Accepting request 1109678 from devel:languages:python

- Add upstream patch fix_test_mac_with_cryptographic_failure.patch
  gh#OpenKMIP/PyKMIP#702, this fixes the issue with the
  test_mac_with_cryptographic_failure.

OBS-URL: https://build.opensuse.org/request/show/1109678
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-PyKMIP?expand=0&rev=10

fix_test_mac_with_cryptographic_failure.patch

@@ -0,0 +1,44 @@
+From c70dbe4ed1d53a1a5dbd3aecaaba7fe654a4fbf1 Mon Sep 17 00:00:00 2001
+From: arp102 <92389169+arp102@users.noreply.github.com>
+Date: Tue, 8 Aug 2023 15:35:21 -0400
+Subject: [PATCH] Fix test_mac_with_cryptographic_failure unit test.
+
+This test is meant to intentionally trigger an exception in the cryptography library
+by creating a CMAC with a non-block cipher algorithm, IDEA.
+That doesn't work any more because IDEA is now treated as a block cipher algorithm.
+To fix this, we now use the ARC4 algorithm instead,
+which does trigger the expected exception.
+---
+ kmip/services/server/crypto/engine.py                 | 3 +--
+ kmip/tests/unit/services/server/crypto/test_engine.py | 4 ++--
+ 2 files changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/kmip/services/server/crypto/engine.py b/kmip/services/server/crypto/engine.py
+index e6527e4b..15527701 100644
+--- a/kmip/services/server/crypto/engine.py
++++ b/kmip/services/server/crypto/engine.py
+@@ -269,8 +269,7 @@ def mac(self, algorithm, key, data):
+             )
+             cipher_algorithm = self._symmetric_key_algorithms.get(algorithm)
+             try:
+-                # ARC4 and IDEA algorithms will raise exception as CMAC
+-                # requires block ciphers
++                # ARC4 and other non-block cipher algorithms will raise TypeError exceptions
+                 c = cmac.CMAC(cipher_algorithm(key), backend=default_backend())
+                 c.update(data)
+                 mac_data = c.finalize()
+diff --git a/kmip/tests/unit/services/server/crypto/test_engine.py b/kmip/tests/unit/services/server/crypto/test_engine.py
+index 4adb222b..edb52832 100644
+--- a/kmip/tests/unit/services/server/crypto/test_engine.py
++++ b/kmip/tests/unit/services/server/crypto/test_engine.py
+@@ -247,8 +247,8 @@ def __init__(self):
+ 
+         engine = crypto.CryptographyEngine()
+ 
+-        # IDEA is not block cipher so cmac should raise exception
+-        args = [enums.CryptographicAlgorithm.IDEA, key, data]
++        # RC4 is not block cipher so cmac should raise exception
++        args = [enums.CryptographicAlgorithm.RC4, key, data]
+         self.assertRaises(
+             exceptions.CryptographicFailure,
+             engine.mac,

python-PyKMIP.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Sep  8 06:13:02 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Add upstream patch fix_test_mac_with_cryptographic_failure.patch
+  gh#OpenKMIP/PyKMIP#702, this fixes the issue with the
+  test_mac_with_cryptographic_failure.
+
 -------------------------------------------------------------------
 Thu Feb 23 10:44:02 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
 

python-PyKMIP.spec

@@ -32,6 +32,8 @@ Patch0:         fix-tests-SQLAlchemy-140.patch
 Patch1:         python-PyKMIP-no-mock.patch
 # PATCH-FIX-OPENSUSE crypto-39.patch gh#OpenKMIP/PyKMIP#689
 Patch2:         crypto-39.patch
+# PATCH-FIX-UPSTREAM fix_test_mac_with_cryptographic_failure.patch gh#OpenKMIP/PyKMIP#702
+Patch3:         fix_test_mac_with_cryptographic_failure.patch
 BuildRequires:  %{python_module SQLAlchemy}
 BuildRequires:  %{python_module cryptography}
 BuildRequires:  %{python_module devel}
@@ -77,11 +79,7 @@ Standards`_ (OASIS). PyKMIP supports a subset of features in versions
 %python_expand %fdupes %{buildroot}%{$python_sitelib}
 
 %check
-# Broken test, possibly related with the latest release of openssl
+%pytest kmip/tests/unit
-# gh#OpenKMIP/PyKMIP#690
-donttest="test_mac_with_cryptographic_failure"
-
-%pytest -k "not ($donttest)" kmip/tests/unit
 
 %post
 %python_install_alternative pykmip-server