summaryrefslogtreecommitdiffstats
path: root/Modules
diff options
context:
space:
mode:
authorChristian Heimes <christian@python.org>2019-09-13 00:30:00 (GMT)
committerGregory P. Smith <greg@krypto.org>2019-09-13 00:30:00 (GMT)
commit7cad53e6b084435a220e6604010f1fa5778bd0b1 (patch)
treea54b4906b9e9fc18bd5319fe87ad8a7fc071b3a7 /Modules
parent3a4f66707e824ef3a8384827590ebaa6ca463dc0 (diff)
downloadcpython-7cad53e6b084435a220e6604010f1fa5778bd0b1.zip
cpython-7cad53e6b084435a220e6604010f1fa5778bd0b1.tar.gz
cpython-7cad53e6b084435a220e6604010f1fa5778bd0b1.tar.bz2
bpo-9216: Add usedforsecurity to hashlib constructors (GH-16044)
The usedforsecurity keyword only argument added to the hash constructors is useful for FIPS builds and similar restrictive environment with non-technical requirements that legacy algorithms be forbidden by their implementations without being explicitly annotated as not being used for any security related purposes. Linux distros with FIPS support benefit from this being standard rather than making up their own way(s) to do it. Contributed and Signed-off-by: Christian Heimes christian@python.org
Diffstat (limited to 'Modules')
-rw-r--r--Modules/_blake2/blake2b_impl.c5
-rw-r--r--Modules/_blake2/blake2s_impl.c5
-rw-r--r--Modules/_blake2/clinic/blake2b_impl.c.h27
-rw-r--r--Modules/_blake2/clinic/blake2s_impl.c.h27
-rw-r--r--Modules/_hashopenssl.c81
-rw-r--r--Modules/_sha3/clinic/sha3module.c.h48
-rw-r--r--Modules/_sha3/sha3module.c41
-rw-r--r--Modules/clinic/_hashopenssl.c.h191
-rw-r--r--Modules/clinic/md5module.c.h28
-rw-r--r--Modules/clinic/sha1module.c.h28
-rw-r--r--Modules/clinic/sha256module.c.h54
-rw-r--r--Modules/clinic/sha512module.c.h54
-rw-r--r--Modules/md5module.c6
-rw-r--r--Modules/sha1module.c6
-rw-r--r--Modules/sha256module.c12
-rw-r--r--Modules/sha512module.c12
16 files changed, 466 insertions, 159 deletions
diff --git a/Modules/_blake2/blake2b_impl.c b/Modules/_blake2/blake2b_impl.c
index edab31e..88c103f 100644
--- a/Modules/_blake2/blake2b_impl.c
+++ b/Modules/_blake2/blake2b_impl.c
@@ -81,6 +81,7 @@ _blake2.blake2b.__new__ as py_blake2b_new
node_depth: int = 0
inner_size: int = 0
last_node: bool = False
+ usedforsecurity: bool = True
Return a new BLAKE2b hash object.
[clinic start generated code]*/
@@ -90,8 +91,8 @@ py_blake2b_new_impl(PyTypeObject *type, PyObject *data, int digest_size,
Py_buffer *key, Py_buffer *salt, Py_buffer *person,
int fanout, int depth, unsigned long leaf_size,
unsigned long long node_offset, int node_depth,
- int inner_size, int last_node)
-/*[clinic end generated code: output=65e732c66c2297a0 input=82be35a4e6a9daa2]*/
+ int inner_size, int last_node, int usedforsecurity)
+/*[clinic end generated code: output=32bfd8f043c6896f input=b947312abff46977]*/
{
BLAKE2bObject *self = NULL;
Py_buffer buf;
diff --git a/Modules/_blake2/blake2s_impl.c b/Modules/_blake2/blake2s_impl.c
index ef2f7e1..c7c7eaf 100644
--- a/Modules/_blake2/blake2s_impl.c
+++ b/Modules/_blake2/blake2s_impl.c
@@ -81,6 +81,7 @@ _blake2.blake2s.__new__ as py_blake2s_new
node_depth: int = 0
inner_size: int = 0
last_node: bool = False
+ usedforsecurity: bool = True
Return a new BLAKE2s hash object.
[clinic start generated code]*/
@@ -90,8 +91,8 @@ py_blake2s_new_impl(PyTypeObject *type, PyObject *data, int digest_size,
Py_buffer *key, Py_buffer *salt, Py_buffer *person,
int fanout, int depth, unsigned long leaf_size,
unsigned long long node_offset, int node_depth,
- int inner_size, int last_node)
-/*[clinic end generated code: output=b95806be0514dcf7 input=641c0509debf714d]*/
+ int inner_size, int last_node, int usedforsecurity)
+/*[clinic end generated code: output=556181f73905c686 input=4dda87723f23abb0]*/
{
BLAKE2sObject *self = NULL;
Py_buffer buf;
diff --git a/Modules/_blake2/clinic/blake2b_impl.c.h b/Modules/_blake2/clinic/blake2b_impl.c.h
index cd329c0..07258c3 100644
--- a/Modules/_blake2/clinic/blake2b_impl.c.h
+++ b/Modules/_blake2/clinic/blake2b_impl.c.h
@@ -5,7 +5,8 @@ preserve
PyDoc_STRVAR(py_blake2b_new__doc__,
"blake2b(data=b\'\', /, *, digest_size=_blake2.blake2b.MAX_DIGEST_SIZE,\n"
" key=b\'\', salt=b\'\', person=b\'\', fanout=1, depth=1, leaf_size=0,\n"
-" node_offset=0, node_depth=0, inner_size=0, last_node=False)\n"
+" node_offset=0, node_depth=0, inner_size=0, last_node=False,\n"
+" usedforsecurity=True)\n"
"--\n"
"\n"
"Return a new BLAKE2b hash object.");
@@ -15,15 +16,15 @@ py_blake2b_new_impl(PyTypeObject *type, PyObject *data, int digest_size,
Py_buffer *key, Py_buffer *salt, Py_buffer *person,
int fanout, int depth, unsigned long leaf_size,
unsigned long long node_offset, int node_depth,
- int inner_size, int last_node);
+ int inner_size, int last_node, int usedforsecurity);
static PyObject *
py_blake2b_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
{
PyObject *return_value = NULL;
- static const char * const _keywords[] = {"", "digest_size", "key", "salt", "person", "fanout", "depth", "leaf_size", "node_offset", "node_depth", "inner_size", "last_node", NULL};
+ static const char * const _keywords[] = {"", "digest_size", "key", "salt", "person", "fanout", "depth", "leaf_size", "node_offset", "node_depth", "inner_size", "last_node", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "blake2b", 0};
- PyObject *argsbuf[12];
+ PyObject *argsbuf[13];
PyObject * const *fastargs;
Py_ssize_t nargs = PyTuple_GET_SIZE(args);
Py_ssize_t noptargs = nargs + (kwargs ? PyDict_GET_SIZE(kwargs) : 0) - 0;
