summaryrefslogtreecommitdiffstats
path: root/Lib/test/test_hashlib.py
Commit message (Collapse)AuthorAgeFilesLines
* gh-99108: Refresh HACL* from upstream (#104401)Jonathan Protzenko2023-05-111-0/+9
| | | Refresh HACL* from upstream and add a SHA3 test hashing over 4GiB of data.
* gh-102515: Remove unused imports in the `Lib/` directory (#102516)Alex Waygood2023-03-081-1/+0
|
* gh-99108: Refactor _sha256 & _sha512 into _sha2. (#101924)Gregory P. Smith2023-02-161-13/+9
| | | | | | | | | This merges their code. They're backed by the same single HACL* static library, having them be a single module simplifies maintenance. This should unbreak the wasm enscripten builds that currently fail due to linking in --whole-archive mode and the HACL* library appearing twice. Long unnoticed error fixed: _sha512.SHA384Type was doubly assigned and was actually SHA512Type. Nobody depends on those internal names. Also rename LIBHACL_ make vars to LIBHACL_SHA2_ in preperation for other future HACL things.
* gh-99108: Replace SHA2-224 & 256 with verified code from HACL* (#99109)Jonathan Protzenko2023-02-071-0/+10
| | | | | | | | | | | | | | | | | | | | | | replacing hashlib primitives (for the non-OpenSSL case) with verified implementations from HACL*. This is the first PR in the series, and focuses specifically on SHA2-256 and SHA2-224. This PR imports Hacl_Streaming_SHA2 into the Python tree. This is the HACL* implementation of SHA2, which combines a core implementation of SHA2 along with a layer of buffer management that allows updating the digest with any number of bytes. This supersedes the previous implementation in the tree. @franziskuskiefer was kind enough to benchmark the changes: in addition to being verified (thus providing significant safety and security improvements), this implementation also provides a sizeable performance boost! ``` --------------------------------------------------------------- Benchmark Time CPU Iterations --------------------------------------------------------------- Sha2_256_Streaming 3163 ns 3160 ns 219353 // this PR LibTomCrypt_Sha2_256 5057 ns 5056 ns 136234 // library used by Python currently ``` The changes in this PR are as follows: - import the subset of HACL* that covers SHA2-256/224 into `Modules/_hacl` - rewire sha256module.c to use the HACL* implementation Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org> Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
* gh-94199: Remove hashlib.pbkdf2_hmac() Python implementation (GH-94200)Victor Stinner2022-06-281-9/+1
| | | | | | | Remove the pure Python implementation of hashlib.pbkdf2_hmac(), deprecated in Python 3.10. Python 3.10 and newer requires OpenSSL 1.1.1 or newer (PEP 644), this OpenSSL version provides a C implementation of pbkdf2_hmac() which is faster.
* gh-69443: Add test.support.Py_DEBUG constant (#93226)Victor Stinner2022-05-251-3/+1
|
* bpo-40280: Detect missing threading on WASM platforms (GH-32352)Christian Heimes2022-04-071-0/+1
| | | Co-authored-by: Brett Cannon <brett@python.org>
* bpo-47101: list only activated algorithms in hashlib.algorithms_available ↵Christian Heimes2022-03-231-0/+4
| | | | (GH-32076)
* bpo-45150: Fix testing under FIPS mode (GH-32046)Christian Heimes2022-03-221-0/+5
|
* bpo-45150: Add hashlib.file_digest() for efficient file hashing (GH-31930)Christian Heimes2022-03-221-0/+54
|
* bpo-46913: test_hashlib skips _sha3 tests on UBSan (GH-31673)Victor Stinner2022-03-031-8/+26
| | | | | | | If Python is built with UBSan, test_hashlib skips tests on the _sha3 extension which currently has undefined behaviors. This change allows to run test_hashlib to check for new UBSan regression, but the known _sha3 undefined behavior must be fixed.
