diff options
| author | Christian Heimes <christian@python.org> | 2019-09-13 02:30:00 +0200 |
|---|---|---|
| committer | Gregory P. Smith <greg@krypto.org> | 2019-09-12 19:30:00 -0500 |
| commit | 7cad53e6b084435a220e6604010f1fa5778bd0b1 (patch) | |
| tree | a54b4906b9e9fc18bd5319fe87ad8a7fc071b3a7 /Lib/test/test_hashlib.py | |
| parent | 3a4f66707e824ef3a8384827590ebaa6ca463dc0 (diff) | |
| download | cpython-7cad53e6b084435a220e6604010f1fa5778bd0b1.tar.gz cpython-7cad53e6b084435a220e6604010f1fa5778bd0b1.zip | |
bpo-9216: Add usedforsecurity to hashlib constructors (GH-16044)
The usedforsecurity keyword only argument added to the hash constructors is useful for FIPS builds and similar restrictive environment with non-technical requirements that legacy algorithms be forbidden by their implementations without being explicitly annotated as not being used for any security related purposes. Linux distros with FIPS support benefit from this being standard rather than making up their own way(s) to do it.
Contributed and Signed-off-by: Christian Heimes christian@python.org
Diffstat (limited to 'Lib/test/test_hashlib.py')
| -rw-r--r-- | Lib/test/test_hashlib.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py index b7b04a37f0d..46088e52dc5 100644 --- a/Lib/test/test_hashlib.py +++ b/Lib/test/test_hashlib.py @@ -190,6 +190,15 @@ class HashLibTestCase(unittest.TestCase): self.assertTrue(set(hashlib.algorithms_guaranteed). issubset(hashlib.algorithms_available)) + def test_usedforsecurity(self): + for cons in self.hash_constructors: + cons(usedforsecurity=True) + cons(usedforsecurity=False) + cons(b'', usedforsecurity=True) + cons(b'', usedforsecurity=False) + hashlib.new("sha256", usedforsecurity=True) + hashlib.new("sha256", usedforsecurity=False) + def test_unknown_hash(self): self.assertRaises(ValueError, hashlib.new, 'spam spam spam spam spam') self.assertRaises(TypeError, hashlib.new, 1) |