@@ -39,6 +40,7 @@ py_blake2b_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
int node_depth = 0;
int inner_size = 0;
int last_node = 0;
+ int usedforsecurity = 1;
fastargs = _PyArg_UnpackKeywords(_PyTuple_CAST(args)->ob_item, nargs, kwargs, NULL, &_parser, 0, 1, 0, argsbuf);
if (!fastargs) {
@@ -175,12 +177,21 @@ skip_optional_posonly:
goto skip_optional_kwonly;
}
}
- last_node = PyObject_IsTrue(fastargs[11]);
- if (last_node < 0) {
+ if (fastargs[11]) {
+ last_node = PyObject_IsTrue(fastargs[11]);
+ if (last_node < 0) {
+ goto exit;
+ }
+ if (!--noptargs) {
+ goto skip_optional_kwonly;
+ }
+ }
+ usedforsecurity = PyObject_IsTrue(fastargs[12]);
+ if (usedforsecurity < 0) {
goto exit;
}
skip_optional_kwonly:
- return_value = py_blake2b_new_impl(type, data, digest_size, &key, &salt, &person, fanout, depth, leaf_size, node_offset, node_depth, inner_size, last_node);
+ return_value = py_blake2b_new_impl(type, data, digest_size, &key, &salt, &person, fanout, depth, leaf_size, node_offset, node_depth, inner_size, last_node, usedforsecurity);
exit:
/* Cleanup for key */
@@ -261,4 +272,4 @@ _blake2_blake2b_hexdigest(BLAKE2bObject *self, PyObject *Py_UNUSED(ignored))
{
return _blake2_blake2b_hexdigest_impl(self);
}
-/*[clinic end generated code: output=cbb625d7f60c288c input=a9049054013a1b77]*/
+/*[clinic end generated code: output=2d6d0fe9aa42a42a input=a9049054013a1b77]*/
diff --git a/Modules/_blake2/clinic/blake2s_impl.c.h b/Modules/_blake2/clinic/blake2s_impl.c.h
index 560bd68..71c5706 100644
--- a/Modules/_blake2/clinic/blake2s_impl.c.h
+++ b/Modules/_blake2/clinic/blake2s_impl.c.h
@@ -5,7 +5,8 @@ preserve
PyDoc_STRVAR(py_blake2s_new__doc__,
"blake2s(data=b\'\', /, *, digest_size=_blake2.blake2s.MAX_DIGEST_SIZE,\n"
" key=b\'\', salt=b\'\', person=b\'\', fanout=1, depth=1, leaf_size=0,\n"
-" node_offset=0, node_depth=0, inner_size=0, last_node=False)\n"
+" node_offset=0, node_depth=0, inner_size=0, last_node=False,\n"
+" usedforsecurity=True)\n"
"--\n"
"\n"
"Return a new BLAKE2s hash object.");
@@ -15,15 +16,15 @@ py_blake2s_new_impl(PyTypeObject *type, PyObject *data, int digest_size,
Py_buffer *key, Py_buffer *salt, Py_buffer *person,
int fanout, int depth, unsigned long leaf_size,
unsigned long long node_offset, int node_depth,
- int inner_size, int last_node);
+ int inner_size, int last_node, int usedforsecurity);
static PyObject *
py_blake2s_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
{
PyObject *return_value = NULL;
- static const char * const _keywords[] = {"", "digest_size", "key", "salt", "person", "fanout", "depth", "leaf_size", "node_offset", "node_depth", "inner_size", "last_node", NULL};
+ static const char * const _keywords[] = {"", "digest_size", "key", "salt", "person", "fanout", "depth", "leaf_size", "node_offset", "node_depth", "inner_size", "last_node", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "blake2s", 0};
- PyObject *argsbuf[12];
+ PyObject *argsbuf[13];
PyObject * const *fastargs;
Py_ssize_t nargs = PyTuple_GET_SIZE(args);
Py_ssize_t noptargs = nargs + (kwargs ? PyDict_GET_SIZE(kwargs) : 0) - 0;
@@ -39,6 +40,7 @@ py_blake2s_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
int node_depth = 0;
int inner_size = 0;
int last_node = 0;
+ int usedforsecurity = 1;
fastargs = _PyArg_UnpackKeywords(_PyTuple_CAST(args)->ob_item, nargs, kwargs, NULL, &_parser, 0, 1, 0, argsbuf);
if (!fastargs) {
@@ -175,12 +177,21 @@ skip_optional_posonly:
goto skip_optional_kwonly;
}
}
- last_node = PyObject_IsTrue(fastargs[11]);
- if (last_node < 0) {
+ if (fastargs[11]) {
+ last_node = PyObject_IsTrue(fastargs[11]);
+ if (last_node < 0) {
+ goto exit;
+ }
+ if (!--noptargs) {
+ goto skip_optional_kwonly;
+ }
+ }
+ usedforsecurity = PyObject_IsTrue(fastargs[12]);
+ if (usedforsecurity < 0) {
goto exit;
}
skip_optional_kwonly:
- return_value = py_blake2s_new_impl(type, data, digest_size, &key, &salt, &person, fanout, depth, leaf_size, node_offset, node_depth, inner_size, last_node);
+ return_value = py_blake2s_new_impl(type, data, digest_size, &key, &salt, &person, fanout, depth, leaf_size, node_offset, node_depth, inner_size, last_node, usedforsecurity);
exit:
/* Cleanup for key */
@@ -261,4 +272,4 @@ _blake2_blake2s_hexdigest(BLAKE2sObject *self, PyObject *Py_UNUSED(ignored))
{
return _blake2_blake2s_hexdigest_impl(self);
}
-/*[clinic end generated code: output=39af5a74c8805b36 input=a9049054013a1b77]*/
+/*[clinic end generated code: output=c80d8d06ce40a192 input=a9049054013a1b77]*/
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
index c685279..c65c698 100644
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -405,7 +405,7 @@ static PyTypeObject EVPtype = {
static PyObject *
EVPnew(const EVP_MD *digest,
- const unsigned char *cp, Py_ssize_t len)
+ const unsigned char *cp, Py_ssize_t len, int usedforsecurity)
{
int result = 0;
EVPobject *self;
@@ -418,6 +418,13 @@ EVPnew(const EVP_MD *digest,
if ((self = newEVPobject()) == NULL)
return NULL;
+ if (!usedforsecurity) {
+#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
+ EVP_MD_CTX_set_flags(self->ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+#endif
+ }
+
+
if (!EVP_DigestInit(self->ctx, digest)) {
_setException(PyExc_ValueError);
Py_DECREF(self);
@@ -449,6 +456,8 @@ _hashlib.new as EVP_new
name as name_obj: object
string as data_obj: object(py_default="b''") = NULL
+ *
+ usedforsecurity: bool = True
Return a new hash object using the named algorithm.
@@ -459,8 +468,9 @@ The MD5 and SHA1 algorithms are always supported.