* bpo-40479: Fix hashlib's usedforsecurity for OpenSSL 3.0.0 (GH-30455)Christian Heimes2022-01-131-6/+7
|
* bpo-44048: Fix two hashlib test cases under FIPS mode (GH-26470)stratakis2021-06-041-2/+10
| | | | | test_disallow_instantiation and test_readonly_types try to test all the available digests, however under FIPS mode, while the algorithms are available, trying to use them will fail with a ValueError.
* bpo-43988: Use check disallow instantiation helper (GH-26392)Erlend Egeberg Aasland2021-05-271-11/+4
|
* bpo-43908: Mark ssl, hash, and hmac types as immutable (GH-25792)Christian Heimes2021-05-021-0/+9
| | | Signed-off-by: Christian Heimes <christian@python.org>
* bpo-43916: Rewrite new hashlib tests, fix typo (GH-25791)Christian Heimes2021-05-011-30/+12
| | | | * bpo-43916: Rewrite new hashlib tests, fix typo * Flag test as cpython only
* bpo-43916: _md5.md5 uses Py_TPFLAGS_DISALLOW_INSTANTIATION (GH-25753)Victor Stinner2021-04-301-1/+32
| | | | | | | | | | The following types use Py_TPFLAGS_DISALLOW_INSTANTIATION flag: * _md5.md5 * _sha1.sha1 * _sha256.sha224 * _sha256.sha256 * _sha512.sha384 * _sha512.sha512
* bpo-43916: Remove _disabled_new() function (GH-25745)Victor Stinner2021-04-301-2/+2
| | | | | posix and _hashlib use the new Py_TPFLAGS_DISALLOW_INSTANTIATION flag on their heap types, rather than using a custom tp_new function (_disabled_new).
* bpo-43880: Show DeprecationWarnings for deprecated ssl module features ↵Christian Heimes2021-04-191-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | (GH-25455) * ssl.OP_NO_SSLv2 * ssl.OP_NO_SSLv3 * ssl.OP_NO_TLSv1 * ssl.OP_NO_TLSv1_1 * ssl.OP_NO_TLSv1_2 * ssl.OP_NO_TLSv1_3 * ssl.PROTOCOL_SSLv2 * ssl.PROTOCOL_SSLv3 * ssl.PROTOCOL_SSLv23 (alias for PROTOCOL_TLS) * ssl.PROTOCOL_TLS * ssl.PROTOCOL_TLSv1 * ssl.PROTOCOL_TLSv1_1 * ssl.PROTOCOL_TLSv1_2 * ssl.TLSVersion.SSLv3 * ssl.TLSVersion.TLSv1 * ssl.TLSVersion.TLSv1_1 * ssl.wrap_socket() * ssl.RAND_pseudo_bytes() * ssl.RAND_egd() (already removed since it's not supported by OpenSSL 1.1.1) * ssl.SSLContext() without a protocol argument * ssl.match_hostname() * hashlib.pbkdf2_hmac() (pure Python implementation, fast OpenSSL function will stay) Signed-off-by: Christian Heimes <christian@python.org>
* bpo-37630: Do not skip the sha3 tests in case of missing builtin sha3 module ↵stratakis2021-04-171-22/+0
| | | | | | (GH-20986) Since we can use now the sha3 and shake algorithms from OpenSSL, we shouldn't skip the tests in case the builtin algorithm was not compiled or removed.
