-
-
Notifications
You must be signed in to change notification settings - Fork 30.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test_socket.LinuxKernelCryptoAPI.test_hmac_sha1() fails on "AMD64 RHEL8 FIPS Only Blake2 Builtin Hash 3.x" buildbot #109396
Comments
vstinner
added
type-bug
An unexpected behavior, bug, or error
tests
Tests in the Lib/test dir
labels
Sep 14, 2023
cc @stratakis |
It seems like hmac in FIPS mode requires a key of at least 112 bits (14 bytes), whereas the test uses a key of 32 bits (4 bytes). See if (fips_enabled && (keylen < 112 / 8))
return -EINVAL; |
vstinner
added a commit
to vstinner/cpython
that referenced
this issue
Sep 14, 2023
Use a longer key: FIPS mode requires at least of at least 112 bits. The previous key was only 32 bits.
vstinner
added a commit
to vstinner/cpython
that referenced
this issue
Sep 14, 2023
Use a longer key: FIPS mode requires at least of at least 112 bits. The previous key was only 32 bits.
vstinner
added a commit
that referenced
this issue
Sep 14, 2023
Use a longer key: FIPS mode requires at least of at least 112 bits. The previous key was only 32 bits.
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Sep 14, 2023
…nGH-109423) Use a longer key: FIPS mode requires at least of at least 112 bits. The previous key was only 32 bits. (cherry picked from commit e091b9f) Co-authored-by: Victor Stinner <[email protected]>
This was referenced Sep 14, 2023
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Sep 14, 2023
…nGH-109423) Use a longer key: FIPS mode requires at least of at least 112 bits. The previous key was only 32 bits. (cherry picked from commit e091b9f) Co-authored-by: Victor Stinner <[email protected]>
Closed
miss-islington
added a commit
to miss-islington/cpython
that referenced
this issue
Oct 8, 2024
…pythonGH-109423) (pythonGH-109427) pythongh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode (pythonGH-109423) Use a longer key: FIPS mode requires at least of at least 112 bits. The previous key was only 32 bits. (cherry picked from commit e091b9f) (cherry picked from commit f7bfac4) Co-authored-by: Miss Islington (bot) <[email protected]> Co-authored-by: Victor Stinner <[email protected]>
miss-islington
added a commit
to miss-islington/cpython
that referenced
this issue
Oct 8, 2024
…pythonGH-109423) (pythonGH-109427) pythongh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode (pythonGH-109423) Use a longer key: FIPS mode requires at least of at least 112 bits. The previous key was only 32 bits. (cherry picked from commit e091b9f) (cherry picked from commit f7bfac4) Co-authored-by: Miss Islington (bot) <[email protected]> Co-authored-by: Victor Stinner <[email protected]>
This fails on 3.10 & 3.9 buildbots, so let's backport there too. |
pablogsal
pushed a commit
that referenced
this issue
Oct 22, 2024
…09423) (#125106) [3.11] gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode (GH-109423) (GH-109427) gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode (GH-109423) Use a longer key: FIPS mode requires at least of at least 112 bits. The previous key was only 32 bits. (cherry picked from commit e091b9f) (cherry picked from commit f7bfac4) Co-authored-by: Victor Stinner <[email protected]> Co-authored-by: Petr Viktorin <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug report
When FIPS is enabled in Linux, LinuxKernelCryptoAPI.test_hmac_sha1() fails with
OSError: [Errno 22] Invalid argument
.test.pythoninfo:
Error:
build: https://buildbot.python.org/all/#/builders/469/builds/5995
Linked PRs
The text was updated successfully, but these errors were encountered: