized
for security.
@tiran tiran self-requested a review February 5, 2018 10:53
@stratakis
Copy link
Contributor Author

stratakis commented Jul 14, 2019

After a discussion with @tiran we decided to not move forward with that, as allowing applications to workaround the usage of unsafe algorithms within a FIPS environment, is a potential violation of the FIPS standard. Hence closing this.

@stratakis stratakis closed this Jul 14, 2019
@stratakis stratakis deleted the usedforsecurity branch July 14, 2019 10:11
@davidmalcolm davidmalcolm mentioned this pull request Apr 25, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tiran tiran Awaiting requested review from tiran

Assignees

No one assigned

Labels

awaiting review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@stratakis @the-knights-who-say-ni @bedevere-bot