[clinic start generated code]*/
static PyObject *
-EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj)
-/*[clinic end generated code: output=9e7cf664e04b0226 input=1c46e40e0fec91f3]*/
+EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj,
+ int usedforsecurity)
+/*[clinic end generated code: output=ddd5053f92dffe90 input=e9ac115d80962ddf]*/
{
Py_buffer view = { 0 };
PyObject *ret_obj;
@@ -477,7 +487,9 @@ EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj)
digest = EVP_get_digestbyname(name);
- ret_obj = EVPnew(digest, (unsigned char*)view.buf, view.len);
+ ret_obj = EVPnew(digest,
+ (unsigned char*)view.buf, view.len,
+ usedforsecurity);
if (data_obj)
PyBuffer_Release(&view);
@@ -485,7 +497,8 @@ EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj)
}
static PyObject*
-EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest)
+EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest,
+ int usedforsecurity)
{
Py_buffer view = { 0 };
PyObject *ret_obj;
@@ -493,7 +506,9 @@ EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest)
if (data_obj)
GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view);
- ret_obj = EVPnew(digest, (unsigned char*)view.buf, view.len);
+ ret_obj = EVPnew(digest,
+ (unsigned char*)view.buf, view.len,
+ usedforsecurity);
if (data_obj)
PyBuffer_Release(&view);
@@ -505,16 +520,19 @@ EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest)
_hashlib.openssl_md5
string as data_obj: object(py_default="b''") = NULL
+ *
+ usedforsecurity: bool = True
Returns a md5 hash object; optionally initialized with a string
[clinic start generated code]*/
static PyObject *
-_hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj)
-/*[clinic end generated code: output=6caae75b73e22c3f input=52010d3869e1b1a7]*/
+_hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj,
+ int usedforsecurity)
+/*[clinic end generated code: output=87b0186440a44f8c input=990e36d5e689b16e]*/
{
- return EVP_fast_new(module, data_obj, EVP_md5());
+ return EVP_fast_new(module, data_obj, EVP_md5(), usedforsecurity);
}
@@ -522,16 +540,19 @@ _hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj)
_hashlib.openssl_sha1
string as data_obj: object(py_default="b''") = NULL
+ *
+ usedforsecurity: bool = True
Returns a sha1 hash object; optionally initialized with a string
[clinic start generated code]*/
static PyObject *
-_hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj)
-/*[clinic end generated code: output=07606d8f75153e61 input=16807d30e4aa8ae9]*/
+_hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj,
+ int usedforsecurity)
+/*[clinic end generated code: output=6813024cf690670d input=948f2f4b6deabc10]*/
{
- return EVP_fast_new(module, data_obj, EVP_sha1());
+ return EVP_fast_new(module, data_obj, EVP_sha1(), usedforsecurity);
}
@@ -539,16 +560,19 @@ _hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj)
_hashlib.openssl_sha224
string as data_obj: object(py_default="b''") = NULL
+ *
+ usedforsecurity: bool = True
Returns a sha224 hash object; optionally initialized with a string
[clinic start generated code]*/
static PyObject *
-_hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj)
-/*[clinic end generated code: output=55e848761bcef0c9 input=5dbc2f1d84eb459b]*/
+_hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj,
+ int usedforsecurity)
+/*[clinic end generated code: output=a2dfe7cc4eb14ebb input=f9272821fadca505]*/
{
- return EVP_fast_new(module, data_obj, EVP_sha224());
+ return EVP_fast_new(module, data_obj, EVP_sha224(), usedforsecurity);
}
@@ -556,16 +580,19 @@ _hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj)
_hashlib.openssl_sha256
string as data_obj: object(py_default="b''") = NULL
+ *
+ usedforsecurity: bool = True
Returns a sha256 hash object; optionally initialized with a string
[clinic start generated code]*/
static PyObject *
-_hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj)
-/*[clinic end generated code: output=05851d7cce34ac65 input=a68a5d21cda5a80f]*/
+_hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj,
+ int usedforsecurity)
+/*[clinic end generated code: output=1f874a34870f0a68 input=549fad9d2930d4c5]*/
{
- return EVP_fast_new(module, data_obj, EVP_sha256());
+ return EVP_fast_new(module, data_obj, EVP_sha256(), usedforsecurity);
}
@@ -573,16 +600,19 @@ _hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj)
_hashlib.openssl_sha384
string as data_obj: object(py_default="b''") = NULL
+ *
+ usedforsecurity: bool = True
Returns a sha384 hash object; optionally initialized with a string
[clinic start generated code]*/
static PyObject *
-_hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj)
-/*[clinic end generated code: output=5101a4704a932c2f input=6bdfa006622b64ea]*/
+_hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj,
+ int usedforsecurity)
+/*[clinic end generated code: output=58529eff9ca457b2 input=48601a6e3bf14ad7]*/
{
- return EVP_fast_new(module, data_obj, EVP_sha384());
+ return EVP_fast_new(module, data_obj, EVP_sha384(), usedforsecurity);
}
@@ -590,16 +620,19 @@ _hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj)
_hashlib.openssl_sha512
string as data_obj: object(py_default="b''") = NULL
+ *
+ usedforsecurity: bool = True
Returns a sha512 hash object; optionally initialized with a string
[clinic start generated code]*/
static PyObject *
-_hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj)
-/*[clinic end generated code: output=20c8e63ee560a5cb input=ece50182ad4b76a6]*/
+_hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj,
+ int usedforsecurity)
+/*[clinic end generated code: output=2c744c9e4a40d5f6 input=c5c46a2a817aa98f]*/
{
- return EVP_fast_new(module, data_obj, EVP_sha512());
+ return EVP_fast_new(module, data_obj, EVP_sha512(), usedforsecurity);
}
diff --git a/Modules/_sha3/clinic/sha3module.c.h b/Modules/_sha3/clinic/sha3module.c.h
index 554442d..1c79c26 100644
--- a/Modules/_sha3/clinic/sha3module.c.h
+++ b/Modules/_sha3/clinic/sha3module.c.h
@@ -2,6 +2,52 @@
preserve
[clinic start generated code]*/
+PyDoc_STRVAR(py_sha3_new__doc__,
+"sha3_224(data=b\'\', /, *, usedforsecurity=True)\n"
+"--\n"
+"\n"
+"Return a new BLAKE2b hash object.");
+
+static PyObject *
+py_sha3_new_impl(PyTypeObject *type, PyObject *data, int usedforsecurity);
+
+static PyObject *
+py_sha3_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
+{
+ PyObject *return_value = NULL;
+ static const char * const _keywords[] = {"", "usedforsecurity", NULL};
+ static _PyArg_Parser _parser = {NULL, _keywords, "sha3_224", 0};
+ PyObject *argsbuf[2];
+ PyObject * const *fastargs;
+ Py_ssize_t nargs = PyTuple_GET_SIZE(args);
+ Py_ssize_t noptargs = nargs + (kwargs ? PyDict_GET_SIZE(kwargs) : 0) - 0;
+ PyObject *data = NULL;
+ int usedforsecurity = 1;
+
+ fastargs = _PyArg_UnpackKeywords(_PyTuple_CAST(args)->ob_item, nargs, kwargs, NULL, &_parser, 0, 1, 0, argsbuf);
+ if (!fastargs) {
+ goto exit;
+ }
+ if (nargs < 1) {
+ goto skip_optional_posonly;
+ }
+ noptargs--;
+ data = fastargs[0];
+skip_optional_posonly:
+ if (!noptargs) {
+ goto skip_optional_kwonly;
+ }
+ usedforsecurity = PyObject_IsTrue(fastargs[1]);
+ if (usedforsecurity < 0) {
+ goto exit;
+ }
+skip_optional_kwonly:
+ return_value = py_sha3_new_impl(type, data, usedforsecurity);
+
+exit:
+ return return_value;
+}
+
PyDoc_STRVAR(_sha3_sha3_224_copy__doc__,
"copy($self, /)\n"
"--\n"
@@ -118,4 +164,4 @@ _sha3_shake_128_hexdigest(SHA3object *self, PyObject *arg)
exit:
return return_value;
}
-/*[clinic end generated code: output=5b3e99b9a96471e8 input=a9049054013a1b77]*/
+/*[clinic end generated code: output=c8a97b34e80def62 input=a9049054013a1b77]*/
diff --git a/Modules/_sha3/sha3module.c b/Modules/_sha3/sha3module.c
index c1fb618..d4ca9a1 100644
--- a/Modules/_sha3/sha3module.c
+++ b/Modules/_sha3/sha3module.c
@@ -169,21 +169,24 @@ newSHA3object(PyTypeObject *type)
return newobj;
}
+/*[clinic input]
+@classmethod
+_sha3.sha3_224.__new__ as py_sha3_new
+ data: object(c_default="NULL") = b''
+ /
+ *
+ usedforsecurity: bool = True
+
+Return a new BLAKE2b hash object.