* bpo-43651: PEP 597: Fix EncodingWarning in some tests (GH-25171)Inada Naoki2021-04-041-1/+1
| | | | | | | | | | | * Fix test_float * Fix _osx_support * Fix test_fstring * Fix test_gc * Fix test_gzip * Fix test_hashlib * Fix unrelated whitespace issue Co-authored-by: Ned Deily <nad@python.org>
* bpo-40637: Don't test builtin PBKDF2 without builtin hashes (GH-20980)Christian Heimes2020-11-171-9/+18
| | | | | | | Skip testing of pure Python PBKDF2 when one or more builtin hash module is not available. Otherwise the import of hashlib prints noise on stderr. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-40275: Use new test.support helper submodules in tests (GH-21317)Hai Shi2020-07-061-1/+2
|
* bpo-40637: Do not emit warnings for disabled builtin hashes (GH-20937)stratakis2020-06-171-1/+1
| | | | | | | | test_hashlib emits some warnings when it cannot find some hashes as it assumes they failed to compile. Since we can disable hashes through configure, we emit the warnings only in the case that we did not intentionaly disable them. Automerge-Triggered-By: @tiran
* bpo-40275: Adding threading_helper submodule in test.support (GH-20263)Hai Shi2020-05-271-1/+2
|
* bpo-40637: Fix test_pbkdf2_hmac_py for missing sha1 (#20422)Christian Heimes2020-05-261-9/+23
|
* bpo-9216: hashlib usedforsecurity fixes (GH-20258)Christian Heimes2020-05-221-32/+82
| | | | | | | | | func:`hashlib.new` passed ``usedforsecurity`` to OpenSSL EVP constructor ``_hashlib.new()``. test_hashlib and test_smtplib handle strict security policy better. Signed-off-by: Christian Heimes <christian@python.org> Automerge-Triggered-By: @tiran
* bpo-37630: Use SHA3 and SHAKE XOF from OpenSSL (GH-16049)Christian Heimes2020-05-161-1/+17
| | | | | | | OpenSSL 1.1.1 comes with SHA3 and SHAKE builtin. Signed-off-by: Christian Heimes <christian@python.org> Automerge-Triggered-By: @tiran
* bpo-40443: Remove unused imports in tests (GH-19804)Victor Stinner2020-04-301-1/+0
|
* bpo-9216: Expose OpenSSL FIPS_mode() as _hashlib.get_fips_mode() (GH-19703)Victor Stinner2020-04-291-0/+5
| | | | | | test.pythoninfo logs OpenSSL FIPS_mode() and Linux /proc/sys/crypto/fips_enabled in a new "fips" section. Co-Authored-By: Petr Viktorin <encukou@gmail.com>
* bpo-40275: Move requires_hashdigest() to test.support.hashlib_helper (GH-19716)Hai Shi2020-04-291-1/+0
| | | Add a new test.support.hashlib_helper submodule.
* bpo-38270: More fixes for strict crypto policy (GH-16418)Christian Heimes2019-09-271-1/+13
| | | | | | | | | | | | | | | test_hmac and test_hashlib test built-in hashing implementations and OpenSSL-based hashing implementations. Add more checks to skip OpenSSL implementations when a strict crypto policy is active. Use EVP_DigestInit_ex() instead of EVP_DigestInit() to initialize the EVP context. The EVP_DigestInit() function clears alls flags and breaks usedforsecurity flag again. Signed-off-by: Christian Heimes <christian@python.org> https://bugs.python.org/issue38270
* bpo-38142: Updated _hashopenssl.c to be PEP 384 compliant (#16071)Christian Heimes2019-09-251-10/+0
| | | | * Updated _hashopenssl.c to be PEP 384 compliant * Remove refleak test from test_hashlib. The updated type no longer accepts random arguments to __init__.
* bpo-38153: Normalize hashlib algorithm names (GH-16083)Christian Heimes2019-09-131-0/+12
| | | | Signed-off-by: Christian Heimes <christian@python.org>
* bpo-9216: Add usedforsecurity to hashlib constructors (GH-16044)Christian Heimes2019-09-131-0/+9
| | | | | The usedforsecurity keyword only argument added to the hash constructors is useful for FIPS builds and similar restrictive environment with non-technical requirements that legacy algorithms be forbidden by their implementations without being explicitly annotated as not being used for any security related purposes. Linux distros with FIPS support benefit from this being standard rather than making up their own way(s) to do it. Contributed and Signed-off-by: Christian Heimes christian@python.org
* bpo-38132: Simplify _hashopenssl code (GH-16023)Christian Heimes2019-09-121-0/+3
| | | Signed-off-by: Christian Heimes <christian@python.org>
* bpo-34922: Fix integer overflow in the digest() and hexdigest() methods ↵Serhiy Storchaka2018-10-111-0/+13
| | | | | (GH-9751) for the SHAKE algorithm in the hashlib module.
