Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython3 / 90558158093c0ad893102158fd3c2dd9f864e82e^! / . / Lib / test / test_hashlib.py
commit90558158093c0ad893102158fd3c2dd9f864e82e[log] [tgz]
authorChristian Heimes <christian@python.org>Fri Sep 27 15:03:53 2019 +0200
committerMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>Fri Sep 27 06:03:53 2019 -0700
tree75085b7aaef52d558894a0ec1bc4a31b6f4ef2a2
parent5faff977adbe089e1f91a5916ccb2160a22dd292 [diff] [blame]
bpo-38270: More fixes for strict crypto policy (GH-16418)



test_hmac and test_hashlib test built-in hashing implementations and
OpenSSL-based hashing implementations. Add more checks to skip OpenSSL
implementations when a strict crypto policy is active.

Use EVP_DigestInit_ex() instead of EVP_DigestInit() to initialize the
EVP context. The EVP_DigestInit() function clears alls flags and breaks
usedforsecurity flag again.

Signed-off-by: Christian Heimes <christian@python.org>



https://bugs.python.org/issue38270
diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py
index d55de02..0e30b2f 100644
--- a/Lib/test/test_hashlib.py
+++ b/Lib/test/test_hashlib.py

@@ -8,6 +8,7 @@
 
 import array
 from binascii import unhexlify
+import functools
 import hashlib
 import importlib
 import itertools
@@ -18,6 +19,7 @@
 import warnings
 from test import support
 from test.support import _4G, bigmemtest, import_fresh_module
+from test.support import requires_hashdigest
 from http.client import HTTPException
 
 # Were we compiled --with-pydebug or with #define Py_DEBUG?
@@ -119,6 +121,7 @@
             constructors.add(_test_algorithm_via_hashlib_new)
 
         _hashlib = self._conditional_import_module('_hashlib')
+        self._hashlib = _hashlib
         if _hashlib:
             # These two algorithms should always be present when this module
             # is compiled.  If not, something was compiled wrong.
@@ -127,7 +130,13 @@
             for algorithm, constructors in self.constructors_to_test.items():
                 constructor = getattr(_hashlib, 'openssl_'+algorithm, None)
                 if constructor:
-                    constructors.add(constructor)
+                    try:
+                        constructor()
+                    except ValueError:
+                        # default constructor blocked by crypto policy
+                        pass
+                    else:
+                        constructors.add(constructor)
 
         def add_builtin_constructor(name):
             constructor = getattr(hashlib, "__get_builtin_constructor")(name)
@@ -193,6 +202,9 @@
             cons(b'', usedforsecurity=False)
         hashlib.new("sha256", usedforsecurity=True)
         hashlib.new("sha256", usedforsecurity=False)
+        if self._hashlib is not None:
+            self._hashlib.new("md5", usedforsecurity=False)
+            self._hashlib.openssl_md5(usedforsecurity=False)
 
     def test_unknown_hash(self):
         self.assertRaises(ValueError, hashlib.new, 'spam spam spam spam spam')