We were getting this error on Python 3.2:
ERROR: runTest (Crypto.SelfTest.Hash.common.MACSelfTest)
CMAC #17: NIST SP 800 38B D.7 Example 17
----------------------------------------------------------------------
Traceback (most recent call last):
File "build/lib.linux-x86_64-3.2/Crypto/SelfTest/Hash/common.py", line 199, in runTest
self.assertRaises(ValueError, h.hexverify, "4556")
File "/home/dwon/py/pythons/python3.2/lib/python3.2/unittest/case.py", line 557, in assertRaises
callableObj(*args, **kwargs)
File "build/lib.linux-x86_64-3.2/Crypto/Hash/CMAC.py", line 323, in hexverify
self.verify(unhexlify(hex_mac_tag))
TypeError: 'str' does not support the buffer interface
In the current implementation, it is left up to the caller
to assess if the locally computed MAC matches the MAC associated
to the received message.
However, the most natural way to do that (use == operator)
is also deepy unsecure, see here:
http://seb.dbzteam.org/crypto/python-oauth-timing-hmac.pdf
With this patch, the new HMAC.verify() method accepts
the given MAC and perform the check on behalf of the caller.
The method will use constant-time code (still dependent on the length
of the MAC, but not on the actual content).
[dlitz@dlitz.net: Modified commit message subject line.]
[dlitz@dlitz.net: Whitespace fixed with "git rebase --whitespace=fix"]
o _fastmath now builds and runs on PY3K
o Changes to setup.py to allow /usr/include for gmp.h
o Changes to setup.py to allow linking fastmath w/ static mpir
on Windows without warning messages
o Changes to test_DSA/test_RSA to throw an exception if _fastmath
is present but cannot be imported (due to an issue building
_fastmath or the shared gmp/mpir libraries not being reachable)
o number.py has the code to flag a failing _fastmath, but that
code is commented out for a better runtime experience
o Clean up the if for py21compat import - should have been == not is
o Clean up some '== None' occurences, now 'is None' instead
This will avoid the previous situation where scripts like the old "test.py"
get included accidentally in a release. It also frees us to put additional
build scripts in the top-level directory of the source tree.
