From 1dc32197251020c175bc9985241f8bcdeeb70a1a Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Thu, 14 Sep 2023 15:52:40 -0700 Subject: [PATCH] [3.11] gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode (GH-109423) (GH-109427) gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode (GH-109423) Use a longer key: FIPS mode requires at least of at least 112 bits. The previous key was only 32 bits. (cherry picked from commit e091b9f20fa8e409003af79f3c468b8225e6dcd3) (cherry picked from commit f7bfac4b3dd30920f97a542fd78c355ce62aa267) Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Co-authored-by: Victor Stinner --- Lib/test/test_socket.py | 10 +++++++--- .../2023-09-14-22-58-47.gh-issue-109396.J1a4jR.rst | 3 +++ 2 files changed, 10 insertions(+), 3 deletions(-) create mode 100644 Misc/NEWS.d/next/Tests/2023-09-14-22-58-47.gh-issue-109396.J1a4jR.rst diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py index b36cb5beaec859..1957149cac97f6 100755 --- a/Lib/test/test_socket.py +++ b/Lib/test/test_socket.py @@ -6390,12 +6390,16 @@ def test_sha256(self): self.assertEqual(op.recv(512), expected) def test_hmac_sha1(self): - expected = bytes.fromhex("effcdf6ae5eb2fa2d27416d5f184df9c259a7c79") + # gh-109396: In FIPS mode, Linux 6.5 requires a key + # of at least 112 bits. Use a key of 152 bits. + key = b"Python loves AF_ALG" + data = b"what do ya want for nothing?" + expected = bytes.fromhex("193dbb43c6297b47ea6277ec0ce67119a3f3aa66") with self.create_alg('hash', 'hmac(sha1)') as algo: - algo.setsockopt(socket.SOL_ALG, socket.ALG_SET_KEY, b"Jefe") + algo.setsockopt(socket.SOL_ALG, socket.ALG_SET_KEY, key) op, _ = algo.accept() with op: - op.sendall(b"what do ya want for nothing?") + op.sendall(data) self.assertEqual(op.recv(512), expected) # Although it should work with 3.19 and newer the test blocks on diff --git a/Misc/NEWS.d/next/Tests/2023-09-14-22-58-47.gh-issue-109396.J1a4jR.rst b/Misc/NEWS.d/next/Tests/2023-09-14-22-58-47.gh-issue-109396.J1a4jR.rst new file mode 100644 index 00000000000000..71150ecae76434 --- /dev/null +++ b/Misc/NEWS.d/next/Tests/2023-09-14-22-58-47.gh-issue-109396.J1a4jR.rst @@ -0,0 +1,3 @@ +Fix ``test_socket.test_hmac_sha1()`` in FIPS mode. Use a longer key: FIPS +mode requires at least of at least 112 bits. The previous key was only 32 +bits. Patch by Victor Stinner.