diff options
author | Christian Heimes <christian@python.org> | 2019-09-13 00:30:00 (GMT) |
---|---|---|
committer | Gregory P. Smith <greg@krypto.org> | 2019-09-13 00:30:00 (GMT) |
commit | 7cad53e6b084435a220e6604010f1fa5778bd0b1 (patch) | |
tree | a54b4906b9e9fc18bd5319fe87ad8a7fc071b3a7 /Modules/_blake2/clinic/blake2b_impl.c.h | |
parent | 3a4f66707e824ef3a8384827590ebaa6ca463dc0 (diff) | |
download | cpython-7cad53e6b084435a220e6604010f1fa5778bd0b1.zip cpython-7cad53e6b084435a220e6604010f1fa5778bd0b1.tar.gz cpython-7cad53e6b084435a220e6604010f1fa5778bd0b1.tar.bz2 |
bpo-9216: Add usedforsecurity to hashlib constructors (GH-16044)
The usedforsecurity keyword only argument added to the hash constructors is useful for FIPS builds and similar restrictive environment with non-technical requirements that legacy algorithms be forbidden by their implementations without being explicitly annotated as not being used for any security related purposes. Linux distros with FIPS support benefit from this being standard rather than making up their own way(s) to do it.
Contributed and Signed-off-by: Christian Heimes christian@python.org
Diffstat (limited to 'Modules/_blake2/clinic/blake2b_impl.c.h')
-rw-r--r-- | Modules/_blake2/clinic/blake2b_impl.c.h | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/Modules/_blake2/clinic/blake2b_impl.c.h b/Modules/_blake2/clinic/blake2b_impl.c.h index cd329c0..07258c3 100644 --- a/Modules/_blake2/clinic/blake2b_impl.c.h +++ b/Modules/_blake2/clinic/blake2b_impl.c.h @@ -5,7 +5,8 @@ preserve PyDoc_STRVAR(py_blake2b_new__doc__, "blake2b(data=b\'\', /, *, digest_size=_blake2.blake2b.MAX_DIGEST_SIZE,\n" " key=b\'\', salt=b\'\', person=b\'\', fanout=1, depth=1, leaf_size=0,\n" -" node_offset=0, node_depth=0, inner_size=0, last_node=False)\n" +" node_offset=0, node_depth=0, inner_size=0, last_node=False,\n" +" usedforsecurity=True)\n" "--\n" "\n" "Return a new BLAKE2b hash object."); @@ -15,15 +16,15 @@ py_blake2b_new_impl(PyTypeObject *type, PyObject *data, int digest_size, Py_buffer *key, Py_buffer *salt, Py_buffer *person, int fanout, int depth, unsigned long leaf_size, unsigned long long node_offset, int node_depth, - int inner_size, int last_node); + int inner_size, int last_node, int usedforsecurity); static PyObject * py_blake2b_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"", "digest_size", "key", "salt", "person", "fanout", "depth", "leaf_size", "node_offset", "node_depth", "inner_size", "last_node", NULL}; + static const char * const _keywords[] = {"", "digest_size", "key", "salt", "person", "fanout", "depth", "leaf_size", "node_offset", "node_depth", "inner_size", "last_node", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "blake2b", 0}; - PyObject *argsbuf[12]; + PyObject *argsbuf[13]; PyObject * const *fastargs; Py_ssize_t nargs = PyTuple_GET_SIZE(args); Py_ssize_t noptargs = nargs + (kwargs ? PyDict_GET_SIZE(kwargs) : 0) - 0; @@ -39,6 +40,7 @@ py_blake2b_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) int node_depth = 0; int inner_size = 0; int last_node = 0; + int usedforsecurity = 1; fastargs = _PyArg_UnpackKeywords(_PyTuple_CAST(args)->ob_item, nargs, kwargs, NULL, &_parser, 0, 1, 0, argsbuf); if (!fastargs) { @@ -175,12 +177,21 @@ skip_optional_posonly: goto skip_optional_kwonly; } } - last_node = PyObject_IsTrue(fastargs[11]); - if (last_node < 0) { + if (fastargs[11]) { + last_node = PyObject_IsTrue(fastargs[11]); + if (last_node < 0) { + goto exit; + } + if (!--noptargs) { + goto skip_optional_kwonly; + } + } + usedforsecurity = PyObject_IsTrue(fastargs[12]); + if (usedforsecurity < 0) { goto exit; } skip_optional_kwonly: - return_value = py_blake2b_new_impl(type, data, digest_size, &key, &salt, &person, fanout, depth, leaf_size, node_offset, node_depth, inner_size, last_node); + return_value = py_blake2b_new_impl(type, data, digest_size, &key, &salt, &person, fanout, depth, leaf_size, node_offset, node_depth, inner_size, last_node, usedforsecurity); exit: /* Cleanup for key */ @@ -261,4 +272,4 @@ _blake2_blake2b_hexdigest(BLAKE2bObject *self, PyObject *Py_UNUSED(ignored)) { return _blake2_blake2b_hexdigest_impl(self); } -/*[clinic end generated code: output=cbb625d7f60c288c input=a9049054013a1b77]*/ +/*[clinic end generated code: output=2d6d0fe9aa42a42a input=a9049054013a1b77]*/ |