bpo-38270: Check for hash digest algorithms and avoid MD5 (GH-16382)
Make it easier to run and test Python on systems with restrict crypto policies:
* add requires_hashdigest to test.support to check if a hash digest algorithm is available and working
* avoid MD5 in test_hmac
* replace MD5 with SHA256 in test_tarfile
* mark network tests that require MD5 for MD5-based digest auth or CRAM-MD5
https://bugs.python.org/issue38270
diff --git a/Lib/test/test_smtplib.py b/Lib/test/test_smtplib.py
index f1332e9..d0c9862 100644
--- a/Lib/test/test_smtplib.py
+++ b/Lib/test/test_smtplib.py
@@ -4,6 +4,7 @@
from email.message import EmailMessage
from email.base64mime import body_encode as encode_base64
import email.utils
+import hashlib
import hmac
import socket
import smtpd
@@ -21,6 +22,7 @@
from test import support, mock_socket
from test.support import HOST
from test.support import threading_setup, threading_cleanup, join_thread
+from test.support import requires_hashdigest
from unittest.mock import Mock
@@ -1009,6 +1011,7 @@
self.assertEqual(resp, (235, b'Authentication Succeeded'))
smtp.close()
+ @requires_hashdigest('md5')
def testAUTH_CRAM_MD5(self):
self.serv.add_feature("AUTH CRAM-MD5")
smtp = smtplib.SMTP(HOST, self.port, local_hostname='localhost', timeout=15)
@@ -1025,7 +1028,13 @@
smtp.close()
def test_auth_function(self):
- supported = {'CRAM-MD5', 'PLAIN', 'LOGIN'}
+ supported = {'PLAIN', 'LOGIN'}
+ try:
+ hashlib.md5()
+ except ValueError:
+ pass
+ else:
+ supported.add('CRAM-MD5')
for mechanism in supported:
self.serv.add_feature("AUTH {}".format(mechanism))
for mechanism in supported: