Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix detection of FIPS mode for blake2b #879

Merged
merged 3 commits into from Feb 28, 2022
Merged

Conversation

frenzymadness
Copy link
Contributor

@frenzymadness frenzymadness commented Feb 28, 2022

Blake2 algorithms are disabled on FIPS mode on OpenSSL level
and preferred on Python level which cause the check of
API (attributes) to fail sooner than OpenSSL raises ValueError
for unavailable function.

Fixes: #857

Blake2 algorithms are disabled on FIPS mode on OpenSSL level
and preferred on Python level which cause the check of
API (attributes) to fail sooner than OpenSSL raises ValueError
for unavailable function.
@frenzymadness
Copy link
Contributor Author

@frenzymadness frenzymadness commented Feb 28, 2022

There seem to be some troubles with CodeCov. Is there any way how can I fix them?

Copy link
Contributor

@bhrutledge bhrutledge left a comment

Thank you! I pushed an updated test and changelog entry. It looks like the CodeCov issue was temporary.

@bhrutledge bhrutledge merged commit a9e9cd6 into pypa:main Feb 28, 2022
23 checks passed
bhrutledge added a commit that referenced this issue Mar 2, 2022
* Fix detection of FIPS mode for blake2b

Blake2 algorithms are disabled on FIPS mode on OpenSSL level
and preferred on Python level which cause the check of
API (attributes) to fail sooner than OpenSSL raises ValueError
for unavailable function.

* Update test

* Add changelog entry

Co-authored-by: Brian Rutledge <brian@bhrutledge.com>
@bittner
Copy link

@bittner bittner commented Mar 3, 2022

There is no test included in this PR.

How do we make sure that the changes will now make running, e.g., twine check 'dist/*' work?

@sigmavirus24
Copy link
Member

@sigmavirus24 sigmavirus24 commented Mar 3, 2022

There is no test included in this PR.

You're mistaken

@bittner
Copy link

@bittner bittner commented Mar 3, 2022

Oh, sorry, I apologize. I see now.

But does the changed test reflect the original problem that initiated the code change? I admit I have a hard time understanding the description of this PR.

@sigmavirus24
Copy link
Member

@sigmavirus24 sigmavirus24 commented Mar 3, 2022

Yes. On earlier versions of python, trying to access blake2b was a ValueError. On newer Python versions it tries to call something with the parameters we've specified but the function doesn't accept them and it raises a TypeError (potentially an unintentional side effect in the maintenance of hashlib). This change handles both problems and has tests the mimic both scenarios via parametrization

mergify bot pushed a commit to andrewbolster/bolster that referenced this issue Apr 2, 2022
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [twine](https://github.com/pypa/twine) from 3.8.0 to 4.0.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p>
<blockquote>
<h2>Twine 4.0.0 (2022-03-31)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Drop support for Python 3.6. (<code>[#869](pypa/twine#869) &lt;https://github.com/pypa/twine/issues/869&gt;</code>_)</li>
<li>Use Rich to add color to <code>upload</code> output. (<code>[#851](pypa/twine#851) &lt;https://github.com/pypa/twine/issues/851&gt;</code>_)</li>
<li>Use Rich to add color to <code>check</code> output. (<code>[#874](pypa/twine#874) &lt;https://github.com/pypa/twine/issues/874&gt;</code>_)</li>
<li>Use Rich instead of tqdm for upload progress bar. (<code>[#877](pypa/twine#877) &lt;https://github.com/pypa/twine/issues/877&gt;</code>_)</li>
</ul>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Remove Twine's dependencies from the <code>User-Agent</code> header when uploading. (<code>[#871](pypa/twine#871) &lt;https://github.com/pypa/twine/issues/871&gt;</code>_)</li>
<li>Improve detection of disabled BLAKE2 hashing due to FIPS mode. (<code>[#879](pypa/twine#879) &lt;https://github.com/pypa/twine/issues/879&gt;</code>_)</li>
<li>Restore warning for missing <code>long_description</code>. (<code>[#887](pypa/twine#887) &lt;https://github.com/pypa/twine/issues/887&gt;</code>_)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/twine/commit/36695abf8837aba72d87304d99b789c3f2872c99"><code>36695ab</code></a> Update changelog for 4.0.0 (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/888">#888</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/4931a2a413229a77d1848bebd02b15f6d106ab69"><code>4931a2a</code></a> Make missing <code>long_description</code> check more flexible (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/887">#887</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/7cd0b236bf1b7531bc57ee7647fdb7054890486d"><code>7cd0b23</code></a> Subclass StringIO for _WarningStream. (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/886">#886</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/aa7c0473f0fc12b0b92376dc9d437929bde7713f"><code>aa7c047</code></a> Update sampleproject fixture (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/885">#885</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/a6dd69c79f7b5abfb79022092a5d3776a499e31b"><code>a6dd69c</code></a> Adopt Python 3.7+ syntax (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/882">#882</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/a0ba32dcd0ea5af5de7b88d6645b7743bf003760"><code>a0ba32d</code></a> Drop support for Python 3.6 (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/869">#869</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/55652f0a65d433860024650d0d66f62b690fe26c"><code>55652f0</code></a> Replace tqdm with Rich for progress bar (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/877">#877</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/c506b225b3ab57a40571001825dea0058a55807a"><code>c506b22</code></a> Filter unnecessary deps from User-Agent string (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/871">#871</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/a9e9cd6ecec3c4d4504704ccaba08be487d67ebf"><code>a9e9cd6</code></a> Fix detection of FIPS mode for blake2b (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/879">#879</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/f69d4b7e41b8d40342133d5c8e43df7316e73993"><code>f69d4b7</code></a> Use Rich for <code>print()</code> output (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/878">#878</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/twine/compare/3.8.0...4.0.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=twine&package-manager=pip&previous-version=3.8.0&new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
mergify bot pushed a commit to aws/jsii that referenced this issue Apr 5, 2022
…/packages/jsii-pacmak/lib/targets/python (#3469)

