bpo-38153: Normalize hashlib algorithm names (GH-16083)

Signed-off-by: Christian Heimes <christian@python.org>
author: Christian Heimes <christian@python.org> 2019-09-13 13:31:19 (GMT)
committer: Gregory P. Smith <greg@krypto.org> 2019-09-13 13:31:19 (GMT)
commit: 995b5d38e7cc24cac3de8dfd516115f86b0bcf80 (patch)
tree: 24e2115e689a8f777294b0b18c0bd7da851a5a23 /Lib
parent: 375a3e2bdbeb4dce69aba4b5bc90f55fe27e81b4 (diff)
download: cpython-995b5d38e7cc24cac3de8dfd516115f86b0bcf80.zip
cpython-995b5d38e7cc24cac3de8dfd516115f86b0bcf80.tar.gz
cpython-995b5d38e7cc24cac3de8dfd516115f86b0bcf80.tar.bz2
2 files changed, 30 insertions, 11 deletions
diff --git a/Lib/hashlib.py b/Lib/hashlib.py
index 4e783a8..56873b7 100644
--- a/Lib/hashlib.py
+++ b/Lib/hashlib.py
@@ -70,37 +70,44 @@ __all__ = __always_supported + ('new', 'algorithms_guaranteed',
 
 __builtin_constructor_cache = {}
 
+__block_openssl_constructor = {
+    'sha3_224', 'sha3_256', 'sha3_384', 'sha3_512',
+    'shake_128', 'shake_256',
+    'blake2b', 'blake2s',
+}
+
 def __get_builtin_constructor(name):
     cache = __builtin_constructor_cache
     constructor = cache.get(name)
     if constructor is not None:
         return constructor
     try:
-        if name in ('SHA1', 'sha1'):
+        if name in {'SHA1', 'sha1'}:
             import _sha1
             cache['SHA1'] = cache['sha1'] = _sha1.sha1
-        elif name in ('MD5', 'md5'):
+        elif name in {'MD5', 'md5'}:
             import _md5
             cache['MD5'] = cache['md5'] = _md5.md5
-        elif name in ('SHA256', 'sha256', 'SHA224', 'sha224'):
+        elif name in {'SHA256', 'sha256', 'SHA224', 'sha224'}:
             import _sha256
             cache['SHA224'] = cache['sha224'] = _sha256.sha224
             cache['SHA256'] = cache['sha256'] = _sha256.sha256
-        elif name in ('SHA512', 'sha512', 'SHA384', 'sha384'):
+        elif name in {'SHA512', 'sha512', 'SHA384', 'sha384'}:
             import _sha512
             cache['SHA384'] = cache['sha384'] = _sha512.sha384
             cache['SHA512'] = cache['sha512'] = _sha512.sha512
-        elif name in ('blake2b', 'blake2s'):
+        elif name in {'blake2b', 'blake2s'}:
             import _blake2
             cache['blake2b'] = _blake2.blake2b
             cache['blake2s'] = _blake2.blake2s
-        elif name in {'sha3_224', 'sha3_256', 'sha3_384', 'sha3_512',
-                      'shake_128', 'shake_256'}:
+        elif name in {'sha3_224', 'sha3_256', 'sha3_384', 'sha3_512'}:
             import _sha3
             cache['sha3_224'] = _sha3.sha3_224
             cache['sha3_256'] = _sha3.sha3_256
             cache['sha3_384'] = _sha3.sha3_384
             cache['sha3_512'] = _sha3.sha3_512
+        elif name in {'shake_128', 'shake_256'}:
+            import _sha3
             cache['shake_128'] = _sha3.shake_128
             cache['shake_256'] = _sha3.shake_256
     except ImportError:
@@ -114,8 +121,8 @@ def __get_builtin_constructor(name):
 
 
 def __get_openssl_constructor(name):
-    if name in {'blake2b', 'blake2s'}:
-        # Prefer our blake2 implementation.
+    if name in __block_openssl_constructor:
+        # Prefer our blake2 and sha3 implementation.
         return __get_builtin_constructor(name)
     try:
         f = getattr(_hashlib, 'openssl_' + name)
@@ -140,8 +147,8 @@ def __hash_new(name, data=b'', **kwargs):
     """new(name, data=b'') - Return a new hashing object using the named algorithm;
     optionally initialized with data (which must be a bytes-like object).
     """
-    if name in {'blake2b', 'blake2s'}:
-        # Prefer our blake2 implementation.
+    if name in __block_openssl_constructor:
+        # Prefer our blake2 and sha3 implementation
         # OpenSSL 1.1.0 comes with a limited implementation of blake2b/s.
         # It does neither support keyed blake2 nor advanced features like
         # salt, personal, tree hashing or SSE.
diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py
index 46088e5..9204b44 100644
--- a/Lib/test/test_hashlib.py
+++ b/Lib/test/test_hashlib.py
@@ -27,6 +27,11 @@ c_hashlib = import_fresh_module('hashlib', fresh=['_hashlib'])
 py_hashlib = import_fresh_module('hashlib', blocked=['_hashlib'])
 
 try:
+    from _hashlib import HASH
+except ImportError:
+    HASH = None
+
+try:
     import _blake2
 except ImportError:
     _blake2 = None
@@ -386,6 +391,9 @@ class HashLibTestCase(unittest.TestCase):
         constructors = self.constructors_to_test[name]
         for hash_object_constructor in constructors:
             m = hash_object_constructor()
+            if HASH is not None and isinstance(m, HASH):
+                # _hashopenssl's variant does not have extra SHA3 attributes
+                continue
             self.assertEqual(capacity + rate, 1600)
             self.assertEqual(m._capacity_bits, capacity)
             self.assertEqual(m._rate_bits, rate)
@@ -985,6 +993,10 @@ class KDFTests(unittest.TestCase):
                 hashlib.scrypt(b'password', salt=b'salt', n=2, r=8, p=1,
                                dklen=dklen)
 
+    def test_normalized_name(self):
+        self.assertNotIn("blake2b512", hashlib.algorithms_available)
+        self.assertNotIn("sha3-512", hashlib.algorithms_available)
+
 
 if __name__ == "__main__":
     unittest.main()
author	Christian Heimes <christian@python.org>	2019-09-13 13:31:19 (GMT)
committer	Gregory P. Smith <greg@krypto.org>	2019-09-13 13:31:19 (GMT)
commit	995b5d38e7cc24cac3de8dfd516115f86b0bcf80 (patch)
tree	24e2115e689a8f777294b0b18c0bd7da851a5a23 /Lib
parent	375a3e2bdbeb4dce69aba4b5bc90f55fe27e81b4 (diff)
download	cpython-995b5d38e7cc24cac3de8dfd516115f86b0bcf80.zip cpython-995b5d38e7cc24cac3de8dfd516115f86b0bcf80.tar.gz cpython-995b5d38e7cc24cac3de8dfd516115f86b0bcf80.tar.bz2