summaryrefslogtreecommitdiffstats
path: root/Lib/hashlib.py
diff options
context:
space:
mode:
authorVictor Stinner <vstinner@python.org>2022-06-28 09:51:13 (GMT)
committerGitHub <noreply@github.com>2022-06-28 09:51:13 (GMT)
commit71d5299b73c854a7b0e12eb5d0a524579723660b (patch)
tree4b3c56052382756ef9c23698d27961ab25b18263 /Lib/hashlib.py
parent5c5fc9da3f91ac09f7f00ac644071cd5efb2eafe (diff)
downloadcpython-71d5299b73c854a7b0e12eb5d0a524579723660b.zip
cpython-71d5299b73c854a7b0e12eb5d0a524579723660b.tar.gz
cpython-71d5299b73c854a7b0e12eb5d0a524579723660b.tar.bz2
gh-94199: Remove hashlib.pbkdf2_hmac() Python implementation (GH-94200)
Remove the pure Python implementation of hashlib.pbkdf2_hmac(), deprecated in Python 3.10. Python 3.10 and newer requires OpenSSL 1.1.1 or newer (PEP 644), this OpenSSL version provides a C implementation of pbkdf2_hmac() which is faster.
Diffstat (limited to 'Lib/hashlib.py')
-rw-r--r--Lib/hashlib.py70
1 files changed, 4 insertions, 66 deletions
diff --git a/Lib/hashlib.py b/Lib/hashlib.py
index b546a3f..21b5e91 100644
--- a/Lib/hashlib.py
+++ b/Lib/hashlib.py
@@ -65,7 +65,7 @@ algorithms_guaranteed = set(__always_supported)
algorithms_available = set(__always_supported)
__all__ = __always_supported + ('new', 'algorithms_guaranteed',
- 'algorithms_available', 'pbkdf2_hmac', 'file_digest')
+ 'algorithms_available', 'file_digest')
__builtin_constructor_cache = {}
@@ -180,72 +180,10 @@ except ImportError:
try:
# OpenSSL's PKCS5_PBKDF2_HMAC requires OpenSSL 1.0+ with HMAC and SHA
from _hashlib import pbkdf2_hmac
+ __all__ += ('pbkdf2_hmac',)
except ImportError:
- from warnings import warn as _warn
- _trans_5C = bytes((x ^ 0x5C) for x in range(256))
- _trans_36 = bytes((x ^ 0x36) for x in range(256))
-
- def pbkdf2_hmac(hash_name, password, salt, iterations, dklen=None):
- """Password based key derivation function 2 (PKCS #5 v2.0)
-
- This Python implementations based on the hmac module about as fast
- as OpenSSL's PKCS5_PBKDF2_HMAC for short passwords and much faster
- for long passwords.
- """
- _warn(
- "Python implementation of pbkdf2_hmac() is deprecated.",
- category=DeprecationWarning,
- stacklevel=2
- )
- if not isinstance(hash_name, str):
- raise TypeError(hash_name)
-
- if not isinstance(password, (bytes, bytearray)):
- password = bytes(memoryview(password))
- if not isinstance(salt, (bytes, bytearray)):
- salt = bytes(memoryview(salt))
-
- # Fast inline HMAC implementation
- inner = new(hash_name)
- outer = new(hash_name)
- blocksize = getattr(inner, 'block_size', 64)
- if len(password) > blocksize:
- password = new(hash_name, password).digest()
- password = password + b'\x00' * (blocksize - len(password))
- inner.update(password.translate(_trans_36))
- outer.update(password.translate(_trans_5C))
-
- def prf(msg, inner=inner, outer=outer):
- # PBKDF2_HMAC uses the password as key. We can re-use the same
- # digest objects and just update copies to skip initialization.
- icpy = inner.copy()
- ocpy = outer.copy()
- icpy.update(msg)
- ocpy.update(icpy.digest())
- return ocpy.digest()
-
- if iterations < 1:
- raise ValueError(iterations)
- if dklen is None:
- dklen = outer.digest_size
- if dklen < 1:
- raise ValueError(dklen)
-
- dkey = b''
- loop = 1
- from_bytes = int.from_bytes
- while len(dkey) < dklen:
- prev = prf(salt + loop.to_bytes(4))
- # endianness doesn't matter here as long to / from use the same
- rkey = from_bytes(prev)
- for i in range(iterations - 1):
- prev = prf(prev)
- # rkey = rkey ^ prev
- rkey ^= from_bytes(prev)
- loop += 1
- dkey += rkey.to_bytes(inner.digest_size)
-
- return dkey[:dklen]
+ pass
+
try:
# OpenSSL's scrypt requires OpenSSL 1.1+
generated by cgit v0.12 at 2024-11-21 16:23:53 (GMT)