+[clinic start generated code]*/
static PyObject *
-py_sha3_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
+py_sha3_new_impl(PyTypeObject *type, PyObject *data, int usedforsecurity)
+/*[clinic end generated code: output=90409addc5d5e8b0 input=bcfcdf2e4368347a]*/
{
SHA3object *self = NULL;
Py_buffer buf = {NULL, NULL};
HashReturn res;
- PyObject *data = NULL;
-
- if (!_PyArg_NoKeywords(_PyType_Name(type), kwargs)) {
- return NULL;
- }
- if (!PyArg_UnpackTuple(args, _PyType_Name(type), 0, 1, &data)) {
- return NULL;
- }
self = newSHA3object(type);
if (self == NULL) {
@@ -529,22 +532,22 @@ static PyGetSetDef SHA3_getseters[] = {
}
PyDoc_STRVAR(sha3_224__doc__,
-"sha3_224([data]) -> SHA3 object\n\
+"sha3_224([data], *, usedforsecurity=True) -> SHA3 object\n\
\n\
Return a new SHA3 hash object with a hashbit length of 28 bytes.");
PyDoc_STRVAR(sha3_256__doc__,
-"sha3_256([data]) -> SHA3 object\n\
+"sha3_256([data], *, usedforsecurity=True) -> SHA3 object\n\
\n\
Return a new SHA3 hash object with a hashbit length of 32 bytes.");
PyDoc_STRVAR(sha3_384__doc__,
-"sha3_384([data]) -> SHA3 object\n\
+"sha3_384([data], *, usedforsecurity=True) -> SHA3 object\n\
\n\
Return a new SHA3 hash object with a hashbit length of 48 bytes.");
PyDoc_STRVAR(sha3_512__doc__,
-"sha3_512([data]) -> SHA3 object\n\
+"sha3_512([data], *, usedforsecurity=True) -> SHA3 object\n\
\n\
Return a new SHA3 hash object with a hashbit length of 64 bytes.");
@@ -555,22 +558,22 @@ SHA3_TYPE(SHA3_512type, "_sha3.sha3_512", sha3_512__doc__, SHA3_methods);
#ifdef PY_WITH_KECCAK
PyDoc_STRVAR(keccak_224__doc__,
-"keccak_224([data]) -> Keccak object\n\
+"keccak_224([data], *, usedforsecurity=True) -> Keccak object\n\
\n\
Return a new Keccak hash object with a hashbit length of 28 bytes.");
PyDoc_STRVAR(keccak_256__doc__,
-"keccak_256([data]) -> Keccak object\n\
+"keccak_256([data], *, usedforsecurity=True) -> Keccak object\n\
\n\
Return a new Keccak hash object with a hashbit length of 32 bytes.");
PyDoc_STRVAR(keccak_384__doc__,
-"keccak_384([data]) -> Keccak object\n\
+"keccak_384([data], *, usedforsecurity=True) -> Keccak object\n\
\n\
Return a new Keccak hash object with a hashbit length of 48 bytes.");
PyDoc_STRVAR(keccak_512__doc__,
-"keccak_512([data]) -> Keccak object\n\
+"keccak_512([data], *, usedforsecurity=True) -> Keccak object\n\
\n\
Return a new Keccak hash object with a hashbit length of 64 bytes.");
@@ -672,12 +675,12 @@ static PyMethodDef SHAKE_methods[] = {
};
PyDoc_STRVAR(shake_128__doc__,
-"shake_128([data]) -> SHAKE object\n\
+"shake_128([data], *, usedforsecurity=True) -> SHAKE object\n\
\n\
Return a new SHAKE hash object.");
PyDoc_STRVAR(shake_256__doc__,
-"shake_256([data]) -> SHAKE object\n\
+"shake_256([data], *, usedforsecurity=True) -> SHAKE object\n\
\n\
Return a new SHAKE hash object.");
diff --git a/Modules/clinic/_hashopenssl.c.h b/Modules/clinic/_hashopenssl.c.h
index 9aaea47..de53e7e 100644
--- a/Modules/clinic/_hashopenssl.c.h
+++ b/Modules/clinic/_hashopenssl.c.h
@@ -66,7 +66,7 @@ PyDoc_STRVAR(EVP_update__doc__,
{"update", (PyCFunction)EVP_update, METH_O, EVP_update__doc__},
PyDoc_STRVAR(EVP_new__doc__,
-"new($module, /, name, string=b\'\')\n"
+"new($module, /, name, string=b\'\', *, usedforsecurity=True)\n"
"--\n"
"\n"
"Return a new hash object using the named algorithm.\n"
@@ -80,18 +80,20 @@ PyDoc_STRVAR(EVP_new__doc__,
{"new", (PyCFunction)(void(*)(void))EVP_new, METH_FASTCALL|METH_KEYWORDS, EVP_new__doc__},
static PyObject *
-EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj);
+EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj,
+ int usedforsecurity);
static PyObject *
EVP_new(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
PyObject *return_value = NULL;
- static const char * const _keywords[] = {"name", "string", NULL};
+ static const char * const _keywords[] = {"name", "string", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "new", 0};
- PyObject *argsbuf[2];
+ PyObject *argsbuf[3];
Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 1;
PyObject *name_obj;
PyObject *data_obj = NULL;
+ int usedforsecurity = 1;
args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 1, 2, 0, argsbuf);
if (!args) {
@@ -101,16 +103,29 @@ EVP_new(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwn
if (!noptargs) {
goto skip_optional_pos;
}
- data_obj = args[1];
+ if (args[1]) {
+ data_obj = args[1];
+ if (!--noptargs) {
+ goto skip_optional_pos;
+ }
+ }
skip_optional_pos:
- return_value = EVP_new_impl(module, name_obj, data_obj);
+ if (!noptargs) {
+ goto skip_optional_kwonly;
+ }
+ usedforsecurity = PyObject_IsTrue(args[2]);
+ if (usedforsecurity < 0) {
+ goto exit;
+ }
+skip_optional_kwonly:
+ return_value = EVP_new_impl(module, name_obj, data_obj, usedforsecurity);
exit:
return return_value;
}
PyDoc_STRVAR(_hashlib_openssl_md5__doc__,
-"openssl_md5($module, /, string=b\'\')\n"
+"openssl_md5($module, /, string=b\'\', *, usedforsecurity=True)\n"
"--\n"
"\n"
"Returns a md5 hash object; optionally initialized with a string");
@@ -119,17 +134,19 @@ PyDoc_STRVAR(_hashlib_openssl_md5__doc__,
{"openssl_md5", (PyCFunction)(void(*)(void))_hashlib_openssl_md5, METH_FASTCALL|METH_KEYWORDS, _hashlib_openssl_md5__doc__},
static PyObject *
-_hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj);
+_hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj,
+ int usedforsecurity);
static PyObject *
_hashlib_openssl_md5(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
PyObject *return_value = NULL;
- static const char * const _keywords[] = {"string", NULL};
+ static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "openssl_md5", 0};
- PyObject *argsbuf[1];
+ PyObject *argsbuf[2];
Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
PyObject *data_obj = NULL;
+ int usedforsecurity = 1;
args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
if (!args) {
@@ -138,16 +155,29 @@ _hashlib_openssl_md5(PyObject *module, PyObject *const *args, Py_ssize_t nargs,
if (!noptargs) {
goto skip_optional_pos;
}
- data_obj = args[0];
+ if (args[0]) {
+ data_obj = args[0];
+ if (!--noptargs) {
+ goto skip_optional_pos;
+ }
+ }
skip_optional_pos:
- return_value = _hashlib_openssl_md5_impl(module, data_obj);
