Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

gh-118224: Load default OpenSSL provider for nonsecurity algorithms#118236

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Closed
xnox wants to merge2 commits intopython:mainfromxnox:fix-nodefault-md5

Conversation

xnox
Copy link

@xnoxxnox commentedApr 24, 2024
edited
Loading

When OpenSSL is configured to only load "base+fips" providers into the Null library context, md5 might not be available at all. In such cases currently CPython fallsback to internal hashlib implementation is there is one - as there might not be if one compiles python with --with-builtin-hashlib-hashes=blake2. With this change "default" provider is attempted to be loaded to access nonsecurity hashes.

It is FedRAMP/FIPS compliance by-pass. This issue may allow using md5 without specifying "usedforsecurity=False" on systems otherwise configured to be in FIPS-mode only. And is the primary reason why documentation mentions that certain distributions of python remove md5 module altogether.

…thmsWhen OpenSSL is configured to only load "base+fips" providers into theNull library context, md5 might not be available at all. In such casescurrently CPython fallsback to internal hashlib implementation isthere is one - as there might not be if one compiles python with--with-builtin-hashlib-hashes=blake2. With this change "default"provider is attempted to be loaded to access nonsecurity hashes.
@ghost
Copy link

ghost commentedApr 24, 2024
edited by ghost
Loading

All commit authors signed the Contributor License Agreement.
CLA signed

@bedevere-app
Copy link

Most changes to Pythonrequire a NEWS entry. Add one using theblurb_it web app or theblurb command-line tool.

If this change has little impact on Python users, wait for a maintainer to apply theskip news label instead.

@bedevere-app
Copy link

GH-118238 is a backport of this pull request to the3.12 branch.

@bedevere-app
Copy link

GH-118239 is a backport of this pull request to the3.11 branch.

@bedevere-app
Copy link

GH-118240 is a backport of this pull request to the3.10 branch.

@bedevere-app
Copy link

GH-118264 is a backport of this pull request to the3.9 branch.

@nineteendo
Copy link
Contributor

Could you also configure pre-commit?https://devguide.python.org/getting-started/setup-building/#install-pre-commit

xnox reacted with thumbs up emoji

@xnox
Copy link
Author

xnox commentedMay 7, 2024

Could you also configure pre-commit?https://devguide.python.org/getting-started/setup-building/#install-pre-commit

@nineteendo is there something in particular that you have noticed that pre-commit should have caught?

I have now setup pre-commit, redid the commits and the checks executed and resulted in exactly the same commit, without any diff / warnings / comments.

Is my .c code style incorrect and pre-commit not catching it?

@nineteendo
Copy link
Contributor

This workflow failed:https://github.com/python/cpython/actions/runs/8823736225/job/24224829127#step:4:142
But I can't find the commit where it failed. Do you remember replacing the backticks?

@xnox
Copy link
Author

xnox commentedMay 7, 2024
edited
Loading

This workflow failed:https://github.com/python/cpython/actions/runs/8823736225/job/24224829127#step:4:142 But I can't find the commit where it failed. Do you remember replacing the backticks?

yes, after the initial blurb-it there was comment about single ticks; which i replaced with double backticks and rewrote all commits in all branches/backports.

Is double-backticks appropriate formatting for the NEWS entry as currently seen onhttps://github.com/python/cpython/pull/118236/files ?

ps. maybe the blurb-it service needs pre-commit checking / checks for single backticks.

nineteendo reacted with thumbs up emoji

@xnox
Copy link
Author

xnox commentedMay 7, 2024

note, the up to date re-runs of actions are all passing on this pull request.

@nineteendo
Copy link
Contributor

and rewrote all commits in all branches/backports.

Did you do a rebase or delete the old branch? Because I can't find that commit.

Is double-backticks appropriate formatting

Looks like it, '``--[^\`]+``' is used 294 times, and '``--[^\`]+=[^\`]+``' 25 times.

maybe the blurb-it service needs pre-commit checking / checks for single backticks.

Yeah, I was thinking that too.

@xnox
Copy link
Author

xnox commentedMay 7, 2024

and rewrote all commits in all branches/backports.

Did you do a rebase or delete the old branch? Because I can't find that commit.

rebase, all commits are documented in this PR. If you use web-ui or extensive API, you can see these mentions:

@xnox xnoxforce-pushed the fix-nodefault-md5 branch from7a5adffto092ab97
2 weeks ago

@xnoxforce-pushed the fix-nodefault-md5 branch from092ab97toa47a53f
2 weeks ago

You can click on those commits to still see them dangling and not part of any branch or pull request.

7a5adff was the blurb-it service generated entry.

a47a53f is the current state of this pull request, which was fixed-up with double backticks.

nineteendo reacted with thumbs up emoji

@xnox
Copy link
Author

@xnoxxnox closed thisNov 26, 2024
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

2 participants
@xnox@nineteendo
[8]ページ先頭
©2009-2025 Movatter.jp