classification
Title: Tests: Avoid MD5 or check for MD5 availablity
Type: resource usage Stage: patch review
Components: Tests Versions: Python 3.9, Python 3.8, Python 3.7
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: christian.heimes, cstratak, lukasz.langa, miss-islington, ned.deily, petr.viktorin, vstinner
Priority: high Keywords: patch

Created on 2019-09-25 10:09 by christian.heimes, last changed 2019-12-05 16:51 by miss-islington.

Pull Requests
URL Status Linked Edit
PR 16382 merged christian.heimes, 2019-09-25 10:25
PR 16393 merged miss-islington, 2019-09-25 15:17
PR 16418 merged christian.heimes, 2019-09-26 09:59
PR 16437 merged christian.heimes, 2019-09-27 13:45
PR 17446 merged cstratak, 2019-12-03 00:50
PR 17450 merged miss-islington, 2019-12-03 15:36
Messages (10)
msg353162 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2019-09-25 10:09
MD5 hash digest algorithm has known security issues and is getting blocked on systems with strict security policies.

Python uses MD5 in several unittests. These tests should either avoid MD5 and use SHA256 instead. Or tests that really require MD5 should check for the availability of MD5 and skip these tests. The latter are network-related tests that check for digest auth or CRAM-MD5 auth.

Avoidable use of MD5:
* test_hmac tests for default constructor
* test_tarfile checksum

Tests that require MD5:
* test_urllib2_localnet digest auth
* CRAM-MD5 in test_imaplib, test_poplib, test_smtplib
msg353204 - (view) Author: miss-islington (miss-islington) Date: 2019-09-25 14:30
New changeset c64a1a61e6fc542cada40eb069a239317e1af36e by Miss Islington (bot) (Christian Heimes) in branch 'master':
bpo-38270: Check for hash digest algorithms and avoid MD5 (GH-16382)
https://github.com/python/cpython/commit/c64a1a61e6fc542cada40eb069a239317e1af36e
msg353216 - (view) Author: miss-islington (miss-islington) Date: 2019-09-25 15:50
New changeset 66cd041df8dfadd001ae298292e16f0271c0d139 by Miss Islington (bot) in branch '3.8':
[3.8] bpo-38270: Check for hash digest algorithms and avoid MD5 (GH-16382) (GH-16393)
https://github.com/python/cpython/commit/66cd041df8dfadd001ae298292e16f0271c0d139
msg353358 - (view) Author: miss-islington (miss-islington) Date: 2019-09-27 13:04
New changeset 90558158093c0ad893102158fd3c2dd9f864e82e by Miss Islington (bot) (Christian Heimes) in branch 'master':
bpo-38270: More fixes for strict crypto policy (GH-16418)
https://github.com/python/cpython/commit/90558158093c0ad893102158fd3c2dd9f864e82e
msg353548 - (view) Author: Łukasz Langa (lukasz.langa) * (Python committer) Date: 2019-09-30 07:10
New changeset bfca56b3ddb4bb0a98931ebcd1257af2afa9b2ae by Łukasz Langa (Christian Heimes) in branch '3.8':
[3.8] bpo-38270: More fixes for strict crypto policy (GH-16418) (#16437)
https://github.com/python/cpython/commit/bfca56b3ddb4bb0a98931ebcd1257af2afa9b2ae
msg353553 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2019-09-30 07:50
Can we close the issue?
msg354497 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2019-10-11 21:10
It looks like Christian originally requested autobackports to both 3.8 and 3.7 but both failed due to git checkout errors.  He then manually restarted the 3.8 backport but it looks like the 3.7 one did not get restarted.  Christian, was that intentional or just an oversight?  If the latter, you should try the 3.7 backport again.
msg357571 - (view) Author: Petr Viktorin (petr.viktorin) * (Python committer) Date: 2019-11-27 13:47
The change silently disables 2 tests, see comment here:
https://github.com/python/cpython/commit/66cd041df8dfadd001ae298292e16f0271c0d139#diff-ba7d7a4a1a0050e1f497b71b5cd50afcR365

(I think it's better to reopen this bug, than to open a new one, so all the fixes are in one place. Do you agree?)
msg357754 - (view) Author: miss-islington (miss-islington) Date: 2019-12-03 15:36
New changeset 894331838b256412c95d54051ec46a1cb96f52e7 by Miss Islington (bot) (stratakis) in branch 'master':
bpo-38270: Fix indentation of test_hmac assertions (GH-17446)
https://github.com/python/cpython/commit/894331838b256412c95d54051ec46a1cb96f52e7
msg357866 - (view) Author: miss-islington (miss-islington) Date: 2019-12-05 16:51
New changeset cfdaf92221da3c264d0da9c588994fefe4073196 by Miss Islington (bot) in branch '3.8':
[3.8] bpo-38270: Fix indentation of test_hmac assertions (GH-17446) (GH-17450)
https://github.com/python/cpython/commit/cfdaf92221da3c264d0da9c588994fefe4073196
History
Date User Action Args
2019-12-05 16:51:37miss-islingtonsetmessages: + msg357866
2019-12-03 15:36:20miss-islingtonsetpull_requests: + pull_request16931
2019-12-03 15:36:03miss-islingtonsetmessages: + msg357754
2019-12-03 00:50:57cstrataksetstage: resolved -> patch review
pull_requests: + pull_request16927
2019-12-03 00:42:21cstrataksetnosy: + cstratak
2019-11-27 13:47:23petr.viktorinsetstatus: closed -> open

nosy: + petr.viktorin
messages: + msg357571

resolution: fixed ->
2019-10-11 21:10:23ned.deilysetnosy: + ned.deily
messages: + msg354497
2019-10-01 09:53:30christian.heimessetstatus: open -> closed
resolution: fixed
stage: patch review -> resolved
2019-09-30 07:50:18vstinnersetnosy: + vstinner
messages: + msg353553
2019-09-30 07:10:42lukasz.langasetnosy: + lukasz.langa
messages: + msg353548
2019-09-27 13:45:01christian.heimessetpull_requests: + pull_request16015
2019-09-27 13:04:00miss-islingtonsetmessages: + msg353358
2019-09-26 09:59:18christian.heimessetpull_requests: + pull_request15998
2019-09-25 15:50:44miss-islingtonsetmessages: + msg353216
2019-09-25 15:17:01miss-islingtonsetpull_requests: + pull_request15975
2019-09-25 14:30:23miss-islingtonsetnosy: + miss-islington
messages: + msg353204
2019-09-25 10:25:25christian.heimessetkeywords: + patch
stage: patch review
pull_requests: + pull_request15962
2019-09-25 10:09:58christian.heimescreate