a

���f��@sjdd
lm
Z

ddlZddlZddlZddlZGdd�d�Zdd�Zddd	�
Zd
d�Z	dd
�Z
ddd�
ZdS)�)
�absolute_importNc@seZ
dZd
Zdd�ZdS)�DevNullza
    Simple class to supress errors which may occur when importing hashlib
    in FIPS mode.
    c
CsdS)
N�)�self�msgrr�,/usr/lib/python3.9/site-packages/oci/fips.py�writes
z
DevNull.writeN)�__name__�
__module__�__qualname__�__doc__rrrrrrs
rc
Cs8t�
|�
}
|
�t�d
�
�

ddl}t|d�s4|
j|_dS)zQ
    Override libcrypto and add FIPS_mode function to ssl if it is not there
    �
r
N�	FIPS_mode)�ctypesZCDLLZ
FIPS_mode_setZc_int�ssl�hasattrr)�fips_libcrypto_pathZ
_bs_cryptorrrr�override_libcryptos






r�c

Cstd
�
�
dS)zm
    Placeholder md5 function for hashlib so it won't segfault when called after
    enabling FIPS mode.
    zmd5 disabled for fipsN)
�
ValueError)
Zintitial_messagerrr�md5!s
rc	CsBtj
}zt�t_
d
dl}
Wnttfy0


Yn0|t_
t|
_dS)z�
    hashlib.md5 is imported by urllib3, which is required by requests,
    which is used by oci (python sdk).  This will cause errors so we need to
    patch hashlib.
    r
N)�sys�stderrr�hashlib�RuntimeErrorrr)rrrrr�patch_hashlib_md5*s






rcCsZd
dl}d
dl
}
t|
d�sdS|
��dkr.dSz|�d�
��}WdStyT


Yn0dS)zZ
    Verify that ssl.FIPS_mode() returns 1 and that using md5 raises an
    exception
    r
NrFr
�Hello World
T)rrrrr�	hexdigestr)rr�digestrrr�is_fips_mode;s







rc
Cs�t�
d
�ttt�
��
}
|
�t���

|sRdtj	vr>tj	d}ndtj	vrRtj	d}|r�t
|�

ddl}z|�d�
�
�}t�
Wnty�


Yn0|
�d�|�
�

t�r�|
�d�

n
|
�d	�

dS)
zG
    Enable FIPS mode by overriding libcrypto and patching hashlib
    z{}.{}ZFIPS_LIBCRYPTO_PATHZ"OCI_PYTHON_SDK_FIPS_LIBCRYPTO_PATHr
NrzUsing '{}' for libcyptozFIPS mode is activezFailed to enter FIPS mode)�loggingZ	getLogger�formatr	�id�enable_fips_modeZ
addHandlerZNullHandler�os�environrrrrrr�infor�error)r�loggerrrrrrr#Ss&













r#)
r)
N)Z
__future__rrrr r$rrrrrr#rrrr�<module>s