Skip to content

Commit

Permalink
[3.12] gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode (GH-1…
Browse files Browse the repository at this point in the history
…09423) (#109426)

gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode (GH-109423)

Use a longer key: FIPS mode requires at least of at least 112 bits.
The previous key was only 32 bits.
(cherry picked from commit e091b9f)

Co-authored-by: Victor Stinner <vstinner@python.org>
  • Loading branch information
miss-islington and vstinner authored Sep 14, 2023
1 parent 3bb8075 commit 52a9c57
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 3 deletions.
10 changes: 7 additions & 3 deletions Lib/test/test_socket.py
Original file line number Diff line number Diff line change
Expand Up @@ -6474,12 +6474,16 @@ def test_sha256(self):
self.assertEqual(op.recv(512), expected)

def test_hmac_sha1(self):
expected = bytes.fromhex("effcdf6ae5eb2fa2d27416d5f184df9c259a7c79")
# gh-109396: In FIPS mode, Linux 6.5 requires a key
# of at least 112 bits. Use a key of 152 bits.
key = b"Python loves AF_ALG"
data = b"what do ya want for nothing?"
expected = bytes.fromhex("193dbb43c6297b47ea6277ec0ce67119a3f3aa66")
with self.create_alg('hash', 'hmac(sha1)') as algo:
algo.setsockopt(socket.SOL_ALG, socket.ALG_SET_KEY, b"Jefe")
algo.setsockopt(socket.SOL_ALG, socket.ALG_SET_KEY, key)
op, _ = algo.accept()
with op:
op.sendall(b"what do ya want for nothing?")
op.sendall(data)
self.assertEqual(op.recv(512), expected)

# Although it should work with 3.19 and newer the test blocks on
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Fix ``test_socket.test_hmac_sha1()`` in FIPS mode. Use a longer key: FIPS
mode requires at least of at least 112 bits. The previous key was only 32
bits. Patch by Victor Stinner.

0 comments on commit 52a9c57

Please sign in to comment.