Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bpo-38270: More fixes for strict crypto policy #16418

Merged
merged 1 commit into from
Sep 27, 2019
Merged

bpo-38270: More fixes for strict crypto policy #16418

merged 1 commit into from
Sep 27, 2019
+36 −12

Conversation

tiran
Copy link
Member

@tiran tiran commented Sep 26, 2019
edited by miss-islington
Loading

test_hmac and test_hashlib test built-in hashing implementations and
OpenSSL-based hashing implementations. Add more checks to skip OpenSSL
implementations when a strict crypto policy is active.

Use EVP_DigestInit_ex() instead of EVP_DigestInit() to initialize the
EVP context. The EVP_DigestInit() function clears alls flags and breaks
usedforsecurity flag again.

Signed-off-by: Christian Heimes christian@python.org

https://bugs.python.org/issue38270

Automerge-Triggered-By: @tiran

@tiran tiran added tests Tests in the Lib/test dir skip news needs backport to 3.8 labels Sep 26, 2019
@tiran tiran requested review from vstinner and encukou September 26, 2019 09:59
vstinner
vstinner reviewed Sep 26, 2019
View reviewed changes
@tiran
bpo-38270: More fixes for strict crypto policy
2413aa9 
test_hmac and test_hashlib test built-in hashing implementations and
OpenSSL-based hashing implementations. Add more checks to skip OpenSSL
implementations when a strict crypto policy is active.

Use EVP_DigestInit_ex() instead of EVP_DigestInit() to initialize the
EVP context. The EVP_DigestInit() function clears alls flags and breaks
usedforsecurity flag again.

Signed-off-by: Christian Heimes <christian@python.org>
@tiran tiran mentioned this pull request Sep 27, 2019
Closed
encukou
encukou approved these changes Sep 27, 2019
View reviewed changes
Copy link
Member

@encukou encukou left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me. Please address Victor's comment (but I don't think the imports are that much of a problem).

@miss-islington miss-islington merged commit 9055815 into python:master Sep 27, 2019
@miss-islington
Copy link
Contributor

Thanks @tiran for the PR 🌮🎉.. I'm working now to backport this PR to: 3.8.
🐍🍒⛏🤖

@miss-islington
Copy link
Contributor

I'm having trouble backporting to 3.8. Reason: 'Error 110 while writing to socket. Connection timed out.'. Please retry by removing and re-adding the needs backport to 3.8 label.

@miss-islington
Copy link
Contributor

Thanks @tiran for the PR 🌮🎉.. I'm working now to backport this PR to: 3.8.
🐍🍒⛏🤖

@miss-islington
Copy link
Contributor

Sorry, @tiran, I could not cleanly backport this to 3.8 due to a conflict.
Please backport using cherry_picker on command line.
cherry_picker 90558158093c0ad893102158fd3c2dd9f864e82e 3.8

@miss-islington miss-islington self-assigned this Sep 27, 2019
@bedevere-bot
Copy link

GH-16437 is a backport of this pull request to the 3.8 branch.

tiran added a commit to tiran/cpython that referenced this pull request Sep 27, 2019
@tiran
[3.8] bpo-38270: More fixes for strict crypto policy (pythonGH-16418)
79e2162 
test_hmac and test_hashlib test built-in hashing implementations and
OpenSSL-based hashing implementations. Add more checks to skip OpenSSL
implementations when a strict crypto policy is active.

Use EVP_DigestInit_ex() instead of EVP_DigestInit() to initialize the
EVP context. The EVP_DigestInit() function clears alls flags and breaks
usedforsecurity flag again.

Signed-off-by: Christian Heimes <christian@python.org>

https://bugs.python.org/issue38270.
(cherry picked from commit 9055815)

Co-authored-by: Christian Heimes <christian@python.org>
ambv pushed a commit that referenced this pull request Sep 30, 2019
@tiran @ambv
[3.8] bpo-38270: More fixes for strict crypto policy (GH-16418) (#16437)

Partially verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
We cannot verify signatures from co-authors, and some of the co-authors attributed to this commit require their commits to be signed.
bfca56b 
test_hmac and test_hashlib test built-in hashing implementations and
OpenSSL-based hashing implementations. Add more checks to skip OpenSSL
implementations when a strict crypto policy is active.

Use EVP_DigestInit_ex() instead of EVP_DigestInit() to initialize the
EVP context. The EVP_DigestInit() function clears alls flags and breaks
usedforsecurity flag again.

Signed-off-by: Christian Heimes <christian@python.org>

https://bugs.python.org/issue38270.
(cherry picked from commit 9055815)

Co-authored-by: Christian Heimes <christian@python.org>
stratakis pushed a commit to stratakis/cpython that referenced this pull request Dec 2, 2019
@tiran @stratakis
[3.8] bpo-38270: More fixes for strict crypto policy (pythonGH-16418) (
75d9613 
…python#16437)

test_hmac and test_hashlib test built-in hashing implementations and
OpenSSL-based hashing implementations. Add more checks to skip OpenSSL
implementations when a strict crypto policy is active.

Use EVP_DigestInit_ex() instead of EVP_DigestInit() to initialize the
EVP context. The EVP_DigestInit() function clears alls flags and breaks
usedforsecurity flag again.

Signed-off-by: Christian Heimes <christian@python.org>

https://bugs.python.org/issue38270.
(cherry picked from commit 9055815)

Co-authored-by: Christian Heimes <christian@python.org>
jacobneiltaylor pushed a commit to jacobneiltaylor/cpython that referenced this pull request Dec 5, 2019
@tiran
bpo-38270: More fixes for strict crypto policy (pythonGH-16418)

Partially verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
We cannot verify signatures from co-authors, and some of the co-authors attributed to this commit require their commits to be signed.
108a8b7 
test_hmac and test_hashlib test built-in hashing implementations and
OpenSSL-based hashing implementations. Add more checks to skip OpenSSL
implementations when a strict crypto policy is active.

Use EVP_DigestInit_ex() instead of EVP_DigestInit() to initialize the
EVP context. The EVP_DigestInit() function clears alls flags and breaks
usedforsecurity flag again.

Signed-off-by: Christian Heimes <christian@python.org>



https://bugs.python.org/issue38270
stratakis pushed a commit to stratakis/cpython that referenced this pull request May 5, 2020
@tiran @stratakis
[3.8] bpo-38270: More fixes for strict crypto policy (pythonGH-16418) (

Partially verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
We cannot verify signatures from co-authors, and some of the co-authors attributed to this commit require their commits to be signed.
6634eed 
…python#16437)

test_hmac and test_hashlib test built-in hashing implementations and
OpenSSL-based hashing implementations. Add more checks to skip OpenSSL
implementations when a strict crypto policy is active.

Use EVP_DigestInit_ex() instead of EVP_DigestInit() to initialize the
EVP context. The EVP_DigestInit() function clears alls flags and breaks
usedforsecurity flag again.

Signed-off-by: Christian Heimes <christian@python.org>

https://bugs.python.org/issue38270.
(cherry picked from commit 9055815)

Co-authored-by: Christian Heimes <christian@python.org>
@tiran tiran mentioned this pull request Sep 9, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vstinner vstinner

@encukou encukou

Assignees

@miss-islington miss-islington

Labels
skip news tests Tests in the Lib/test dir
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@tiran @miss-islington @bedevere-bot @vstinner @encukou @the-knights-who-say-ni