+ if (!noptargs) {
+ goto skip_optional_kwonly;
+ }
+ usedforsecurity = PyObject_IsTrue(args[1]);
+ if (usedforsecurity < 0) {
+ goto exit;
+ }
+skip_optional_kwonly:
+ return_value = _hashlib_openssl_md5_impl(module, data_obj, usedforsecurity);
exit:
return return_value;
}
PyDoc_STRVAR(_hashlib_openssl_sha1__doc__,
-"openssl_sha1($module, /, string=b\'\')\n"
+"openssl_sha1($module, /, string=b\'\', *, usedforsecurity=True)\n"
"--\n"
"\n"
"Returns a sha1 hash object; optionally initialized with a string");
@@ -156,17 +186,19 @@ PyDoc_STRVAR(_hashlib_openssl_sha1__doc__,
{"openssl_sha1", (PyCFunction)(void(*)(void))_hashlib_openssl_sha1, METH_FASTCALL|METH_KEYWORDS, _hashlib_openssl_sha1__doc__},
static PyObject *
-_hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj);
+_hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj,
+ int usedforsecurity);
static PyObject *
_hashlib_openssl_sha1(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
PyObject *return_value = NULL;
- static const char * const _keywords[] = {"string", NULL};
+ static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "openssl_sha1", 0};
- PyObject *argsbuf[1];
+ PyObject *argsbuf[2];
Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
PyObject *data_obj = NULL;
+ int usedforsecurity = 1;
args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
if (!args) {
@@ -175,16 +207,29 @@ _hashlib_openssl_sha1(PyObject *module, PyObject *const *args, Py_ssize_t nargs,
if (!noptargs) {
goto skip_optional_pos;
}
- data_obj = args[0];
+ if (args[0]) {
+ data_obj = args[0];
+ if (!--noptargs) {
+ goto skip_optional_pos;
+ }
+ }
skip_optional_pos:
- return_value = _hashlib_openssl_sha1_impl(module, data_obj);
+ if (!noptargs) {
+ goto skip_optional_kwonly;
+ }
+ usedforsecurity = PyObject_IsTrue(args[1]);
+ if (usedforsecurity < 0) {
+ goto exit;
+ }
+skip_optional_kwonly:
+ return_value = _hashlib_openssl_sha1_impl(module, data_obj, usedforsecurity);
exit:
return return_value;
}
PyDoc_STRVAR(_hashlib_openssl_sha224__doc__,
-"openssl_sha224($module, /, string=b\'\')\n"
+"openssl_sha224($module, /, string=b\'\', *, usedforsecurity=True)\n"
"--\n"
"\n"
"Returns a sha224 hash object; optionally initialized with a string");
@@ -193,17 +238,19 @@ PyDoc_STRVAR(_hashlib_openssl_sha224__doc__,
{"openssl_sha224", (PyCFunction)(void(*)(void))_hashlib_openssl_sha224, METH_FASTCALL|METH_KEYWORDS, _hashlib_openssl_sha224__doc__},
static PyObject *
-_hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj);
+_hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj,
+ int usedforsecurity);
static PyObject *
_hashlib_openssl_sha224(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
PyObject *return_value = NULL;
- static const char * const _keywords[] = {"string", NULL};
+ static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "openssl_sha224", 0};
- PyObject *argsbuf[1];
+ PyObject *argsbuf[2];
Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
PyObject *data_obj = NULL;
+ int usedforsecurity = 1;
args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
if (!args) {
@@ -212,16 +259,29 @@ _hashlib_openssl_sha224(PyObject *module, PyObject *const *args, Py_ssize_t narg
if (!noptargs) {
goto skip_optional_pos;
}
- data_obj = args[0];
+ if (args[0]) {
+ data_obj = args[0];
+ if (!--noptargs) {
+ goto skip_optional_pos;
+ }
+ }
skip_optional_pos:
- return_value = _hashlib_openssl_sha224_impl(module, data_obj);
+ if (!noptargs) {
+ goto skip_optional_kwonly;
+ }
+ usedforsecurity = PyObject_IsTrue(args[1]);
+ if (usedforsecurity < 0) {
+ goto exit;
+ }
+skip_optional_kwonly:
+ return_value = _hashlib_openssl_sha224_impl(module, data_obj, usedforsecurity);
exit:
return return_value;
}
PyDoc_STRVAR(_hashlib_openssl_sha256__doc__,
-"openssl_sha256($module, /, string=b\'\')\n"
+"openssl_sha256($module, /, string=b\'\', *, usedforsecurity=True)\n"
"--\n"
"\n"
"Returns a sha256 hash object; optionally initialized with a string");
@@ -230,17 +290,19 @@ PyDoc_STRVAR(_hashlib_openssl_sha256__doc__,
{"openssl_sha256", (PyCFunction)(void(*)(void))_hashlib_openssl_sha256, METH_FASTCALL|METH_KEYWORDS, _hashlib_openssl_sha256__doc__},
static PyObject *
-_hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj);
+_hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj,
+ int usedforsecurity);
static PyObject *
_hashlib_openssl_sha256(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
PyObject *return_value = NULL;
- static const char * const _keywords[] = {"string", NULL};
+ static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "openssl_sha256", 0};
- PyObject *argsbuf[1];
+ PyObject *argsbuf[2];
Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
PyObject *data_obj = NULL;
+ int usedforsecurity = 1;
args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
if (!args) {
@@ -249,16 +311,29 @@ _hashlib_openssl_sha256(PyObject *module, PyObject *const *args, Py_ssize_t narg
if (!noptargs) {
goto skip_optional_pos;
}
- data_obj = args[0];
+ if (args[0]) {
+ data_obj = args[0];
+ if (!--noptargs) {
+ goto skip_optional_pos;
+ }
+ }
skip_optional_pos:
- return_value = _hashlib_openssl_sha256_impl(module, data_obj);
+ if (!noptargs) {
+ goto skip_optional_kwonly;
+ }
+ usedforsecurity = PyObject_IsTrue(args[1]);
+ if (usedforsecurity < 0) {
+ goto exit;
+ }
+skip_optional_kwonly:
+ return_value = _hashlib_openssl_sha256_impl(module, data_obj, usedforsecurity);
exit:
return return_value;
}
PyDoc_STRVAR(_hashlib_openssl_sha384__doc__,
-"openssl_sha384($module, /, string=b\'\')\n"
+"openssl_sha384($module, /, string=b\'\', *, usedforsecurity=True)\n"
"--\n"
"\n"
"Returns a sha384 hash object; optionally initialized with a string");
@@ -267,17 +342,19 @@ PyDoc_STRVAR(_hashlib_openssl_sha384__doc__,
{"openssl_sha384", (PyCFunction)(void(*)(void))_hashlib_openssl_sha384, METH_FASTCALL|METH_KEYWORDS, _hashlib_openssl_sha384__doc__},
static PyObject *
-_hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj);
+_hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj,
+ int usedforsecurity);
static PyObject *
_hashlib_openssl_sha384(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
PyObject *return_value = NULL;
