From 8ad90074ff7e77d2b864d90ae7f4d0fd6bf78a0b Mon Sep 17 00:00:00 2001 From: Shreenidhi Shedi Date: Mon, 11 Jul 2022 11:54:59 +0000 Subject: [PATCH 1/2] gh-95231: Handle the EPERM error gracefully in crypt.py. If kernel fips is enabled, we get permission error upon doing `import crypt`. Logs after reproducing the issue: Python 3.9.1 (default, May 10 2022, 11:36:26) [GCC 10.2.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import crypt Traceback (most recent call last): File "", line 1, in File "/usr/lib/python3.9/crypt.py", line 117, in _add_method('MD5', '1', 8, 34) File "/usr/lib/python3.9/crypt.py", line 94, in _add_method result = crypt('', salt) File "/usr/lib/python3.9/crypt.py", line 82, in crypt return _crypt.crypt(word, salt) PermissionError: [Errno 1] Operation not permitted Signed-off-by: Shreenidhi Shedi --- Lib/crypt.py | 2 +- .../next/Library/2022-07-25-15-45-06.gh-issue-95231.i807-g.rst | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 Misc/NEWS.d/next/Library/2022-07-25-15-45-06.gh-issue-95231.i807-g.rst diff --git a/Lib/crypt.py b/Lib/crypt.py index 46c3de8474bf1c..de4a14a3884762 100644 --- a/Lib/crypt.py +++ b/Lib/crypt.py @@ -98,7 +98,7 @@ def _add_method(name, *args, rounds=None): result = crypt('', salt) except OSError as e: # Not all libc libraries support all encryption methods. - if e.errno == errno.EINVAL: + if e.errno in {errno.EINVAL, errno.EPERM, errno.ENOSYS}: return False raise if result and len(result) == method.total_size: diff --git a/Misc/NEWS.d/next/Library/2022-07-25-15-45-06.gh-issue-95231.i807-g.rst b/Misc/NEWS.d/next/Library/2022-07-25-15-45-06.gh-issue-95231.i807-g.rst new file mode 100644 index 00000000000000..17bd969fab5f41 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2022-07-25-15-45-06.gh-issue-95231.i807-g.rst @@ -0,0 +1,3 @@ +Fail gracefully if :data:`~errno.EPROM` or :data:`~errno.ENOSYS` is raised when loading +:mod:`crypt` methods. This may happen when trying to load ``MD5`` on a Linux kernel +with :abbr:`FIPS (Federal Information Processing Standard)` enabled. From b6c2e1bff56e58388c507af409e2594d7a7199a5 Mon Sep 17 00:00:00 2001 From: "Erlend E. Aasland" Date: Mon, 8 Aug 2022 15:10:20 +0200 Subject: [PATCH 2/2] Update Misc/NEWS.d/next/Library/2022-07-25-15-45-06.gh-issue-95231.i807-g.rst --- .../next/Library/2022-07-25-15-45-06.gh-issue-95231.i807-g.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Misc/NEWS.d/next/Library/2022-07-25-15-45-06.gh-issue-95231.i807-g.rst b/Misc/NEWS.d/next/Library/2022-07-25-15-45-06.gh-issue-95231.i807-g.rst index 17bd969fab5f41..aa53f2938bc930 100644 --- a/Misc/NEWS.d/next/Library/2022-07-25-15-45-06.gh-issue-95231.i807-g.rst +++ b/Misc/NEWS.d/next/Library/2022-07-25-15-45-06.gh-issue-95231.i807-g.rst @@ -1,3 +1,3 @@ -Fail gracefully if :data:`~errno.EPROM` or :data:`~errno.ENOSYS` is raised when loading +Fail gracefully if :data:`~errno.EPERM` or :data:`~errno.ENOSYS` is raised when loading :mod:`crypt` methods. This may happen when trying to load ``MD5`` on a Linux kernel with :abbr:`FIPS (Federal Information Processing Standard)` enabled.