mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-04 08:59:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode (#109423)

Browse source 
Use a longer key: FIPS mode requires at least of at least 112 bits.
The previous key was only 32 bits.
This commit is contained in:
Victor Stinner 2023-09-14 23:24:11 +02:00 committed by GitHub
parent d7dc3d9455
commit e091b9f20f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

10
Lib/test/test_socket.py
View file

@ -6474,12 +6474,16 @@ class LinuxKernelCryptoAPI(unittest.TestCase):
self.assertEqual(op.recv(512), expected)
def test_hmac_sha1(self):
expected = bytes.fromhex("effcdf6ae5eb2fa2d27416d5f184df9c259a7c79")
# gh-109396: In FIPS mode, Linux 6.5 requires a key
# of at least 112 bits. Use a key of 152 bits.
key = b"Python loves AF_ALG"
data = b"what do ya want for nothing?"
expected = bytes.fromhex("193dbb43c6297b47ea6277ec0ce67119a3f3aa66")
with self.create_alg('hash', 'hmac(sha1)') as algo:
algo.setsockopt(socket.SOL_ALG, socket.ALG_SET_KEY, b"Jefe")
algo.setsockopt(socket.SOL_ALG, socket.ALG_SET_KEY, key)
op, _ = algo.accept()
with op:
op.sendall(b"what do ya want for nothing?")
op.sendall(data)
self.assertEqual(op.recv(512), expected)
# Although it should work with 3.19 and newer the test blocks on