If kernel fips is enabled, we get permission error upon doing
`import crypt`. So, if kernel fips is enabled, disable the
unallowed hashing methods.
Python 3.9.1 (default, May 10 2022, 11:36:26)
[GCC 10.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import crypt
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.9/crypt.py", line 117, in <module>
_add_method('MD5', '1', 8, 34)
File "/usr/lib/python3.9/crypt.py", line 94, in _add_method
result = crypt('', salt)
File "/usr/lib/python3.9/crypt.py", line 82, in crypt
return _crypt.crypt(word, salt)
PermissionError: [Errno 1] Operation not permitted
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
(cherry picked from commit
2fa03b1b0708d5d74630c351ec9abd2aac7550da)
Co-authored-by: Shreenidhi Shedi <53473811+sshedi@users.noreply.github.com>
result = crypt('', salt)
except OSError as e:
# Not all libc libraries support all encryption methods.
- if e.errno == errno.EINVAL:
+ if e.errno in {errno.EINVAL, errno.EPERM, errno.ENOSYS}:
return False
raise
if result and len(result) == method.total_size:
--- /dev/null
+Fail gracefully if :data:`~errno.EPERM` or :data:`~errno.ENOSYS` is raised when loading
+:mod:`crypt` methods. This may happen when trying to load ``MD5`` on a Linux kernel
+with :abbr:`FIPS (Federal Information Processing Standard)` enabled.
projects / thirdparty / Python / cpython.git / commitdiff