- static const char * const _keywords[] = {"string", NULL};
+ static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "openssl_sha384", 0};
- PyObject *argsbuf[1];
+ PyObject *argsbuf[2];
Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
PyObject *data_obj = NULL;
+ int usedforsecurity = 1;
args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
if (!args) {
@@ -286,16 +363,29 @@ _hashlib_openssl_sha384(PyObject *module, PyObject *const *args, Py_ssize_t narg
if (!noptargs) {
goto skip_optional_pos;
}
- data_obj = args[0];
+ if (args[0]) {
+ data_obj = args[0];
+ if (!--noptargs) {
+ goto skip_optional_pos;
+ }
+ }
skip_optional_pos:
- return_value = _hashlib_openssl_sha384_impl(module, data_obj);
+ if (!noptargs) {
+ goto skip_optional_kwonly;
+ }
+ usedforsecurity = PyObject_IsTrue(args[1]);
+ if (usedforsecurity < 0) {
+ goto exit;
+ }
+skip_optional_kwonly:
+ return_value = _hashlib_openssl_sha384_impl(module, data_obj, usedforsecurity);
exit:
return return_value;
}
PyDoc_STRVAR(_hashlib_openssl_sha512__doc__,
-"openssl_sha512($module, /, string=b\'\')\n"
+"openssl_sha512($module, /, string=b\'\', *, usedforsecurity=True)\n"
"--\n"
"\n"
"Returns a sha512 hash object; optionally initialized with a string");
@@ -304,17 +394,19 @@ PyDoc_STRVAR(_hashlib_openssl_sha512__doc__,
{"openssl_sha512", (PyCFunction)(void(*)(void))_hashlib_openssl_sha512, METH_FASTCALL|METH_KEYWORDS, _hashlib_openssl_sha512__doc__},
static PyObject *
-_hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj);
+_hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj,
+ int usedforsecurity);
static PyObject *
_hashlib_openssl_sha512(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
PyObject *return_value = NULL;
- static const char * const _keywords[] = {"string", NULL};
+ static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "openssl_sha512", 0};
- PyObject *argsbuf[1];
+ PyObject *argsbuf[2];
Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
PyObject *data_obj = NULL;
+ int usedforsecurity = 1;
args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
if (!args) {
@@ -323,9 +415,22 @@ _hashlib_openssl_sha512(PyObject *module, PyObject *const *args, Py_ssize_t narg
if (!noptargs) {
goto skip_optional_pos;
}
- data_obj = args[0];
+ if (args[0]) {
+ data_obj = args[0];
+ if (!--noptargs) {
+ goto skip_optional_pos;
+ }
+ }
skip_optional_pos:
- return_value = _hashlib_openssl_sha512_impl(module, data_obj);
+ if (!noptargs) {
+ goto skip_optional_kwonly;
+ }
+ usedforsecurity = PyObject_IsTrue(args[1]);
+ if (usedforsecurity < 0) {
+ goto exit;
+ }
+skip_optional_kwonly:
+ return_value = _hashlib_openssl_sha512_impl(module, data_obj, usedforsecurity);
exit:
return return_value;
@@ -623,4 +728,4 @@ exit:
#ifndef _HASHLIB_SCRYPT_METHODDEF
#define _HASHLIB_SCRYPT_METHODDEF
#endif /* !defined(_HASHLIB_SCRYPT_METHODDEF) */
-/*[clinic end generated code: output=38c2637f67e9bb79 input=a9049054013a1b77]*/
+/*[clinic end generated code: output=acb22ccddb7043c7 input=a9049054013a1b77]*/
diff --git a/Modules/clinic/md5module.c.h b/Modules/clinic/md5module.c.h
index 12484cc..c109f9e 100644
--- a/Modules/clinic/md5module.c.h
+++ b/Modules/clinic/md5module.c.h
@@ -66,7 +66,7 @@ PyDoc_STRVAR(MD5Type_update__doc__,
{"update", (PyCFunction)MD5Type_update, METH_O, MD5Type_update__doc__},
PyDoc_STRVAR(_md5_md5__doc__,
-"md5($module, /, string=b\'\')\n"
+"md5($module, /, string=b\'\', *, usedforsecurity=True)\n"
"--\n"
"\n"
"Return a new MD5 hash object; optionally initialized with a string.");
@@ -75,17 +75,18 @@ PyDoc_STRVAR(_md5_md5__doc__,
{"md5", (PyCFunction)(void(*)(void))_md5_md5, METH_FASTCALL|METH_KEYWORDS, _md5_md5__doc__},
static PyObject *
-_md5_md5_impl(PyObject *module, PyObject *string);
+_md5_md5_impl(PyObject *module, PyObject *string, int usedforsecurity);
static PyObject *
_md5_md5(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
PyObject *return_value = NULL;
- static const char * const _keywords[] = {"string", NULL};
+ static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "md5", 0};
- PyObject *argsbuf[1];
+ PyObject *argsbuf[2];
Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
PyObject *string = NULL;
+ int usedforsecurity = 1;
args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
if (!args) {
@@ -94,11 +95,24 @@ _md5_md5(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kw
if (!noptargs) {
goto skip_optional_pos;
}
- string = args[0];
+ if (args[0]) {
+ string = args[0];
+ if (!--noptargs) {
+ goto skip_optional_pos;
+ }
+ }
skip_optional_pos:
- return_value = _md5_md5_impl(module, string);
+ if (!noptargs) {
+ goto skip_optional_kwonly;
+ }
+ usedforsecurity = PyObject_IsTrue(args[1]);
+ if (usedforsecurity < 0) {
+ goto exit;
+ }
+skip_optional_kwonly:
+ return_value = _md5_md5_impl(module, string, usedforsecurity);
exit:
return return_value;
}
-/*[clinic end generated code: output=53133f08cf9095fc input=a9049054013a1b77]*/
+/*[clinic end generated code: output=dbe3abc60086f3ef input=a9049054013a1b77]*/
diff --git a/Modules/clinic/sha1module.c.h b/Modules/clinic/sha1module.c.h
index 001c6af..fc37b1a 100644
--- a/Modules/clinic/sha1module.c.h
+++ b/Modules/clinic/sha1module.c.h
@@ -66,7 +66,7 @@ PyDoc_STRVAR(SHA1Type_update__doc__,
{"update", (PyCFunction)SHA1Type_update, METH_O, SHA1Type_update__doc__},
PyDoc_STRVAR(_sha1_sha1__doc__,
-"sha1($module, /, string=b\'\')\n"
+"sha1($module, /, string=b\'\', *, usedforsecurity=True)\n"
"--\n"
"\n"
"Return a new SHA1 hash object; optionally initialized with a string.");
@@ -75,17 +75,18 @@ PyDoc_STRVAR(_sha1_sha1__doc__,
{"sha1", (PyCFunction)(void(*)(void))_sha1_sha1, METH_FASTCALL|METH_KEYWORDS, _sha1_sha1__doc__},
static PyObject *
-_sha1_sha1_impl(PyObject *module, PyObject *string);
+_sha1_sha1_impl(PyObject *module, PyObject *string, int usedforsecurity);
static PyObject *
_sha1_sha1(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
PyObject *return_value = NULL;
- static const char * const _keywords[] = {"string", NULL};
+ static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "sha1", 0};
- PyObject *argsbuf[1];
+ PyObject *argsbuf[2];
Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
PyObject *string = NULL;
