summaryrefslogtreecommitdiffstats
path: root/Modules/_hashopenssl.c
Commit message (Collapse)AuthorAgeFilesLines
* gh-86493: Modernize modules initialization code (GH-106858)Serhiy Storchaka2023-07-251-6/+1
| | | | | Use PyModule_Add() or PyModule_AddObjectRef() instead of soft deprecated PyModule_AddObject().
* gh-106320: Move private _PyHash API to the internal C API (#107026)Victor Stinner2023-07-221-1/+2
| | | | | * No longer export most private _PyHash symbols, only export the ones which are needed by shared extensions. * Modules/_xxtestfuzz/fuzzer.c now uses the internal C API.
* gh-86493: Use PyModule_Add() instead of PyModule_AddObjectRef() (GH-106860)Serhiy Storchaka2023-07-181-12/+2
|
* gh-104922: remove PY_SSIZE_T_CLEAN (#106315)Inada Naoki2023-07-021-2/+0
|
* gh-106033: Get rid of new occurrences of PyDict_GetItem and PyObject_HasAttr ↵Serhiy Storchaka2023-06-231-6/+7
| | | | | | | | (GH-106034) These functions are broken by design because they discard any exceptions raised inside, including MemoryError and KeyboardInterrupt. They should not be used in new code.
* gh-92536: Remove PyUnicode_READY() calls (#105210)Victor Stinner2023-06-011-3/+0
| | | | Since Python 3.12, PyUnicode_READY() does nothing and always returns 0.
* gh-99108: Release the GIL around hashlib built-in computation (#104675)Gregory P. Smith2023-05-231-0/+6
| | | | | | | This matches the GIL releasing behavior of our existing `_hashopenssl` module, extending it to the HACL* built-ins. Includes adding comments to better describe the ENTER/LEAVE macros purpose and explain the lock strategy in both existing and new code.
* gh-99113: Add Py_MOD_PER_INTERPRETER_GIL_SUPPORTED (gh-104205)Eric Snow2023-05-051-0/+1
| | | Here we are doing no more than adding the value for Py_mod_multiple_interpreters and using it for stdlib modules. We will start checking for it in gh-104206 (once PyInterpreterState.ceval.own_gil is added in gh-104204).
* gh-103256: Fix hmac algorithm to support fallback implementation (gh-103286)Dong-hee Na2023-04-071-1/+1
| | | Co-authored-by: Gregory P. Smith <greg@krypto.org>
* gh-102650: Remove duplicate include directives from multiple source files ↵chgnrdv2023-03-131-2/+1
| | | | | (#102651) Remove duplicate include directives from multiple source files
* DOC: correct bytesarray -> bytearray in comments (GH-92410)Thomas A Caswell2022-06-211-1/+1
|
* GH-93207: Remove HAVE_STDARG_PROTOTYPES configure check for stdarg.h (#93215)Kumar Aditya2022-05-271-4/+0
|
* bpo-47101: list only activated algorithms in hashlib.algorithms_available ↵Christian Heimes2022-03-231-1/+12
| | | | (GH-32076)
* bpo-40479: Fix undefined behavior in Modules/_hashopenssl.c (GH-31153)Zackery Spytz2022-02-071-0/+1
| | | va_end() must be called before returning.
* bpo-40479: Fix typo, flag must be set for OpenSSL < 3.0.0 (GH-30584)Christian Heimes2022-01-131-1/+1
|
* bpo-40479: Fix hashlib's usedforsecurity for OpenSSL 3.0.0 (GH-30455)Christian Heimes2022-01-131-232/+338
|
* bpo-43974: Move Py_BUILD_CORE_MODULE into module code (GH-29157)Christian Heimes2021-10-221-0/+4
| | | | | | | | | | | | | | setup.py no longer defines Py_BUILD_CORE_MODULE. Instead every module defines the macro before #include "Python.h" unless Py_BUILD_CORE_BUILTIN is already defined. Py_BUILD_CORE_BUILTIN is defined for every module that is built by Modules/Setup. The PR also simplifies Modules/Setup. Makefile and makesetup already define Py_BUILD_CORE_BUILTIN and include Modules/internal for us. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-45434: Remove pystrhex.h header file (GH-28923)Victor Stinner2021-10-131-1/+1
| | | | | | | | | | | | | | | Move Include/pystrhex.h to Include/internal/pycore_strhex.h. The header file only contains private functions. The following C extensions are now built with Py_BUILD_CORE_MODULE macro defined to get access to the internal C API: * _blake2 * _hashopenssl * _md5 * _sha1 * _sha3 * _ssl * binascii
* bpo-44145: Release the GIL around HMAC_Update. (GH-26157)Gregory P. Smith2021-05-171-2/+4
| | | | | | It was always meant to be released for parallelization. This now matches the other similar code in the module. Thanks michaelforney for noticing!
