| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Remove the pure Python implementation of hashlib.pbkdf2_hmac(),
deprecated in Python 3.10. Python 3.10 and newer requires OpenSSL
1.1.1 or newer (PEP 644), this OpenSSL version provides a C
implementation of pbkdf2_hmac() which is faster.
|
| |
|
|
|
| |
Co-authored-by: Brett Cannon <brett@python.org>
|
|
|
|
| |
(GH-32076)
|
| |
|
| |
|
|
|
|
|
|
|
| |
If Python is built with UBSan, test_hashlib skips tests on the _sha3
extension which currently has undefined behaviors.
This change allows to run test_hashlib to check for new UBSan regression,
but the known _sha3 undefined behavior must be fixed.
|
| |
|
|
|
|
|
| |
test_disallow_instantiation and test_readonly_types try to test all the available
digests, however under FIPS mode, while the algorithms are available, trying to use
them will fail with a ValueError.
|
| |
|
|
|
| |
Signed-off-by: Christian Heimes <christian@python.org>
|
|
|
|
| |
* bpo-43916: Rewrite new hashlib tests, fix typo
* Flag test as cpython only
|
|
|
|
|
|
|
|
|
|
| |
The following types use Py_TPFLAGS_DISALLOW_INSTANTIATION flag:
* _md5.md5
* _sha1.sha1
* _sha256.sha224
* _sha256.sha256
* _sha512.sha384
* _sha512.sha512
|
|
|
|
|
| |
posix and _hashlib use the new Py_TPFLAGS_DISALLOW_INSTANTIATION
flag on their heap types, rather than using a custom tp_new function
(_disabled_new).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-25455)
* ssl.OP_NO_SSLv2
* ssl.OP_NO_SSLv3
* ssl.OP_NO_TLSv1
* ssl.OP_NO_TLSv1_1
* ssl.OP_NO_TLSv1_2
* ssl.OP_NO_TLSv1_3
* ssl.PROTOCOL_SSLv2
* ssl.PROTOCOL_SSLv3
* ssl.PROTOCOL_SSLv23 (alias for PROTOCOL_TLS)
* ssl.PROTOCOL_TLS
* ssl.PROTOCOL_TLSv1
* ssl.PROTOCOL_TLSv1_1
* ssl.PROTOCOL_TLSv1_2
* ssl.TLSVersion.SSLv3
* ssl.TLSVersion.TLSv1
* ssl.TLSVersion.TLSv1_1
* ssl.wrap_socket()
* ssl.RAND_pseudo_bytes()
* ssl.RAND_egd() (already removed since it's not supported by OpenSSL 1.1.1)
* ssl.SSLContext() without a protocol argument
* ssl.match_hostname()
* hashlib.pbkdf2_hmac() (pure Python implementation, fast OpenSSL
function will stay)
Signed-off-by: Christian Heimes <christian@python.org>
|
|
|
|
|
|
| |
(GH-20986)
Since we can use now the sha3 and shake algorithms from OpenSSL, we shouldn't
skip the tests in case the builtin algorithm was not compiled or removed.
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix test_float
* Fix _osx_support
* Fix test_fstring
* Fix test_gc
* Fix test_gzip
* Fix test_hashlib
* Fix unrelated whitespace issue
Co-authored-by: Ned Deily <nad@python.org>
|
|
|
|
|
|
|
| |
Skip testing of pure Python PBKDF2 when one or more builtin hash module
is not available. Otherwise the import of hashlib prints noise on
stderr.
Signed-off-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
|
|
|
| |
test_hashlib emits some warnings when it cannot find some hashes
as it assumes they failed to compile. Since we can disable hashes
through configure, we emit the warnings only in the case that we
did not intentionaly disable them.
Automerge-Triggered-By: @tiran
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
func:`hashlib.new` passed ``usedforsecurity`` to OpenSSL EVP constructor
``_hashlib.new()``. test_hashlib and test_smtplib handle strict security
policy better.