+ int usedforsecurity = 1;
args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
if (!args) {
@@ -94,11 +95,24 @@ _sha1_sha1(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *
if (!noptargs) {
goto skip_optional_pos;
}
- string = args[0];
+ if (args[0]) {
+ string = args[0];
+ if (!--noptargs) {
+ goto skip_optional_pos;
+ }
+ }
skip_optional_pos:
- return_value = _sha1_sha1_impl(module, string);
+ if (!noptargs) {
+ goto skip_optional_kwonly;
+ }
+ usedforsecurity = PyObject_IsTrue(args[1]);
+ if (usedforsecurity < 0) {
+ goto exit;
+ }
+skip_optional_kwonly:
+ return_value = _sha1_sha1_impl(module, string, usedforsecurity);
exit:
return return_value;
}
-/*[clinic end generated code: output=1ae7e73ec84a27d5 input=a9049054013a1b77]*/
+/*[clinic end generated code: output=3ddd637ae17e14b3 input=a9049054013a1b77]*/
diff --git a/Modules/clinic/sha256module.c.h b/Modules/clinic/sha256module.c.h
index 658abb1..2a788ea 100644
--- a/Modules/clinic/sha256module.c.h
+++ b/Modules/clinic/sha256module.c.h
@@ -66,7 +66,7 @@ PyDoc_STRVAR(SHA256Type_update__doc__,
{"update", (PyCFunction)SHA256Type_update, METH_O, SHA256Type_update__doc__},
PyDoc_STRVAR(_sha256_sha256__doc__,
-"sha256($module, /, string=b\'\')\n"
+"sha256($module, /, string=b\'\', *, usedforsecurity=True)\n"
"--\n"
"\n"
"Return a new SHA-256 hash object; optionally initialized with a string.");
@@ -75,17 +75,18 @@ PyDoc_STRVAR(_sha256_sha256__doc__,
{"sha256", (PyCFunction)(void(*)(void))_sha256_sha256, METH_FASTCALL|METH_KEYWORDS, _sha256_sha256__doc__},
static PyObject *
-_sha256_sha256_impl(PyObject *module, PyObject *string);
+_sha256_sha256_impl(PyObject *module, PyObject *string, int usedforsecurity);
static PyObject *
_sha256_sha256(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
PyObject *return_value = NULL;
- static const char * const _keywords[] = {"string", NULL};
+ static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "sha256", 0};
- PyObject *argsbuf[1];
+ PyObject *argsbuf[2];
Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
PyObject *string = NULL;
+ int usedforsecurity = 1;
args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
if (!args) {
@@ -94,16 +95,29 @@ _sha256_sha256(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObje
if (!noptargs) {
goto skip_optional_pos;
}
- string = args[0];
+ if (args[0]) {
+ string = args[0];
+ if (!--noptargs) {
+ goto skip_optional_pos;
+ }
+ }
skip_optional_pos:
- return_value = _sha256_sha256_impl(module, string);
+ if (!noptargs) {
+ goto skip_optional_kwonly;
+ }
+ usedforsecurity = PyObject_IsTrue(args[1]);
+ if (usedforsecurity < 0) {
+ goto exit;
+ }
+skip_optional_kwonly:
+ return_value = _sha256_sha256_impl(module, string, usedforsecurity);
exit:
return return_value;
}
PyDoc_STRVAR(_sha256_sha224__doc__,
-"sha224($module, /, string=b\'\')\n"
+"sha224($module, /, string=b\'\', *, usedforsecurity=True)\n"
"--\n"
"\n"
"Return a new SHA-224 hash object; optionally initialized with a string.");
@@ -112,17 +126,18 @@ PyDoc_STRVAR(_sha256_sha224__doc__,
{"sha224", (PyCFunction)(void(*)(void))_sha256_sha224, METH_FASTCALL|METH_KEYWORDS, _sha256_sha224__doc__},
static PyObject *
-_sha256_sha224_impl(PyObject *module, PyObject *string);
+_sha256_sha224_impl(PyObject *module, PyObject *string, int usedforsecurity);
static PyObject *
_sha256_sha224(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
PyObject *return_value = NULL;
- static const char * const _keywords[] = {"string", NULL};
+ static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "sha224", 0};
- PyObject *argsbuf[1];
+ PyObject *argsbuf[2];
Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
PyObject *string = NULL;
+ int usedforsecurity = 1;
args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
if (!args) {
@@ -131,11 +146,24 @@ _sha256_sha224(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObje
if (!noptargs) {
goto skip_optional_pos;
}
- string = args[0];
+ if (args[0]) {
+ string = args[0];
+ if (!--noptargs) {
+ goto skip_optional_pos;
+ }
+ }
skip_optional_pos:
- return_value = _sha256_sha224_impl(module, string);
+ if (!noptargs) {
+ goto skip_optional_kwonly;
+ }
+ usedforsecurity = PyObject_IsTrue(args[1]);
+ if (usedforsecurity < 0) {
+ goto exit;
+ }
+skip_optional_kwonly:
+ return_value = _sha256_sha224_impl(module, string, usedforsecurity);
exit:
return return_value;
}
-/*[clinic end generated code: output=c54d0956ec88409d input=a9049054013a1b77]*/
+/*[clinic end generated code: output=c8cca8adbe72ec9a input=a9049054013a1b77]*/
diff --git a/Modules/clinic/sha512module.c.h b/Modules/clinic/sha512module.c.h
index 459a934..b8185b6 100644
--- a/Modules/clinic/sha512module.c.h
+++ b/Modules/clinic/sha512module.c.h
@@ -66,7 +66,7 @@ PyDoc_STRVAR(SHA512Type_update__doc__,
{"update", (PyCFunction)SHA512Type_update, METH_O, SHA512Type_update__doc__},
PyDoc_STRVAR(_sha512_sha512__doc__,
-"sha512($module, /, string=b\'\')\n"
+"sha512($module, /, string=b\'\', *, usedforsecurity=True)\n"
"--\n"
"\n"
"Return a new SHA-512 hash object; optionally initialized with a string.");
@@ -75,17 +75,18 @@ PyDoc_STRVAR(_sha512_sha512__doc__,
{"sha512", (PyCFunction)(void(*)(void))_sha512_sha512, METH_FASTCALL|METH_KEYWORDS, _sha512_sha512__doc__},
static PyObject *
-_sha512_sha512_impl(PyObject *module, PyObject *string);
+_sha512_sha512_impl(PyObject *module, PyObject *string, int usedforsecurity);
static PyObject *
_sha512_sha512(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
PyObject *return_value = NULL;
- static const char * const _keywords[] = {"string", NULL};
+ static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "sha512", 0};
- PyObject *argsbuf[1];
+ PyObject *argsbuf[2];
Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
PyObject *string = NULL;
+ int usedforsecurity = 1;
args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
if (!args) {
@@ -94,16 +95,29 @@ _sha512_sha512(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObje
if (!noptargs) {
goto skip_optional_pos;
}
- string = args[0];
+ if (args[0]) {
+ string = args[0];
+ if (!--noptargs) {
+ goto skip_optional_pos;
+ }
+ }
skip_optional_pos:
- return_value = _sha512_sha512_impl(module, string);