* bpo-33729: Fix issues with arguments parsing in hashlib. (GH-8346)Serhiy Storchaka2018-07-311-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | * help(hashlib) didn't work because of incorrect module name in blake2b and blake2s classes. * Constructors blake2*(), sha3_*(), shake_*() and keccak_*() incorrectly accepted keyword argument "string" for binary data, but documented as accepting the "data" keyword argument. Now this parameter is positional-only. * Keyword-only parameters in blake2b() and blake2s() were not documented as keyword-only. * Default value for some parameters of blake2b() and blake2s() was None, which is not acceptable value. * The length argument for shake_*.digest() was wrapped out to 32 bits. * The argument for shake_128.digest() and shake_128.hexdigest() was not positional-only as intended. * TypeError messages for incorrect arguments in all constructors sha3_*(), shake_*() and keccak_*() incorrectly referred to sha3_224. Also made the following enhancements: * More accurately specified input and result types for strings, bytes and bytes-like objects. * Unified positional parameter names for update() and constructors. * Improved formatting.
* bpo-20260: Implement non-bitwise unsigned int converters for Argument ↵Serhiy Storchaka2018-07-261-2/+2
| | | | Clinic. (GH-8434)
* bpo-31787: Skip refleak check when _hashlib is not available (GH-5660)INADA Naoki2018-02-131-0/+1
|
* bpo-31787: Prevent refleaks when calling __init__() more than once (GH-3995)Oren Milman2018-02-131-0/+9
|
* closes bpo-32721: do not fail test_hashlib if _md5 isn't available (GH-5441)Benjamin Peterson2018-01-301-1/+1
|
* replace dynamic import with 'exec' with importlib.import_module (#5433)Benjamin Peterson2018-01-301-3/+4
|
* bpo-31933: fix blake2 multi-byte params on big endian platforms (#4250)Jack O'Connor2017-11-031-0/+36
| | | | | | | | | | | | All Blake2 params have to be encoded in little-endian byte order. For the two multi-byte integer params, leaf_length and node_offset, that means that assigning a native-endian integer to them appears to work on little-endian platforms, but gives the wrong result on big-endian. The current libb2 API doesn't make that very clear, and @sneves is working on new API functions in the GH issue above. In the meantime, we can work around the problem by explicitly assigning little-endian values to the parameter block. See https://github.com/BLAKE2/libb2/issues/12.
* bpo-31234: Join threads in test_hashlib (#3573)Victor Stinner2017-09-141-13/+13
| | | | | | | | | | * bpo-31234: Join threads in test_hashlib Use thread.join() to wait until the parallel hash tasks complete rather than using events. Calling thread.join() prevent "dangling thread" warnings. * test_hashlib: minor PEP 8 coding style fixes
* bpo-31370: Remove support for threads-less builds (#3385)Antoine Pitrou2017-09-071-5/+1
| | | | | | * Remove Setup.config * Always define WITH_THREAD for compatibility.
* Add test cases for internal SHA3 helpersChristian Heimes2016-09-231-0/+21
|
* Issue 26798: fetch OSError and HTTPException like other tests that use ↵Christian Heimes2016-09-081-2/+8
| | | | open_urlresource.
* Issue #16113: Add SHA-3 and SHAKE support to hashlib module.Christian Heimes2016-09-071-16/+141
|
* Download hashlib test vectors from pythontest.netChristian Heimes2016-09-061-1/+1
|
generated by cgit v0.12 at 2024-12-03 12:47:35 (GMT)