diff options
| author | Fedora Python maintainers <python-devel@lists.fedoraproject.org> | 2020-07-15 13:36:24 (GMT) |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2020-09-29 13:59:05 (GMT) |
| commit | a152631688d0889ab1f857e3c4cdfa7357c7f28c (patch) | |
| tree | c9082af3718a93e910f78517620d3389e323b09a /Objects/obmalloc.c | |
| parent | bd5d254f0f79f38e264b94da14dc4194014d69a2 (diff) | |
| download | cpython-a152631688d0889ab1f857e3c4cdfa7357c7f28c.zip cpython-a152631688d0889ab1f857e3c4cdfa7357c7f28c.tar.gz cpython-a152631688d0889ab1f857e3c4cdfa7357c7f28c.tar.bz2 | |
00146-hashlib-fips.patch
00146 #
Support OpenSSL FIPS mode (e.g. when OPENSSL_FORCE_FIPS_MODE=1 is set)
- handle failures from OpenSSL (e.g. on attempts to use MD5 in a
FIPS-enforcing environment)
- add a new "usedforsecurity" keyword argument to the various digest
algorithms in hashlib so that you can whitelist a callsite with
"usedforsecurity=False"
(sent upstream for python 3 as http://bugs.python.org/issue9216; this is a
backport to python 2.7; see RHEL6 patch 119)
- enforce usage of the _hashlib implementation: don't fall back to the _md5
and _sha* modules (leading to clearer error messages if fips selftests
fail)
- don't build the _md5 and _sha* modules; rely on the _hashlib implementation
of hashlib (for example, md5.py will use _hashlib's implementation of MD5,
if permitted by the FIPS setting)
(rhbz#563986)
Diffstat (limited to 'Objects/obmalloc.c')
0 files changed, 0 insertions, 0 deletions