Updates the requirements on [twine](https://github.com/pypa/twine) to permit the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p>
<blockquote>
<h2>Twine 4.0.0 (2022-03-31)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Drop support for Python 3.6. (<code>[#869](pypa/twine#869) &lt;https://github.com/pypa/twine/issues/869&gt;</code>_)</li>
<li>Use Rich to add color to <code>upload</code> output. (<code>[#851](pypa/twine#851) &lt;https://github.com/pypa/twine/issues/851&gt;</code>_)</li>
<li>Use Rich to add color to <code>check</code> output. (<code>[#874](pypa/twine#874) &lt;https://github.com/pypa/twine/issues/874&gt;</code>_)</li>
<li>Use Rich instead of tqdm for upload progress bar. (<code>[#877](pypa/twine#877) &lt;https://github.com/pypa/twine/issues/877&gt;</code>_)</li>
</ul>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Remove Twine's dependencies from the <code>User-Agent</code> header when uploading. (<code>[#871](pypa/twine#871) &lt;https://github.com/pypa/twine/issues/871&gt;</code>_)</li>
<li>Improve detection of disabled BLAKE2 hashing due to FIPS mode. (<code>[#879](pypa/twine#879) &lt;https://github.com/pypa/twine/issues/879&gt;</code>_)</li>
<li>Restore warning for missing <code>long_description</code>. (<code>[#887](pypa/twine#887) &lt;https://github.com/pypa/twine/issues/887&gt;</code>_)</li>
</ul>
<h2>Twine 3.8.0 (2022-02-02)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Add <code>--verbose</code> logging for querying keyring credentials. (<code>[#849](pypa/twine#849) &lt;https://github.com/pypa/twine/issues/849&gt;</code>_)</li>
<li>Log all upload responses with <code>--verbose</code>. (<code>[#859](pypa/twine#859) &lt;https://github.com/pypa/twine/issues/859&gt;</code>_)</li>
<li>Show more helpful error message for invalid metadata. (<code>[#861](pypa/twine#861) &lt;https://github.com/pypa/twine/issues/861&gt;</code>_)</li>
</ul>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Require a recent version of urllib3. (<code>[#858](pypa/twine#858) &lt;https://github.com/pypa/twine/issues/858&gt;</code>_)</li>
</ul>
<h2>Twine 3.7.1 (2021-12-07)</h2>
<p>Improved Documentation
^^^^^^^^^^^^^^^^^^^^^^</p>
<ul>
<li>Fix broken link to packaging tutorial. (<code>[#844](pypa/twine#844) &lt;https://github.com/pypa/twine/issues/844&gt;</code>_)</li>
</ul>
<h2>Twine 3.7.0 (2021-12-01)</h2>
<p>Features</p>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/twine/commit/36695abf8837aba72d87304d99b789c3f2872c99"><code>36695ab</code></a> Update changelog for 4.0.0 (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/888">#888</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/4931a2a413229a77d1848bebd02b15f6d106ab69"><code>4931a2a</code></a> Make missing <code>long_description</code> check more flexible (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/887">#887</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/7cd0b236bf1b7531bc57ee7647fdb7054890486d"><code>7cd0b23</code></a> Subclass StringIO for _WarningStream. (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/886">#886</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/aa7c0473f0fc12b0b92376dc9d437929bde7713f"><code>aa7c047</code></a> Update sampleproject fixture (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/885">#885</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/a6dd69c79f7b5abfb79022092a5d3776a499e31b"><code>a6dd69c</code></a> Adopt Python 3.7+ syntax (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/882">#882</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/a0ba32dcd0ea5af5de7b88d6645b7743bf003760"><code>a0ba32d</code></a> Drop support for Python 3.6 (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/869">#869</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/55652f0a65d433860024650d0d66f62b690fe26c"><code>55652f0</code></a> Replace tqdm with Rich for progress bar (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/877">#877</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/c506b225b3ab57a40571001825dea0058a55807a"><code>c506b22</code></a> Filter unnecessary deps from User-Agent string (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/871">#871</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/a9e9cd6ecec3c4d4504704ccaba08be487d67ebf"><code>a9e9cd6</code></a> Fix detection of FIPS mode for blake2b (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/879">#879</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/f69d4b7e41b8d40342133d5c8e43df7316e73993"><code>f69d4b7</code></a> Use Rich for <code>print()</code> output (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/878">#878</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/twine/compare/3.8.0...4.0.0">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
mergify bot pushed a commit to aws/jsii that referenced this issue Jun 1, 2022
…/packages/jsii-pacmak/lib/targets/python (#3568)

