This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author dmalcolm
Recipients dmalcolm, gps, pitrou
Date 2010-07-06.17:44:50
SpamBayes Score 4.042643e-05
Marked as misclassified No
Message-id <1278438297.64.0.363556333718.issue9146@psf.upfronthosting.co.za>
In-reply-to
Content
I'm attaching an updated patch which:
  - adds error checking to the various places where EVP_DigestInit is called
  - adds a test to test_hashlib to ensure that hashlib still works gracefully when OPENSSL_FORCE_FIPS_MODE=1 is set in the environment

Note that in this mode:
>>> _hashlib.new('md5')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ValueError: error:060800A0:digital envelope routines:EVP_DigestInit_ex:unknown cipher
[57670 refs]

but hashlib falls back to using the "md5" module instead.

I started writing a test for _hashlib (as opposed to hashlib), but it's too hard to express a runtime conditional on whether OPENSSL_FORCE_FIPS_MODE will actually affect the behavior of EVP_DigestInit across the versions of openssl that might be installed on the system.

I'm still waiting to hear back from the Fedora OpenSSL packager for info on how to reproduce this on a vanilla OpenSSL.
History
Date User Action Args
2010-07-06 17:44:59dmalcolmsetrecipients: + dmalcolm, pitrou, gps
2010-07-06 17:44:57dmalcolmsetmessageid: <1278438297.64.0.363556333718.issue9146@psf.upfronthosting.co.za>
2010-07-06 17:44:55dmalcolmlinkissue9146 messages
2010-07-06 17:44:53dmalcolmcreate