diff options
author | Christian Heimes <christian@python.org> | 2019-09-27 13:03:53 (GMT) |
---|---|---|
committer | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2019-09-27 13:03:53 (GMT) |
commit | 90558158093c0ad893102158fd3c2dd9f864e82e (patch) | |
tree | 75085b7aaef52d558894a0ec1bc4a31b6f4ef2a2 /Lib/test/test_hashlib.py | |
parent | 5faff977adbe089e1f91a5916ccb2160a22dd292 (diff) | |
download | cpython-90558158093c0ad893102158fd3c2dd9f864e82e.zip cpython-90558158093c0ad893102158fd3c2dd9f864e82e.tar.gz cpython-90558158093c0ad893102158fd3c2dd9f864e82e.tar.bz2 |
bpo-38270: More fixes for strict crypto policy (GH-16418)
test_hmac and test_hashlib test built-in hashing implementations and
OpenSSL-based hashing implementations. Add more checks to skip OpenSSL
implementations when a strict crypto policy is active.
Use EVP_DigestInit_ex() instead of EVP_DigestInit() to initialize the
EVP context. The EVP_DigestInit() function clears alls flags and breaks
usedforsecurity flag again.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue38270
Diffstat (limited to 'Lib/test/test_hashlib.py')
-rw-r--r-- | Lib/test/test_hashlib.py | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py index d55de02..0e30b2f 100644 --- a/Lib/test/test_hashlib.py +++ b/Lib/test/test_hashlib.py @@ -8,6 +8,7 @@ import array from binascii import unhexlify +import functools import hashlib import importlib import itertools @@ -18,6 +19,7 @@ import unittest import warnings from test import support from test.support import _4G, bigmemtest, import_fresh_module +from test.support import requires_hashdigest from http.client import HTTPException # Were we compiled --with-pydebug or with #define Py_DEBUG? @@ -119,6 +121,7 @@ class HashLibTestCase(unittest.TestCase): constructors.add(_test_algorithm_via_hashlib_new) _hashlib = self._conditional_import_module('_hashlib') + self._hashlib = _hashlib if _hashlib: # These two algorithms should always be present when this module # is compiled. If not, something was compiled wrong. @@ -127,7 +130,13 @@ class HashLibTestCase(unittest.TestCase): for algorithm, constructors in self.constructors_to_test.items(): constructor = getattr(_hashlib, 'openssl_'+algorithm, None) if constructor: - constructors.add(constructor) + try: + constructor() + except ValueError: + # default constructor blocked by crypto policy + pass + else: + constructors.add(constructor) def add_builtin_constructor(name): constructor = getattr(hashlib, "__get_builtin_constructor")(name) @@ -193,6 +202,9 @@ class HashLibTestCase(unittest.TestCase): cons(b'', usedforsecurity=False) hashlib.new("sha256", usedforsecurity=True) hashlib.new("sha256", usedforsecurity=False) + if self._hashlib is not None: + self._hashlib.new("md5", usedforsecurity=False) + self._hashlib.openssl_md5(usedforsecurity=False) def test_unknown_hash(self): self.assertRaises(ValueError, hashlib.new, 'spam spam spam spam spam') |