All commit authors signed the Contributor License Agreement.

Most changes to Pythonrequire a NEWS entry.

Please add it using theblurb_it web app or theblurb command-line tool.

Hi@vstinner,@erlend-aasland,@rhettinger
Please take a look at my code changes. Do I need to create a github issue for this? This is my first attempt to contribute to upstream python. Please help me out.

Hi@gvanrossum@benjaminp@birkenfeld@freddrake,

Please review this PR, need your inputs.

Please abstain from pinging random developers. Seehttps://www.python.org/dev/core-mentorship/ for getting help with your first contributions and in generalhttps://devguide.python.org/ for documentation of our process.

Hi,@sshedi; thanks for your interest in improving CPython! Please create an issue and explain why these changes are needed.

Also, for the future, please follow Georg Brandl's advice: start with the devguide; it contains a lot of important information for new contributors.

Thanks@erlend-aasland and@birkenfeld for your response.

I have created an issue here#95231
I will go through the development process, I checked the top contributors and tagged them here to get some insights on my PR.

I believe I have given sufficient info on the issue I'm facing.

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phraseI have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

Also, please add a NEWS entry using theblurb tool.

https://devguide.python.org/getting-started/pull-request-lifecycle/

@tiran Valid point. But how other python modules are detecting kernel fips status?
I made my changes using

Suggested code works but can we have something to know that we got EPERM because of fips?

Your proposed solution is solving the wrong problem, or at least a too narrow part of a general problem. It is trying to detect FIPS mode and then hard-codes which algorithms it thinks are disabled in FIPS mode. FIPS is an evolving standard. For example FIPS 140-3 blocks some algorithms are are allowed in FIPS 140-2. There are also more crypto policy standards than FIPS. FIPS is only relevant for the US government. It is irrelevant for the rest of the world and non-government software inside the US.

My solution is simpler and should fix your problem with less code. It is also not tight to FIPS and can handle other crypto policies that block algorithms.

I don't know why libcrypt on your system raises a permission error. I recommend that your contact your vendor and make an inquiry.

Thanks@tiran for the detailed explanation, I agree. I will make the suggested changes.

The EPERM error is coming from libcrypt and glibc is doing it.

https://github.com/bminor/glibc/blob/ca4d3ea5130d66e66c5af14e958e99341bf20689/crypt/crypt-entry.c#L89

      /* FIPS rules out MD5 password encryption.  */      if (fips_enabled_p ()){  __set_errno (EPERM);  return NULL;}

For the record; please do not force push PRs, as the GitHub UI do not play well with force-pushes. Please usegit merge --no-ff main instead.

@sshedi ☝🏻

Sorry@erlend-aasland , it has become a habit for me now.git push origin -f <my-branch-name>
Will give your suggestion a try.

I have made the requested changes; please review again.

@erlend-aasland - Sorry, I amended y changes addressing review comments so I have to force push to my branch.

Thanks for making the requested changes!

@tiran: please review the changes made to this pull request.

Thanks for making the requested changes!

@erlend-aasland,@tiran: please review the changes made to this pull request.

Updating branch to retrigger Azure Pipelines CI.

Thanks@sshedi for the PR 🌮🎉.. I'm working now to backport this PR to: 3.10, 3.11.
🐍🍒⛏🤖

Sorry@sshedi, I had trouble checking out the3.11 backport branch.
Please backport usingcherry_picker on command line.
cherry_picker 2fa03b1b0708d5d74630c351ec9abd2aac7550da 3.11

GH-95998 is a backport of this pull request to the3.10 branch.

Thanks@sshedi for the PR 🌮🎉.. I'm working now to backport this PR to: 3.11.
🐍🍒⛏🤖

GH-95999 is a backport of this pull request to the3.11 branch.

Hi everyone, any chance of backport it to 3.9 too??

Hi everyone, any chance of backport it to 3.9 too??

That's somehow a new feature, and 3.9 only accept security fixes:https://devguide.python.org/versions/