Updates the requirements on [twine](https://github.com/pypa/twine) to permit the latest version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/pypa/twine/releases">twine's releases</a>.</em></p>
<blockquote>
<h2>4.0.1</h2>
<p><a href="https://pypi.org/project/twine/4.0.1/">https://pypi.org/project/twine/4.0.1/</a></p>
<p><a href="https://twine.readthedocs.io/en/stable/changelog.html#twine-4-0-1-2022-06-01">Changelog</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p>
<blockquote>
<h2>Twine 4.0.1 (2022-06-01)</h2>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Improve logging when keyring fails. (<code>[#890](pypa/twine#890) &lt;https://github.com/pypa/twine/issues/890&gt;</code>_)</li>
<li>Reconfgure root logger to show all log messages. (<code>[#896](pypa/twine#896) &lt;https://github.com/pypa/twine/issues/896&gt;</code>_)</li>
</ul>
<h2>Twine 4.0.0 (2022-03-31)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Drop support for Python 3.6. (<code>[#869](pypa/twine#869) &lt;https://github.com/pypa/twine/issues/869&gt;</code>_)</li>
<li>Use Rich to add color to <code>upload</code> output. (<code>[#851](pypa/twine#851) &lt;https://github.com/pypa/twine/issues/851&gt;</code>_)</li>
<li>Use Rich to add color to <code>check</code> output. (<code>[#874](pypa/twine#874) &lt;https://github.com/pypa/twine/issues/874&gt;</code>_)</li>
<li>Use Rich instead of tqdm for upload progress bar. (<code>[#877](pypa/twine#877) &lt;https://github.com/pypa/twine/issues/877&gt;</code>_)</li>
</ul>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Remove Twine's dependencies from the <code>User-Agent</code> header when uploading. (<code>[#871](pypa/twine#871) &lt;https://github.com/pypa/twine/issues/871&gt;</code>_)</li>
<li>Improve detection of disabled BLAKE2 hashing due to FIPS mode. (<code>[#879](pypa/twine#879) &lt;https://github.com/pypa/twine/issues/879&gt;</code>_)</li>
<li>Restore warning for missing <code>long_description</code>. (<code>[#887](pypa/twine#887) &lt;https://github.com/pypa/twine/issues/887&gt;</code>_)</li>
</ul>
<h2>Twine 3.8.0 (2022-02-02)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Add <code>--verbose</code> logging for querying keyring credentials. (<code>[#849](pypa/twine#849) &lt;https://github.com/pypa/twine/issues/849&gt;</code>_)</li>
<li>Log all upload responses with <code>--verbose</code>. (<code>[#859](pypa/twine#859) &lt;https://github.com/pypa/twine/issues/859&gt;</code>_)</li>
<li>Show more helpful error message for invalid metadata. (<code>[#861](pypa/twine#861) &lt;https://github.com/pypa/twine/issues/861&gt;</code>_)</li>
</ul>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Require a recent version of urllib3. (<code>[#858](pypa/twine#858) &lt;https://github.com/pypa/twine/issues/858&gt;</code>_)</li>
</ul>
<h2>Twine 3.7.1 (2021-12-07)</h2>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/twine/commit/8f5e5d6d42d582ef3ea6ef07da277e0cabd22fd2"><code>8f5e5d6</code></a> Update changelog for 4.0.1 (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/904">#904</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/62f3c67fa2f74cde433d6003b7ebf4256f129a7d"><code>62f3c67</code></a> Log keyring tracebacks (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/890">#890</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/d30df7038fd3545e30a2c9bd3728aa787659aa38"><code>d30df70</code></a> Update links to requests docs (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/899">#899</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/5525a2a628317eecb891859e395b0a54f2c57043"><code>5525a2a</code></a> Restore missing <code>__main__</code> logs (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/896">#896</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/b0b932f2da604e90f8a7a5a5c7e2841f519a8fb7"><code>b0b932f</code></a> Fix typos in tests (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/898">#898</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/4223ee154f1c962a0c33e2a3a95ed4c42bc62d41"><code>4223ee1</code></a> Require latest version of readme_renderer (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/892">#892</a>)</li>
<li>See full diff in <a href="https://github.com/pypa/twine/compare/4.0.0...4.0.1">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants