diff --git a/Lib/test/support/__init__.py b/Lib/test/support/__init__.py index cf3077f2a4a409..42e7b876594fa7 100644 --- a/Lib/test/support/__init__.py +++ b/Lib/test/support/__init__.py @@ -2969,3 +2969,11 @@ def run_yielding_async_fn(async_fn, /, *args, **kwargs): return e.value finally: coro.close() + + +def is_libssl_fips_mode(): + try: + from _hashlib import get_fips_mode # ask _hashopenssl.c + except ImportError: + return False # more of a maybe, unless we add this to the _ssl module. + return get_fips_mode() != 0 diff --git a/Lib/test/test_urllib2.py b/Lib/test/test_urllib2.py index 96d91c1f1c2f8a..085b24c25b2daa 100644 --- a/Lib/test/test_urllib2.py +++ b/Lib/test/test_urllib2.py @@ -27,6 +27,7 @@ import urllib.error import http.client + support.requires_working_socket(module=True) # XXX @@ -1963,20 +1964,29 @@ def test_parse_proxy(self): self.assertRaises(ValueError, _parse_proxy, 'file:/ftp.example.com'), -class TestDigestAlgorithms(unittest.TestCase): +skip_libssl_fips_mode = unittest.skipIf( + support.is_libssl_fips_mode(), + "conservative skip due to OpenSSL FIPS mode possible algorithm nerfing", +) + + +class TestDigestAuthAlgorithms(unittest.TestCase): def setUp(self): self.handler = AbstractDigestAuthHandler() + @skip_libssl_fips_mode def test_md5_algorithm(self): H, KD = self.handler.get_algorithm_impls('MD5') self.assertEqual(H("foo"), "acbd18db4cc2f85cedef654fccc4a4d8") self.assertEqual(KD("foo", "bar"), "4e99e8c12de7e01535248d2bac85e732") + @skip_libssl_fips_mode def test_sha_algorithm(self): H, KD = self.handler.get_algorithm_impls('SHA') self.assertEqual(H("foo"), "0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33") self.assertEqual(KD("foo", "bar"), "54dcbe67d21d5eb39493d46d89ae1f412d3bd6de") + @skip_libssl_fips_mode def test_sha256_algorithm(self): H, KD = self.handler.get_algorithm_impls('SHA-256') self.assertEqual(H("foo"), "2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae")