diff --git a/fix_test_mac_with_cryptographic_failure.patch b/fix_test_mac_with_cryptographic_failure.patch new file mode 100644 index 0000000..80e9493 --- /dev/null +++ b/fix_test_mac_with_cryptographic_failure.patch @@ -0,0 +1,44 @@ +From c70dbe4ed1d53a1a5dbd3aecaaba7fe654a4fbf1 Mon Sep 17 00:00:00 2001 +From: arp102 <92389169+arp102@users.noreply.github.com> +Date: Tue, 8 Aug 2023 15:35:21 -0400 +Subject: [PATCH] Fix test_mac_with_cryptographic_failure unit test. + +This test is meant to intentionally trigger an exception in the cryptography library +by creating a CMAC with a non-block cipher algorithm, IDEA. +That doesn't work any more because IDEA is now treated as a block cipher algorithm. +To fix this, we now use the ARC4 algorithm instead, +which does trigger the expected exception. +--- + kmip/services/server/crypto/engine.py | 3 +-- + kmip/tests/unit/services/server/crypto/test_engine.py | 4 ++-- + 2 files changed, 3 insertions(+), 4 deletions(-) + +diff --git a/kmip/services/server/crypto/engine.py b/kmip/services/server/crypto/engine.py +index e6527e4b..15527701 100644 +--- a/kmip/services/server/crypto/engine.py ++++ b/kmip/services/server/crypto/engine.py +@@ -269,8 +269,7 @@ def mac(self, algorithm, key, data): + ) + cipher_algorithm = self._symmetric_key_algorithms.get(algorithm) + try: +- # ARC4 and IDEA algorithms will raise exception as CMAC +- # requires block ciphers ++ # ARC4 and other non-block cipher algorithms will raise TypeError exceptions + c = cmac.CMAC(cipher_algorithm(key), backend=default_backend()) + c.update(data) + mac_data = c.finalize() +diff --git a/kmip/tests/unit/services/server/crypto/test_engine.py b/kmip/tests/unit/services/server/crypto/test_engine.py +index 4adb222b..edb52832 100644 +--- a/kmip/tests/unit/services/server/crypto/test_engine.py ++++ b/kmip/tests/unit/services/server/crypto/test_engine.py +@@ -247,8 +247,8 @@ def __init__(self): + + engine = crypto.CryptographyEngine() + +- # IDEA is not block cipher so cmac should raise exception +- args = [enums.CryptographicAlgorithm.IDEA, key, data] ++ # RC4 is not block cipher so cmac should raise exception ++ args = [enums.CryptographicAlgorithm.RC4, key, data] + self.assertRaises( + exceptions.CryptographicFailure, + engine.mac, diff --git a/python-PyKMIP.changes b/python-PyKMIP.changes index 9d22910..dad636a 100644 --- a/python-PyKMIP.changes +++ b/python-PyKMIP.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Sep 8 06:13:02 UTC 2023 - Daniel Garcia + +- Add upstream patch fix_test_mac_with_cryptographic_failure.patch + gh#OpenKMIP/PyKMIP#702, this fixes the issue with the + test_mac_with_cryptographic_failure. + ------------------------------------------------------------------- Thu Feb 23 10:44:02 UTC 2023 - Daniel Garcia diff --git a/python-PyKMIP.spec b/python-PyKMIP.spec index 230f796..769a1f2 100644 --- a/python-PyKMIP.spec +++ b/python-PyKMIP.spec @@ -32,6 +32,8 @@ Patch0: fix-tests-SQLAlchemy-140.patch Patch1: python-PyKMIP-no-mock.patch # PATCH-FIX-OPENSUSE crypto-39.patch gh#OpenKMIP/PyKMIP#689 Patch2: crypto-39.patch +# PATCH-FIX-UPSTREAM fix_test_mac_with_cryptographic_failure.patch gh#OpenKMIP/PyKMIP#702 +Patch3: fix_test_mac_with_cryptographic_failure.patch BuildRequires: %{python_module SQLAlchemy} BuildRequires: %{python_module cryptography} BuildRequires: %{python_module devel} @@ -77,11 +79,7 @@ Standards`_ (OASIS). PyKMIP supports a subset of features in versions %python_expand %fdupes %{buildroot}%{$python_sitelib} %check -# Broken test, possibly related with the latest release of openssl -# gh#OpenKMIP/PyKMIP#690 -donttest="test_mac_with_cryptographic_failure" - -%pytest -k "not ($donttest)" kmip/tests/unit +%pytest kmip/tests/unit %post %python_install_alternative pykmip-server