From 220dde15e14ec303b5df5d4538d61ec49d8dd59e Mon Sep 17 00:00:00 2001
From: Victor Stinner <vstinner@python.org>
Date: Thu, 14 Sep 2023 22:57:06 +0200
Subject: [PATCH] gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode

Use a longer key: FIPS mode requires at least of at least 112 bits.
The previous key was only 32 bits.
---
 Lib/test/test_socket.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
index f35618e0281e701..99c4c5cbc4902de 100644
--- a/Lib/test/test_socket.py
+++ b/Lib/test/test_socket.py
@@ -6474,12 +6474,16 @@ def test_sha256(self):
                 self.assertEqual(op.recv(512), expected)
 
     def test_hmac_sha1(self):
-        expected = bytes.fromhex("effcdf6ae5eb2fa2d27416d5f184df9c259a7c79")
+        # gh-109396: In FIPS mode, Linux 6.5 requires a key
+        # of at least 112 bits. Use a key of 152 bits.
+        key = b"Python loves AF_ALG"
+        data = b"what do ya want for nothing?"
+        expected = bytes.fromhex("193dbb43c6297b47ea6277ec0ce67119a3f3aa66")
         with self.create_alg('hash', 'hmac(sha1)') as algo:
-            algo.setsockopt(socket.SOL_ALG, socket.ALG_SET_KEY, b"Jefe")
+            algo.setsockopt(socket.SOL_ALG, socket.ALG_SET_KEY, key)
             op, _ = algo.accept()
             with op:
-                op.sendall(b"what do ya want for nothing?")
+                op.sendall(data)
                 self.assertEqual(op.recv(512), expected)
 
     # Although it should work with 3.19 and newer the test blocks on