Skip to content

Poly1305 is available whenever AWS-LC is backing#14849

Merged
alex merged 1 commit into
pyca:mainfrom
crlorentzen:main
May 12, 2026
Merged

Poly1305 is available whenever AWS-LC is backing#14849
alex merged 1 commit into
pyca:mainfrom
crlorentzen:main

Conversation

@crlorentzen
Copy link
Copy Markdown
Contributor

@crlorentzen crlorentzen commented May 12, 2026

Poly1305 is always available when AWS-LC is the backend, regardless of FIPS mode. The Rust backend already handles this correctly - when compiled with CRYPTOGRAPHY_IS_AWSLC, the Poly1305Boring path is used which has no FIPS gate. However, the Python-side poly1305_supported() unconditionally returns False when FIPS is enabled, causing tests to be skipped and the algorithm to appear unsupported.

This aligns the Python backend method with the actual Rust/C behavior.

fix(backend): Report Poly1305 as supported when AWS-LC is backing
4443509 
AWS-LC supports Poly1305 in FIPS mode. The Rust backend already
handles this correctly — when compiled with CRYPTOGRAPHY_IS_AWSLC,
the Poly1305Boring path is used which has no FIPS gate. Align the
Python-side poly1305_supported() method with the actual behavior.
@alex alex merged commit 811ed68 into pyca:main May 12, 2026
63 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alex alex alex approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@crlorentzen @alex