+ if (!noptargs) {
+ goto skip_optional_kwonly;
+ }
+ usedforsecurity = PyObject_IsTrue(args[1]);
+ if (usedforsecurity < 0) {
+ goto exit;
+ }
+skip_optional_kwonly:
+ return_value = _sha512_sha512_impl(module, string, usedforsecurity);
exit:
return return_value;
}
PyDoc_STRVAR(_sha512_sha384__doc__,
-"sha384($module, /, string=b\'\')\n"
+"sha384($module, /, string=b\'\', *, usedforsecurity=True)\n"
"--\n"
"\n"
"Return a new SHA-384 hash object; optionally initialized with a string.");
@@ -112,17 +126,18 @@ PyDoc_STRVAR(_sha512_sha384__doc__,
{"sha384", (PyCFunction)(void(*)(void))_sha512_sha384, METH_FASTCALL|METH_KEYWORDS, _sha512_sha384__doc__},
static PyObject *
-_sha512_sha384_impl(PyObject *module, PyObject *string);
+_sha512_sha384_impl(PyObject *module, PyObject *string, int usedforsecurity);
static PyObject *
_sha512_sha384(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
PyObject *return_value = NULL;
- static const char * const _keywords[] = {"string", NULL};
+ static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "sha384", 0};
- PyObject *argsbuf[1];
+ PyObject *argsbuf[2];
Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
PyObject *string = NULL;
+ int usedforsecurity = 1;
args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
if (!args) {
@@ -131,11 +146,24 @@ _sha512_sha384(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObje
if (!noptargs) {
goto skip_optional_pos;
}
- string = args[0];
+ if (args[0]) {
+ string = args[0];
+ if (!--noptargs) {
+ goto skip_optional_pos;
+ }
+ }
skip_optional_pos:
- return_value = _sha512_sha384_impl(module, string);
+ if (!noptargs) {
+ goto skip_optional_kwonly;
+ }
+ usedforsecurity = PyObject_IsTrue(args[1]);
+ if (usedforsecurity < 0) {
+ goto exit;
+ }
+skip_optional_kwonly:
+ return_value = _sha512_sha384_impl(module, string, usedforsecurity);
exit:
return return_value;
}
-/*[clinic end generated code: output=580df4b667084a7e input=a9049054013a1b77]*/
+/*[clinic end generated code: output=bbfa72d8703c82b5 input=a9049054013a1b77]*/
diff --git a/Modules/md5module.c b/Modules/md5module.c
index b9a351a..f2c2d32 100644
--- a/Modules/md5module.c
+++ b/Modules/md5module.c
@@ -503,13 +503,15 @@ static PyTypeObject MD5type = {
_md5.md5
string: object(c_default="NULL") = b''
+ *
+ usedforsecurity: bool = True
Return a new MD5 hash object; optionally initialized with a string.
[clinic start generated code]*/
static PyObject *
-_md5_md5_impl(PyObject *module, PyObject *string)
-/*[clinic end generated code: output=2cfd0f8c091b97e6 input=d12ef8f72d684f7b]*/
+_md5_md5_impl(PyObject *module, PyObject *string, int usedforsecurity)
+/*[clinic end generated code: output=587071f76254a4ac input=7a144a1905636985]*/
{
MD5object *new;
Py_buffer buf;
diff --git a/Modules/sha1module.c b/Modules/sha1module.c
index ce2ad26..4d191c3 100644
--- a/Modules/sha1module.c
+++ b/Modules/sha1module.c
@@ -480,13 +480,15 @@ static PyTypeObject SHA1type = {
_sha1.sha1
string: object(c_default="NULL") = b''
+ *
+ usedforsecurity: bool = True
Return a new SHA1 hash object; optionally initialized with a string.
[clinic start generated code]*/
static PyObject *
-_sha1_sha1_impl(PyObject *module, PyObject *string)
-/*[clinic end generated code: output=e5982830d1dece51 input=27ea54281d995ec2]*/
+_sha1_sha1_impl(PyObject *module, PyObject *string, int usedforsecurity)
+/*[clinic end generated code: output=6f8b3af05126e18e input=bd54b68e2bf36a8a]*/
{
SHA1object *new;
Py_buffer buf;
diff --git a/Modules/sha256module.c b/Modules/sha256module.c
index b8d6c4c..245f4c0 100644
--- a/Modules/sha256module.c
+++ b/Modules/sha256module.c
@@ -601,13 +601,15 @@ static PyTypeObject SHA256type = {
_sha256.sha256
string: object(c_default="NULL") = b''
+ *
+ usedforsecurity: bool = True
Return a new SHA-256 hash object; optionally initialized with a string.
[clinic start generated code]*/
static PyObject *
-_sha256_sha256_impl(PyObject *module, PyObject *string)
-/*[clinic end generated code: output=fa644436dcea5c31 input=09cce3fb855056b2]*/
+_sha256_sha256_impl(PyObject *module, PyObject *string, int usedforsecurity)
+/*[clinic end generated code: output=a1de327e8e1185cf input=9be86301aeb14ea5]*/
{
SHAobject *new;
Py_buffer buf;
@@ -641,13 +643,15 @@ _sha256_sha256_impl(PyObject *module, PyObject *string)
_sha256.sha224
string: object(c_default="NULL") = b''
+ *
+ usedforsecurity: bool = True
Return a new SHA-224 hash object; optionally initialized with a string.
[clinic start generated code]*/
static PyObject *
-_sha256_sha224_impl(PyObject *module, PyObject *string)
-/*[clinic end generated code: output=21e3ba22c3404f93 input=27a04ba24c353a73]*/
+_sha256_sha224_impl(PyObject *module, PyObject *string, int usedforsecurity)
+/*[clinic end generated code: output=08be6b36569bc69c input=9fcfb46e460860ac]*/
{
SHAobject *new;
Py_buffer buf;
diff --git a/Modules/sha512module.c b/Modules/sha512module.c
index 98b9791..df4f9d2 100644
--- a/Modules/sha512module.c
+++ b/Modules/sha512module.c
@@ -666,13 +666,15 @@ static PyTypeObject SHA512type = {
_sha512.sha512
string: object(c_default="NULL") = b''
+ *
+ usedforsecurity: bool = True
Return a new SHA-512 hash object; optionally initialized with a string.
[clinic start generated code]*/
static PyObject *
-_sha512_sha512_impl(PyObject *module, PyObject *string)
-/*[clinic end generated code: output=8b865a2df73bd387 input=e69bad9ae9b6a308]*/
+_sha512_sha512_impl(PyObject *module, PyObject *string, int usedforsecurity)
+/*[clinic end generated code: output=a8d9e5f9e6a0831c input=23b4daebc2ebb9c9]*/
{
SHAobject *new;
Py_buffer buf;
@@ -706,13 +708,15 @@ _sha512_sha512_impl(PyObject *module, PyObject *string)
_sha512.sha384
string: object(c_default="NULL") = b''
+ *
+ usedforsecurity: bool = True
Return a new SHA-384 hash object; optionally initialized with a string.
[clinic start generated code]*/
static PyObject *
-_sha512_sha384_impl(PyObject *module, PyObject *string)
-/*[clinic end generated code: output=ae4b2e26decf81e8 input=c9327788d4ea4545]*/
+_sha512_sha384_impl(PyObject *module, PyObject *string, int usedforsecurity)
+/*[clinic end generated code: output=da7d594a08027ac3 input=59ef72f039a6b431]*/
{
SHAobject *new;
Py_buffer buf;