mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-01 23:53:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

gh-95231: Disable md5 & crypt modules if FIPS is enabled (GH-94742)

Browse source 
If kernel fips is enabled, we get permission error upon doing
`import crypt`. So, if kernel fips is enabled, disable the
unallowed hashing methods.

Python 3.9.1 (default, May 10 2022, 11:36:26)
[GCC 10.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import crypt
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3.9/crypt.py", line 117, in <module>
    _add_method('MD5', '1', 8, 34)
  File "/usr/lib/python3.9/crypt.py", line 94, in _add_method
    result = crypt('', salt)
  File "/usr/lib/python3.9/crypt.py", line 82, in crypt
    return _crypt.crypt(word, salt)
PermissionError: [Errno 1] Operation not permitted

Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
(cherry picked from commit 2fa03b1b07)

Co-authored-by: Shreenidhi Shedi <53473811+sshedi@users.noreply.github.com>
This commit is contained in:
Miss Islington (bot) 2022-08-30 00:59:56 -07:00 committed by GitHub
parent 32a45011e7
commit 069fefdaf4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Lib/crypt.py
View file

@ -94,7 +94,7 @@ def _add_method(name, *args, rounds=None):
result = crypt('', salt)
except OSError as e:
# Not all libc libraries support all encryption methods.
if e.errno == errno.EINVAL:
if e.errno in {errno.EINVAL, errno.EPERM, errno.ENOSYS}:
return False
raise
if result and len(result) == method.total_size: