summaryrefslogtreecommitdiffstats
path: root/Modules/_hashopenssl.c
Commit message (Collapse)AuthorAgeFilesLines
* [3.9] bpo-44145: Release the GIL around HMAC_Update. (GH-26157) (GH-26188)Miss Islington (bot)2021-05-171-2/+4
| | | | | | | | | | | | It was always meant to be released for parallelization. This now matches the other similar code in the module. Thanks michaelforney for noticing! (cherry picked from commit c10392e7ddb3eafbd11e9ffe335c07648426715f) Co-authored-by: Gregory P. Smith <greg@krypto.org> Automerge-Triggered-By: GH:gpshead
* [3.9] bpo-43799: OpenSSL 3.0.0: declare OPENSSL_API_COMPAT 1.1.1 (GH-25329) ↵Miss Islington (bot)2021-04-131-5/+10
| | | | | | | | | | | (GH-25382) Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit a4833883c9b81b6b272cc7c5b67fa1658b65304c) Co-authored-by: Christian Heimes <christian@python.org> Automerge-Triggered-By: GH:tiran
* [3.9] bpo-40791: Use CRYPTO_memcmp() for compare_digest (GH-20456) (GH-20461)Christian Heimes2020-05-281-0/+116
| | | | | | | | | | | hashlib.compare_digest uses OpenSSL's CRYPTO_memcmp() function when OpenSSL is available. Note: The _operator module is a builtin module. I don't want to add libcrypto dependency to libpython. Therefore I duplicated the wrapper function and added a copy to _hashopenssl.c.. (cherry picked from commit db5aed931f8a617f7b63e773f62db468fe9c5ca1) Co-authored-by: Christian Heimes <christian@python.org>
* bpo-40671: Prepare _hashlib for PEP 489 (GH-20180)Miss Islington (bot)2020-05-251-67/+114
| | | | | (cherry picked from commit 20c22db602bf2a51f5231433b9054290f8069b90) Co-authored-by: Christian Heimes <christian@python.org>
* bpo-40645: restrict HMAC key len to INT_MAX (GH-20238)Miss Islington (bot)2020-05-191-1/+7
| | | | | | | | Signed-off-by: Christian Heimes <christian@python.org> Automerge-Triggered-By: @tiran (cherry picked from commit aca4670ad695d4b01c7880fe3d0af817421945bd) Co-authored-by: Christian Heimes <christian@python.org>
* bpo-37630: Fix spelling shake128 -> shake_128 (GH-20154)Christian Heimes2020-05-171-12/+12
|
* bpo-40645: Implement HMAC in C (GH-20129)Christian Heimes2020-05-171-9/+401
| | | | | | | | | The internal module ``_hashlib`` wraps and exposes OpenSSL's HMAC API. The new code will be used in Python 3.10 after the internal implementation details of the pure Python HMAC module are no longer part of the public API. The code is based on a patch by Petr Viktorin for RHEL and Python 3.6. Co-Authored-By: Petr Viktorin <encukou@gmail.com>
* bpo-37630: Use SHA3 and SHAKE XOF from OpenSSL (GH-16049)Christian Heimes2020-05-161-17/+349
| | | | | | | OpenSSL 1.1.1 comes with SHA3 and SHAKE builtin. Signed-off-by: Christian Heimes <christian@python.org> Automerge-Triggered-By: @tiran
* bpo-40515: Require OPENSSL_THREADS (GH-19953)Christian Heimes2020-05-151-0/+4
| | | | | | | The ``ssl`` and ``hashlib`` modules now actively check that OpenSSL is build with thread support. Python 3.7.0 made thread support mandatory and no longer works safely with a no-thread builds. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-40479: Fix hashlib issue with OpenSSL 3.0.0 (GH-20107)Christian Heimes2020-05-151-4/+11
| | | | | | | | | | OpenSSL 3.0.0-alpha2 was released today. The FIPS_mode() function has been deprecated and removed. It no longer makes sense with the new provider and context system in OpenSSL 3.0.0. EVP_default_properties_is_fips_enabled() is good enough for our needs in unit tests. It's an internal API, too. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-9216: Expose OpenSSL FIPS_mode() as _hashlib.get_fips_mode() (GH-19703)Victor Stinner2020-04-291-0/+43
| | | | | | test.pythoninfo logs OpenSSL FIPS_mode() and Linux /proc/sys/crypto/fips_enabled in a new "fips" section. Co-Authored-By: Petr Viktorin <encukou@gmail.com>
* bpo-40268: Remove unused structmember.h includes (GH-19530)Victor Stinner2020-04-151-1/+0
| | | | | | If only offsetof() is needed: include stddef.h instead. When structmember.h is used, add a comment explaining that PyMemberDef is used.
* bpo-39968: Convert extension modules' macros of get_module_state() to inline ↵Hai Shi2020-03-161-6/+13
| | | | functions (GH-19017)
* bpo-38684: haslib: fix build when Blake2 not enabled in OpenSSL (#17043)Alexandru Ardelean2019-11-041-1/+1
|
* bpo-38270: More fixes for strict crypto policy (GH-16418)Christian Heimes2019-09-271-1/+1
| | | | | | | | | | | | | | | test_hmac and test_hashlib test built-in hashing implementations and OpenSSL-based hashing implementations. Add more checks to skip OpenSSL implementations when a strict crypto policy is active. Use EVP_DigestInit_ex() instead of EVP_DigestInit() to initialize the EVP context. The EVP_DigestInit() function clears alls flags and breaks usedforsecurity flag again. Signed-off-by: Christian Heimes <christian@python.org> https://bugs.python.org/issue38270
* bpo-38142: Updated _hashopenssl.c to be PEP 384 compliant (#16071)Christian Heimes2019-09-251-54/+68
| | | | * Updated _hashopenssl.c to be PEP 384 compliant * Remove refleak test from test_hashlib. The updated type no longer accepts random arguments to __init__.
* bpo-33936: Don't call obsolete init methods with OpenSSL 1.1.0+ (GH-16140)Christian Heimes2019-09-161-1/+1
| | | | | | ``OPENSSL_VERSION_1_1`` was never defined in ``_hashopenssl.c``. https://bugs.python.org/issue33936
* bpo-38153: detect shake independently from sha3 (GH-16143)Christian Heimes2019-09-141-2/+11
| | | | | XOF digests (SHAKE) are not available in OpenSSL 1.1.0 but SHA3 fixed-length digests are. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-37206: Unrepresentable default values no longer represented as None. ↵Serhiy Storchaka2019-09-141-2/+2
| | | | | | | (GH-13933) In ArgumentClinic, value "NULL" should now be used only for unrepresentable default values (like in the optional third parameter of getattr). "None" should be used if None is accepted as argument and passing None has the same effect as not passing the argument at all.
* bpo-38153: Normalize hashlib algorithm names (GH-16083)Christian Heimes2019-09-131-21/+146
| | | | Signed-off-by: Christian Heimes <christian@python.org>
* bpo-9216: Add usedforsecurity to hashlib constructors (GH-16044)Christian Heimes2019-09-131-24/+57
| | | | | The usedforsecurity keyword only argument added to the hash constructors is useful for FIPS builds and similar restrictive environment with non-technical requirements that legacy algorithms be forbidden by their implementations without being explicitly annotated as not being used for any security related purposes. Linux distros with FIPS support benefit from this being standard rather than making up their own way(s) to do it. Contributed and Signed-off-by: Christian Heimes christian@python.org
* bpo-38137: Re-add OpenSSL 1.0.2 compat (GH-16051)Christian Heimes2019-09-121-0/+6
| | | | | | | | | | The defines are required for OpenSSL 1.0.2 and LibreSSL. https://bugs.python.org/issue38134 Automerge-Triggered-By: @tiran
* bpo-38132: Check EVP_DigestUpdate for error (GH-16041)Christian Heimes2019-09-121-6/+16
|
* bpo-38132: Simplify _hashopenssl code (GH-16023)Christian Heimes2019-09-121-121/+162
| | | Signed-off-by: Christian Heimes <christian@python.org>
* bpo-38134: Remove PKBDF2_HMAC_fast from _hashopenssl (GH-16028)Christian Heimes2019-09-121-114/+0
| | | Signed-off-by: Christian Heimes <christian@python.org>
* bpo-36974: tp_print -> tp_vectorcall_offset and tp_reserved -> tp_as_async ↵Jeroen Demeyer2019-05-311-2/+2
| | | | | | | | | (GH-13464) Automatically replace tp_print -> tp_vectorcall_offset tp_compare -> tp_as_async tp_reserved -> tp_as_async
* bpo-36209: Fix typo on hashlib error message (GH-12194)Emmanuel Arias2019-03-061-1/+1
|
* bpo-36179: Fix ref leaks in _hashopenssl (GH-12158)Christian Heimes2019-03-041-5/+7
| | | | | | | | | | Fix two unlikely reference leaks in _hashopenssl. The leaks only occur in out-of-memory cases. Thanks to Charalampos Stratakis. Signed-off-by: Christian Heimes <christian@python.org> https://bugs.python.org/issue36179
* Dead code removal from _hashopenssl. (GH-11379)Gregory P. Smith2018-12-311-80/+18
| | | | HASH_OBJ_CONSTRUCTOR has always been defined as 0 since I created hashlib in Python 2.5. Delete all code associated with it.
* bpo-20182: AC convert remaining functions/methods in _hashopenssl.c (GH-9213)Tal Einat2018-12-271-99/+109
|
* bpo-33012: Fix invalid function cast warnings with gcc 8. (GH-6749)Serhiy Storchaka2018-11-271-3/+3
| | | | | | Fix invalid function cast warnings with gcc 8 for method conventions different from METH_NOARGS, METH_O and METH_VARARGS excluding Argument Clinic generated code.
* bpo-20216: Correct docstrings of digest() methods in hashlib. (GH-9873)Srinivas Thatiparthy (శ్రీనివాస్ తాటిపర్తి)2018-10-191-1/+1
|
* closes bpo-34646: Remove PyAPI_* macros from declarations. (GH-9218)Benjamin Peterson2018-09-121-1/+1
|
* bpo-33729: Fix issues with arguments parsing in hashlib. (GH-8346)Serhiy Storchaka2018-07-311-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | * help(hashlib) didn't work because of incorrect module name in blake2b and blake2s classes. * Constructors blake2*(), sha3_*(), shake_*() and keccak_*() incorrectly accepted keyword argument "string" for binary data, but documented as accepting the "data" keyword argument. Now this parameter is positional-only. * Keyword-only parameters in blake2b() and blake2s() were not documented as keyword-only. * Default value for some parameters of blake2b() and blake2s() was None, which is not acceptable value. * The length argument for shake_*.digest() was wrapped out to 32 bits. * The argument for shake_128.digest() and shake_128.hexdigest() was not positional-only as intended. * TypeError messages for incorrect arguments in all constructors sha3_*(), shake_*() and keccak_*() incorrectly referred to sha3_224. Also made the following enhancements: * More accurately specified input and result types for strings, bytes and bytes-like objects. * Unified positional parameter names for update() and constructors. * Improved formatting.
* bpo-31787: Prevent refleaks when calling __init__() more than once (GH-3995)Oren Milman2018-02-131-2/+2
|
* bpo-32746: Fix multiple typos (GH-5144)Leo Arias2018-02-041-1/+1
| | | Fix typos found by codespell in docs, docstrings, and comments.
* bpo-32433: Optimized HMAC digest (#5023)Christian Heimes2018-01-271-2/+57
| | | | | | | The hmac module now has hmac.digest(), which provides an optimized HMAC digest for short messages. hmac.digest() is up to three times faster than hmac.HMAC().digest(). Signed-off-by: Christian Heimes <christian@python.org>
* bpo-32240: Add the const qualifier to declarations of PyObject* array ↵Serhiy Storchaka2017-12-151-1/+1
| | | | arguments. (#4746)
* Replace KB unit with KiB (#4293)Victor Stinner2017-11-081-1/+1
| | | | | | | | | | | kB (*kilo* byte) unit means 1000 bytes, whereas KiB ("kibibyte") means 1024 bytes. KB was misused: replace kB or KB with KiB when appropriate. Same change for MB and GB which become MiB and GiB. Change the output of Tools/iobench/iobench.py. Round also the size of the documentation from 5.5 MB to 5 MiB.
* bpo-31370: Remove support for threads-less builds (#3385)Antoine Pitrou2017-09-071-10/+0
| | | | | | * Remove Setup.config * Always define WITH_THREAD for compatibility.
* bpo-30102: Call OPENSSL_add_all_algorithms_noconf (#3112)Christian Heimes2017-09-051-1/+4
| | | | | | | | The ssl and hashlib modules now call OPENSSL_add_all_algorithms_noconf() on OpenSSL < 1.1.0. The function detects CPU features and enables optimizations on some CPU architectures such as POWER8. Patch is based on research from Gustavo Serra Scalet. Signed-off-by: Christian Heimes <christian@python.org>
* Remove _PyArg_NoStackKeywords(). (#2641)Serhiy Storchaka2017-07-101-6/+2
|
* bpo-29464: Rename METH_FASTCALL to METH_FASTCALL|METH_KEYWORDS and make (#1955)Serhiy Storchaka2017-07-031-1/+1
| | | | | the bare METH_FASTCALL be used for functions with positional-only parameters.
* bpo-20627: Fix error message when keyword arguments are used (#2115)Sylvain2017-06-151-2/+2
|
* bpo-9146: Raise a ValueError if OpenSSL fails to init a hash func. (#1777)Gregory P. Smith2017-05-241-9/+36
| | | | This helps people in weird FIPS mode environments where common things like MD5 are not available in the binary as a matter of policy.
* _hashopenssl uses METH_FASTCALLVictor Stinner2017-01-171-3/+7
|
* Issue #27928: Add scrypt (password-based key derivation function) to hashlib ↵Christian Heimes2016-09-061-0/+129
| | | | module (requires OpenSSL 1.1.0).
* Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.Christian Heimes2016-09-051-59/+106
|\
| * Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.Christian Heimes2016-09-051-59/+106
| |
* | Issue #27895: Spelling fixes (Contributed by Ville Skyttä).Raymond Hettinger2016-08-301-1/+1
|/