Skip to content

Commit

Permalink
move the _hashlib get_fips_mode logic check into test.support.
Browse files Browse the repository at this point in the history
  • Loading branch information
gpshead committed Dec 29, 2024
1 parent bd4a172 commit e454e42
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 8 deletions.
8 changes: 8 additions & 0 deletions Lib/test/support/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -2969,3 +2969,11 @@ def run_yielding_async_fn(async_fn, /, *args, **kwargs):
return e.value
finally:
coro.close()


def is_libssl_fips_mode():
try:
from _hashlib import get_fips_mode # ask _hashopenssl.c
except ImportError:
return False # more of a maybe, unless we add this to the _ssl module.
return get_fips_mode() != 0
17 changes: 9 additions & 8 deletions Lib/test/test_urllib2.py
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,6 @@
import urllib.error
import http.client

try:
from _hashlib import get_fips_mode
except ImportError:
def get_fips_mode():
return 0

support.requires_working_socket(module=True)

Expand Down Expand Up @@ -1969,23 +1964,29 @@ def test_parse_proxy(self):
self.assertRaises(ValueError, _parse_proxy, 'file:/ftp.example.com'),


skip_libssl_fips_mode = unittest.skipIf(
support.is_libssl_fips_mode(),
"conservative skip due to OpenSSL FIPS mode possible algorithm nerfing",
)


class TestDigestAuthAlgorithms(unittest.TestCase):
def setUp(self):
self.handler = AbstractDigestAuthHandler()

@unittest.skipIf(get_fips_mode(), "fips mode; requires hashlib.md5")
@skip_libssl_fips_mode
def test_md5_algorithm(self):
H, KD = self.handler.get_algorithm_impls('MD5')
self.assertEqual(H("foo"), "acbd18db4cc2f85cedef654fccc4a4d8")
self.assertEqual(KD("foo", "bar"), "4e99e8c12de7e01535248d2bac85e732")

@unittest.skipIf(get_fips_mode(), "fips mode; requires hashlib.sha1")
@skip_libssl_fips_mode
def test_sha_algorithm(self):
H, KD = self.handler.get_algorithm_impls('SHA')
self.assertEqual(H("foo"), "0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33")
self.assertEqual(KD("foo", "bar"), "54dcbe67d21d5eb39493d46d89ae1f412d3bd6de")

@unittest.skipIf(get_fips_mode(), "fips mode; requires hashlib.sha256")
@skip_libssl_fips_mode
def test_sha256_algorithm(self):
H, KD = self.handler.get_algorithm_impls('SHA-256')
self.assertEqual(H("foo"), "2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae")
Expand Down

0 comments on commit e454e42

Please sign in to comment.