Signed-off-by: Christian Heimes <christian@python.org>
Automerge-Triggered-By: @tiran
|
|
|
|
|
|
|
| |
OpenSSL 1.1.1 comes with SHA3 and SHAKE builtin.
Signed-off-by: Christian Heimes <christian@python.org>
Automerge-Triggered-By: @tiran
|
| |
|
|
|
|
|
|
| |
test.pythoninfo logs OpenSSL FIPS_mode() and Linux
/proc/sys/crypto/fips_enabled in a new "fips" section.
Co-Authored-By: Petr Viktorin <encukou@gmail.com>
|
|
|
| |
Add a new test.support.hashlib_helper submodule.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
test_hmac and test_hashlib test built-in hashing implementations and
OpenSSL-based hashing implementations. Add more checks to skip OpenSSL
implementations when a strict crypto policy is active.
Use EVP_DigestInit_ex() instead of EVP_DigestInit() to initialize the
EVP context. The EVP_DigestInit() function clears alls flags and breaks
usedforsecurity flag again.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue38270
|
|
|
|
| |
* Updated _hashopenssl.c to be PEP 384 compliant
* Remove refleak test from test_hashlib. The updated type no longer accepts random arguments to __init__.
|
|
|
|
| |
Signed-off-by: Christian Heimes <christian@python.org>
|
|
|
|
|
| |
The usedforsecurity keyword only argument added to the hash constructors is useful for FIPS builds and similar restrictive environment with non-technical requirements that legacy algorithms be forbidden by their implementations without being explicitly annotated as not being used for any security related purposes. Linux distros with FIPS support benefit from this being standard rather than making up their own way(s) to do it.
Contributed and Signed-off-by: Christian Heimes christian@python.org
|
|
|
| |
Signed-off-by: Christian Heimes <christian@python.org>
|
|
|
|
|
| |
(GH-9751)
for the SHAKE algorithm in the hashlib module.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* help(hashlib) didn't work because of incorrect module name in blake2b and
blake2s classes.
* Constructors blake2*(), sha3_*(), shake_*() and keccak_*() incorrectly
accepted keyword argument "string" for binary data, but documented as
accepting the "data" keyword argument. Now this parameter is positional-only.
* Keyword-only parameters in blake2b() and blake2s() were not documented as
keyword-only.
* Default value for some parameters of blake2b() and blake2s() was None,
which is not acceptable value.
* The length argument for shake_*.digest() was wrapped out to 32 bits.
* The argument for shake_128.digest() and shake_128.hexdigest() was not
positional-only as intended.
* TypeError messages for incorrect arguments in all constructors sha3_*(),
shake_*() and keccak_*() incorrectly referred to sha3_224.
Also made the following enhancements:
* More accurately specified input and result types for strings, bytes and
bytes-like objects.
* Unified positional parameter names for update() and constructors.
* Improved formatting.
|
|
|
|
| |
Clinic. (GH-8434)
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
All Blake2 params have to be encoded in little-endian byte order. For
the two multi-byte integer params, leaf_length and node_offset, that
means that assigning a native-endian integer to them appears to work on
little-endian platforms, but gives the wrong result on big-endian. The
current libb2 API doesn't make that very clear, and @sneves is working
on new API functions in the GH issue above. In the meantime, we can work
around the problem by explicitly assigning little-endian values to the
parameter block.
See https://github.com/BLAKE2/libb2/issues/12.
|
|
|
|
|
|
|
|
|
|
| |
* bpo-31234: Join threads in test_hashlib
Use thread.join() to wait until the parallel hash tasks complete
rather than using events. Calling thread.join() prevent "dangling
thread" warnings.
* test_hashlib: minor PEP 8 coding style fixes
|
|
|
|
|
|
| |
* Remove Setup.config
* Always define WITH_THREAD for compatibility.
|
| |
|
|
|
|
| |
open_urlresource.
|
| |
|
| |
|
| |
|
|
|
|
| |
module (requires OpenSSL 1.1.0).
|
|
|
|
| |
Most fixes to Doc/ and Lib/ directories by Ville Skyttä.
|
|
|
|
| |
Based on patch by Daan Bakker.
|