Fix the hashlib-fips patch to work flawlessly once again
This commit is contained in:
parent
aa3d055181
commit
8fffc96443
@ -109,12 +109,16 @@
|
|||||||
del __always_supported, __func_name, __get_hash
|
del __always_supported, __func_name, __get_hash
|
||||||
del __py_new, __hash_new, __get_openssl_constructor
|
del __py_new, __hash_new, __get_openssl_constructor
|
||||||
+del __ignore_usedforsecurity
|
+del __ignore_usedforsecurity
|
||||||
--- Python-3.4.0b1/Lib/test/test_hashlib.py.hashlib-fips 2013-11-24 21:36:55.000000000 +0100
|
--- Python-3.4.0b1/Lib/test/test_hashlib.py 2013-11-27 11:55:42.769601363 +0100
|
||||||
+++ Python-3.4.0b1/Lib/test/test_hashlib.py 2013-11-27 11:55:42.769601363 +0100
|
+++ Python-3.4.0b1/Lib/test/test_hashlib.py 2013-11-28 09:33:03.929008508 +0100
|
||||||
@@ -26,6 +26,20 @@
|
@@ -24,7 +24,22 @@
|
||||||
c_hashlib = import_fresh_module('hashlib', fresh=['_hashlib'])
|
COMPILED_WITH_PYDEBUG = hasattr(sys, 'gettotalrefcount')
|
||||||
py_hashlib = import_fresh_module('hashlib', blocked=['_hashlib'])
|
|
||||||
|
|
||||||
|
c_hashlib = import_fresh_module('hashlib', fresh=['_hashlib'])
|
||||||
|
-py_hashlib = import_fresh_module('hashlib', blocked=['_hashlib'])
|
||||||
|
+# skipped on Fedora, since we always use OpenSSL implementation
|
||||||
|
+# py_hashlib = import_fresh_module('hashlib', blocked=['_hashlib'])
|
||||||
|
+
|
||||||
+def openssl_enforces_fips():
|
+def openssl_enforces_fips():
|
||||||
+ # Use the "openssl" command (if present) to try to determine if the local
|
+ # Use the "openssl" command (if present) to try to determine if the local
|
||||||
+ # OpenSSL is configured to enforce FIPS
|
+ # OpenSSL is configured to enforce FIPS
|
||||||
@ -128,11 +132,10 @@
|
|||||||
+ stdout, stderr = p.communicate(input=b'abc')
|
+ stdout, stderr = p.communicate(input=b'abc')
|
||||||
+ return b'unknown cipher' in stderr
|
+ return b'unknown cipher' in stderr
|
||||||
+OPENSSL_ENFORCES_FIPS = openssl_enforces_fips()
|
+OPENSSL_ENFORCES_FIPS = openssl_enforces_fips()
|
||||||
+
|
|
||||||
def hexstr(s):
|
def hexstr(s):
|
||||||
assert isinstance(s, bytes), repr(s)
|
assert isinstance(s, bytes), repr(s)
|
||||||
h = "0123456789abcdef"
|
@@ -34,6 +49,16 @@
|
||||||
@@ -34,6 +48,16 @@
|
|
||||||
r += h[(i >> 4) & 0xF] + h[i & 0xF]
|
r += h[(i >> 4) & 0xF] + h[i & 0xF]
|
||||||
return r
|
return r
|
||||||
|
|
||||||
@ -149,7 +152,7 @@
|
|||||||
|
|
||||||
class HashLibTestCase(unittest.TestCase):
|
class HashLibTestCase(unittest.TestCase):
|
||||||
supported_hash_names = ( 'md5', 'MD5', 'sha1', 'SHA1',
|
supported_hash_names = ( 'md5', 'MD5', 'sha1', 'SHA1',
|
||||||
@@ -66,11 +90,11 @@
|
@@ -66,11 +91,11 @@
|
||||||
# For each algorithm, test the direct constructor and the use
|
# For each algorithm, test the direct constructor and the use
|
||||||
# of hashlib.new given the algorithm name.
|
# of hashlib.new given the algorithm name.
|
||||||
for algorithm, constructors in self.constructors_to_test.items():
|
for algorithm, constructors in self.constructors_to_test.items():
|
||||||
@ -164,7 +167,7 @@
|
|||||||
constructors.add(_test_algorithm_via_hashlib_new)
|
constructors.add(_test_algorithm_via_hashlib_new)
|
||||||
|
|
||||||
_hashlib = self._conditional_import_module('_hashlib')
|
_hashlib = self._conditional_import_module('_hashlib')
|
||||||
@@ -82,27 +106,13 @@
|
@@ -82,26 +107,13 @@
|
||||||
for algorithm, constructors in self.constructors_to_test.items():
|
for algorithm, constructors in self.constructors_to_test.items():
|
||||||
constructor = getattr(_hashlib, 'openssl_'+algorithm, None)
|
constructor = getattr(_hashlib, 'openssl_'+algorithm, None)
|
||||||
if constructor:
|
if constructor:
|
||||||
@ -189,12 +192,21 @@
|
|||||||
- if _sha512:
|
- if _sha512:
|
||||||
- add_builtin_constructor('sha384')
|
- add_builtin_constructor('sha384')
|
||||||
- add_builtin_constructor('sha512')
|
- add_builtin_constructor('sha512')
|
||||||
- _sha3 = self._conditional_import_module('_sha3')
|
|
||||||
+ # TODO: remove this after sha3 is available through OpenSSL
|
+ # TODO: remove this after sha3 is available through OpenSSL
|
||||||
|
_sha3 = self._conditional_import_module('_sha3')
|
||||||
if _sha3:
|
if _sha3:
|
||||||
add_builtin_constructor('sha3_224')
|
add_builtin_constructor('sha3_224')
|
||||||
add_builtin_constructor('sha3_256')
|
@@ -157,9 +169,6 @@
|
||||||
@@ -558,6 +568,65 @@
|
else:
|
||||||
|
del sys.modules['_md5']
|
||||||
|
self.assertRaises(TypeError, get_builtin_constructor, 3)
|
||||||
|
- constructor = get_builtin_constructor('md5')
|
||||||
|
- self.assertIs(constructor, _md5.md5)
|
||||||
|
- self.assertEqual(sorted(builtin_constructor_cache), ['MD5', 'md5'])
|
||||||
|
|
||||||
|
def test_hexdigest(self):
|
||||||
|
for cons in self.hash_constructors:
|
||||||
|
@@ -558,6 +567,65 @@
|
||||||
|
|
||||||
self.assertEqual(expected_hash, hasher.hexdigest())
|
self.assertEqual(expected_hash, hasher.hexdigest())
|
||||||
|
|
||||||
@ -260,7 +272,7 @@
|
|||||||
|
|
||||||
class KDFTests(unittest.TestCase):
|
class KDFTests(unittest.TestCase):
|
||||||
|
|
||||||
@@ -639,6 +708,7 @@
|
@@ -639,6 +707,7 @@
|
||||||
with self.assertRaisesRegex(ValueError, 'unsupported hash type'):
|
with self.assertRaisesRegex(ValueError, 'unsupported hash type'):
|
||||||
pbkdf2('unknown', b'pass', b'salt', 1)
|
pbkdf2('unknown', b'pass', b'salt', 1)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user