Issue 38270: Tests: Avoid MD5 or check for MD5 availablity [proxy]

Issue38270

classification

Title:	Tests: Avoid MD5 or check for MD5 availablity
Type:	resource usage	Stage:	patch review
Components:	Tests	Versions:	Python 3.9, Python 3.8, Python 3.7

process

Status:	open	Resolution:
Dependencies:		Superseder:
Assigned To:	christian.heimes	Nosy List:	christian.heimes, cstratak, lukasz.langa, miss-islington, ned.deily, petr.viktorin, vstinner
Priority:	high	Keywords:	patch

Created on 2019-09-25 10:09 by christian.heimes, last changed 2022-04-11 14:59 by admin.

Pull Requests
URL	Status	Linked	Edit
PR 16382	merged	christian.heimes, 2019-09-25 10:25
PR 16393	merged	miss-islington, 2019-09-25 15:17
PR 16418	merged	christian.heimes, 2019-09-26 09:59
PR 16437	merged	christian.heimes, 2019-09-27 13:45
PR 17446	merged	cstratak, 2019-12-03 00:50
PR 17450	merged	miss-islington, 2019-12-03 15:36

Messages (10)
msg353162 - (view)	Author: Christian Heimes (christian.heimes) *	Date: 2019-09-25 10:09
MD5 hash digest algorithm has known security issues and is getting blocked on systems with strict security policies. Python uses MD5 in several unittests. These tests should either avoid MD5 and use SHA256 instead. Or tests that really require MD5 should check for the availability of MD5 and skip these tests. The latter are network-related tests that check for digest auth or CRAM-MD5 auth. Avoidable use of MD5: * test_hmac tests for default constructor * test_tarfile checksum Tests that require MD5: * test_urllib2_localnet digest auth * CRAM-MD5 in test_imaplib, test_poplib, test_smtplib
msg353204 - (view)	Author: miss-islington (miss-islington)	Date: 2019-09-25 14:30
New changeset c64a1a61e6fc542cada40eb069a239317e1af36e by Miss Islington (bot) (Christian Heimes) in branch 'master': bpo-38270: Check for hash digest algorithms and avoid MD5 (GH-16382) https://github.com/python/cpython/commit/c64a1a61e6fc542cada40eb069a239317e1af36e
msg353216 - (view)	Author: miss-islington (miss-islington)	Date: 2019-09-25 15:50
New changeset 66cd041df8dfadd001ae298292e16f0271c0d139 by Miss Islington (bot) in branch '3.8': [3.8] bpo-38270: Check for hash digest algorithms and avoid MD5 (GH-16382) (GH-16393) https://github.com/python/cpython/commit/66cd041df8dfadd001ae298292e16f0271c0d139
msg353358 - (view)	Author: miss-islington (miss-islington)	Date: 2019-09-27 13:04
New changeset 90558158093c0ad893102158fd3c2dd9f864e82e by Miss Islington (bot) (Christian Heimes) in branch 'master': bpo-38270: More fixes for strict crypto policy (GH-16418) https://github.com/python/cpython/commit/90558158093c0ad893102158fd3c2dd9f864e82e
msg353548 - (view)	Author: Łukasz Langa (lukasz.langa) *	Date: 2019-09-30 07:10
New changeset bfca56b3ddb4bb0a98931ebcd1257af2afa9b2ae by Łukasz Langa (Christian Heimes) in branch '3.8': [3.8] bpo-38270: More fixes for strict crypto policy (GH-16418) (#16437) https://github.com/python/cpython/commit/bfca56b3ddb4bb0a98931ebcd1257af2afa9b2ae
msg353553 - (view)	Author: STINNER Victor (vstinner) *	Date: 2019-09-30 07:50
Can we close the issue?
msg354497 - (view)	Author: Ned Deily (ned.deily) *	Date: 2019-10-11 21:10
It looks like Christian originally requested autobackports to both 3.8 and 3.7 but both failed due to git checkout errors. He then manually restarted the 3.8 backport but it looks like the 3.7 one did not get restarted. Christian, was that intentional or just an oversight? If the latter, you should try the 3.7 backport again.
msg357571 - (view)	Author: Petr Viktorin (petr.viktorin) *	Date: 2019-11-27 13:47
The change silently disables 2 tests, see comment here: https://github.com/python/cpython/commit/66cd041df8dfadd001ae298292e16f0271c0d139#diff-ba7d7a4a1a0050e1f497b71b5cd50afcR365 (I think it's better to reopen this bug, than to open a new one, so all the fixes are in one place. Do you agree?)
msg357754 - (view)	Author: miss-islington (miss-islington)	Date: 2019-12-03 15:36
New changeset 894331838b256412c95d54051ec46a1cb96f52e7 by Miss Islington (bot) (stratakis) in branch 'master': bpo-38270: Fix indentation of test_hmac assertions (GH-17446) https://github.com/python/cpython/commit/894331838b256412c95d54051ec46a1cb96f52e7
msg357866 - (view)	Author: miss-islington (miss-islington)	Date: 2019-12-05 16:51
New changeset cfdaf92221da3c264d0da9c588994fefe4073196 by Miss Islington (bot) in branch '3.8': [3.8] bpo-38270: Fix indentation of test_hmac assertions (GH-17446) (GH-17450) https://github.com/python/cpython/commit/cfdaf92221da3c264d0da9c588994fefe4073196

History
Date	User	Action	Args
2022-04-11 14:59:20	admin	set	github: 82451
2019-12-05 16:51:37	miss-islington	set	messages: + msg357866
2019-12-03 15:36:20	miss-islington	set	pull_requests: + pull_request16931
2019-12-03 15:36:03	miss-islington	set	messages: + msg357754
2019-12-03 00:50:57	cstratak	set	stage: resolved -> patch review pull_requests: + pull_request16927
2019-12-03 00:42:21	cstratak	set	nosy: + cstratak
2019-11-27 13:47:23	petr.viktorin	set	status: closed -> open nosy: + petr.viktorin messages: + msg357571 resolution: fixed ->
2019-10-11 21:10:23	ned.deily	set	nosy: + ned.deily messages: + msg354497
2019-10-01 09:53:30	christian.heimes	set	status: open -> closed resolution: fixed stage: patch review -> resolved
2019-09-30 07:50:18	vstinner	set	nosy: + vstinner messages: + msg353553
2019-09-30 07:10:42	lukasz.langa	set	nosy: + lukasz.langa messages: + msg353548
2019-09-27 13:45:01	christian.heimes	set	pull_requests: + pull_request16015
2019-09-27 13:04:00	miss-islington	set	messages: + msg353358
2019-09-26 09:59:18	christian.heimes	set	pull_requests: + pull_request15998
2019-09-25 15:50:44	miss-islington	set	messages: + msg353216
2019-09-25 15:17:01	miss-islington	set	pull_requests: + pull_request15975
2019-09-25 14:30:23	miss-islington	set	nosy: + miss-islington messages: + msg353204
2019-09-25 10:25:25	christian.heimes	set	keywords: + patch stage: patch review pull_requests: + pull_request15962
2019-09-25 10:09:58	christian.heimes	create