mirror of
https://github.com/python/cpython.git
synced 2025-01-21 07:55:16 +08:00
gh-95231: Disable md5 & crypt modules if FIPS is enabled (GH-94742)
If kernel fips is enabled, we get permission error upon doing `import crypt`. So, if kernel fips is enabled, disable the unallowed hashing methods. Python 3.9.1 (default, May 10 2022, 11:36:26) [GCC 10.2.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import crypt Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3.9/crypt.py", line 117, in <module> _add_method('MD5', '1', 8, 34) File "/usr/lib/python3.9/crypt.py", line 94, in _add_method result = crypt('', salt) File "/usr/lib/python3.9/crypt.py", line 82, in crypt return _crypt.crypt(word, salt) PermissionError: [Errno 1] Operation not permitted Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
This commit is contained in:
parent
8621e6d43a
commit
2fa03b1b07
@ -98,7 +98,7 @@ def _add_method(name, *args, rounds=None):
|
||||
result = crypt('', salt)
|
||||
except OSError as e:
|
||||
# Not all libc libraries support all encryption methods.
|
||||
if e.errno == errno.EINVAL:
|
||||
if e.errno in {errno.EINVAL, errno.EPERM, errno.ENOSYS}:
|
||||
return False
|
||||
raise
|
||||
if result and len(result) == method.total_size:
|
||||
|
@ -0,0 +1,3 @@
|
||||
Fail gracefully if :data:`~errno.EPERM` or :data:`~errno.ENOSYS` is raised when loading
|
||||
:mod:`crypt` methods. This may happen when trying to load ``MD5`` on a Linux kernel
|
||||
with :abbr:`FIPS (Federal Information Processing Standard)` enabled.
|
Loading…
Reference in New Issue
Block a user