Skip to content

bpo-9146: Raise a ValueError if OpenSSL fails to init a hash function#1777

Merged
gpshead merged 1 commit into
python:masterfrom
gpshead:fiiiiiiiiiips
May 24, 2017
Merged

bpo-9146: Raise a ValueError if OpenSSL fails to init a hash function#1777
gpshead merged 1 commit into
python:masterfrom
gpshead:fiiiiiiiiiips

Conversation

@gpshead

@gpshead gpshead commented May 23, 2017

Copy link
Copy Markdown
Member

This helps people in weird FIPS mode environments where common algorithms
such as MD5 or SHA1 are not available in the binary as a matter of policy.

This is https://bugs.python.org/file46765/hashopenssl-fips-exceptions.patch from bpo by @kscguru.

@gpshead
bpo-9146: Raise a ValueError if OpenSSL fails to init a hash func.
5e3e356 
This helps people in weird FIPS mode environments where common things
like MD5 are not available in the binary as a matter of policy.
@mention-bot

mention-bot commented May 23, 2017

Copy link
Copy Markdown

@gpshead, thanks for your PR! By analyzing the history of the files in this pull request, we identified @loewis, @tiran and @teoliphant to be potential reviewers.

tiran
tiran approved these changes May 23, 2017
View reviewed changes

@tiran tiran left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

test_hashlib passes with OpenSSL 0.9.8zh, 1.0.1u, 1.0.2k, 1.1.0e, LibreSSL 2.3.10, 2.4.5, 2,5.3

@gpshead gpshead merged commit 07244a8 into python:master May 24, 2017
@gpshead gpshead deleted the fiiiiiiiiiips branch May 24, 2017 07:04
@gpshead

gpshead commented May 24, 2017

Copy link
Copy Markdown
Member Author

assigning to tiran for the backports.

gpshead added a commit to gpshead/cpython that referenced this pull request Sep 3, 2017
@gpshead
[3.6] bpo-9146: Raise a ValueError if OpenSSL fails to init a hash fu…
f6d32e6 
…nc. (pythonGH-1777)

This helps people in weird FIPS mode environments where common things
like MD5 are not available in the binary as a matter of policy.
(cherry picked from commit 07244a8)
@gpshead gpshead mentioned this pull request Sep 3, 2017
Merged
@gpshead

gpshead commented Sep 3, 2017

Copy link
Copy Markdown
Member Author

looks like we still need a Misc/NEWS.d entry for this

@gpshead gpshead self-assigned this Sep 3, 2017
gpshead added a commit that referenced this pull request Sep 3, 2017
@gpshead
[3.6] bpo-9146: Raise a ValueError if OpenSSL fails to init a hash fu…
31b8efe 
…nc (#3274)

* [3.6] bpo-9146: Raise a ValueError if OpenSSL fails to init a hash func. (GH-1777)

This helps people in weird FIPS mode environments where common things
like MD5 are not available in the binary as a matter of policy.
(cherry picked from commit 07244a8)

* Include a NEWS entry.
@gpshead gpshead removed their assignment Sep 3, 2017
@miss-islington

miss-islington commented Sep 13, 2017

Copy link
Copy Markdown
Contributor

Thanks @gpshead for the PR 🌮🎉.. I'm working now to backport this PR to: 2.7.
🐍🍒⛏🤖

@miss-islington

miss-islington commented Sep 13, 2017

Copy link
Copy Markdown
Contributor

Sorry, @gpshead, I could not cleanly backport this to 2.7 due to a conflict.
Please backport using cherry_picker on command line.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tiran tiran tiran approved these changes

Assignees

@tiran tiran

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@gpshead @mention-bot @miss-islington @tiran @Mariatta @the-knights-who-say-ni