Feature or enhancement

Proposal:

When OpenSSL is not available, or is not in FIPS mode:

• no change of behaviour

When OpenSSL is available and is in FIPS mode:

• ensure that only OpenSSL implementations are used when usedforsecurity=True
• ensure that all built-in (fallback) implementations require usedforsecurity=False

This addresses all needs of FIPS users that expect approved only cryptography from hashlib by default.
It satisfies Python guarantees of always available algorithms, as built-in fallbacks remain accessible with an explicit consent from the user that unapproved (an FIPS/ISO term) implementation is acceptable to the user.

In FIPS mode it means that all users can gain access to blake2/shake/md5, even when these algorithms are either blocked or unavailable from the runtime OpenSSL in FIPS mode. As long as usedforsecurity=False is used.

This also removes need to recompile or configure python somehow different for a non-fips & fips build, specifically one can safely compile python with all with-builtin-hashlib-hashes enabled.

Diagrams and full details of the current state of hashlib; and FIPS user desires are documented in this issue is opened as a reference for potential implementations to resolve all needs and desires listed there.

This issue will be used as a reference for potential implementations.

Has this already been discussed elsewhere?

I have already discussed this feature proposal on Discourse

Links to previous discussion of this feature:

Discuss:

• https://discuss.python.org/t/python-and-openssl-fips-mode/51389/12

(note there are some off-topic messages there)

Linked PRs

• gh-127298: When in FIPS mode ensure builtin hashes check for usedforsecurity=False #127301
• gh-127298: Refactor test_hashlib for better usedforsecurity & openssl fips mode env support. #127492