* bpo-40645: Fix ref leaks in _hashopenssl (GH-26079)Erlend Egeberg Aasland2021-05-121-5/+9
|
* bpo-40645: Fix reference leak in the _hashopenssl extension (GH-26072)Petr Viktorin2021-05-121-0/+1
| | | | | The `PyModule_AddObjectRef` function doesn't steal a reference, so an extra `Py_DECREF` is needed. Automerge-Triggered-By: GH:tiran
* bpo-43908: Mark ssl, hash, and hmac types as immutable (GH-25792)Christian Heimes2021-05-021-3/+3
| | | Signed-off-by: Christian Heimes <christian@python.org>
* bpo-43916: Remove _disabled_new() function (GH-25745)Victor Stinner2021-04-301-15/+3
| | | | | posix and _hashlib use the new Py_TPFLAGS_DISALLOW_INSTANTIATION flag on their heap types, rather than using a custom tp_new function (_disabled_new).
* bpo-43669: PEP 644: Require OpenSSL 1.1.1 or newer (GH-23014)Christian Heimes2021-04-171-63/+3
| | | | | | | | | | | | | | | | | | | | | | | | - Remove HAVE_X509_VERIFY_PARAM_SET1_HOST check - Update hashopenssl to require OpenSSL 1.1.1 - multissltests only OpenSSL > 1.1.0 - ALPN is always supported - SNI is always supported - Remove deprecated NPN code. Python wrappers are no-op. - ECDH is always supported - Remove OPENSSL_VERSION_1_1 macro - Remove locking callbacks - Drop PY_OPENSSL_1_1_API macro - Drop HAVE_SSL_CTX_CLEAR_OPTIONS macro - SSL_CTRL_GET_MAX_PROTO_VERSION is always defined now - security level is always available now - get_num_tickets is available with TLS 1.3 - X509_V_ERR MISMATCH is always available now - Always set SSL_MODE_RELEASE_BUFFERS - X509_V_FLAG_TRUSTED_FIRST is always available - get_ciphers is always supported - SSL_CTX_set_keylog_callback is always available - Update Modules/Setup with static link example - Mention PEP in whatsnew - Drop 1.0.2 and 1.1.0 from GHA tests
* bpo-43799: OpenSSL 3.0.0: declare OPENSSL_API_COMPAT 1.1.1 (GH-25329)Christian Heimes2021-04-131-5/+10
| | | Signed-off-by: Christian Heimes <christian@python.org>
* bpo-40645: Fix reference leak in the _hashopenssl extension (GH-25063)Pablo Galindo2021-03-291-2/+3
|
* bpo-40645: use C implementation of HMAC (GH-24920)Christian Heimes2021-03-271-13/+137
| | | | | | - [x] fix tests - [ ] add test scenarios for old/new code. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-42519: Replace PyObject_MALLOC() with PyObject_Malloc() (GH-23587)Victor Stinner2020-12-011-3/+3
| | | | | | | | | No longer use deprecated aliases to functions: * Replace PyObject_MALLOC() with PyObject_Malloc() * Replace PyObject_REALLOC() with PyObject_Realloc() * Replace PyObject_FREE() with PyObject_Free() * Replace PyObject_Del() with PyObject_Free() * Replace PyObject_DEL() with PyObject_Free()
* bpo-42423: Accept single base class in PyType_FromModuleAndSpec() (GH-23441)Serhiy Storchaka2020-11-221-8/+1
|
* bpo-1635741: Port _hashlib to multiphase initialization (GH-23358)Christian Heimes2020-11-181-36/+2
| | | Signed-off-by: Christian Heimes <christian@python.org>
* bpo-40791: Use CRYPTO_memcmp() for compare_digest (#20456)Christian Heimes2020-05-271-0/+116
| | | | | | | | hashlib.compare_digest uses OpenSSL's CRYPTO_memcmp() function when OpenSSL is available. Note: The _operator module is a builtin module. I don't want to add libcrypto dependency to libpython. Therefore I duplicated the wrapper function and added a copy to _hashopenssl.c.
* bpo-40671: Prepare _hashlib for PEP 489 (GH-20180)Christian Heimes2020-05-251-67/+114
|
* bpo-40645: restrict HMAC key len to INT_MAX (GH-20238)Christian Heimes2020-05-191-1/+7
| | | | | Signed-off-by: Christian Heimes <christian@python.org> Automerge-Triggered-By: @tiran
* bpo-37630: Fix spelling shake128 -> shake_128 (GH-20154)Christian Heimes2020-05-171-12/+12
|
* bpo-40645: Implement HMAC in C (GH-20129)Christian Heimes2020-05-171-9/+401
| | | | | | | | | The internal module ``_hashlib`` wraps and exposes OpenSSL's HMAC API. The new code will be used in Python 3.10 after the internal implementation details of the pure Python HMAC module are no longer part of the public API. The code is based on a patch by Petr Viktorin for RHEL and Python 3.6. Co-Authored-By: Petr Viktorin <encukou@gmail.com>
* bpo-37630: Use SHA3 and SHAKE XOF from OpenSSL (GH-16049)Christian Heimes2020-05-161-17/+349
| | | | | | | OpenSSL 1.1.1 comes with SHA3 and SHAKE builtin. Signed-off-by: Christian Heimes <christian@python.org> Automerge-Triggered-By: @tiran
* bpo-40515: Require OPENSSL_THREADS (GH-19953)Christian Heimes2020-05-151-0/+4
| | | | | | | The ``ssl`` and ``hashlib`` modules now actively check that OpenSSL is build with thread support. Python 3.7.0 made thread support mandatory and no longer works safely with a no-thread builds. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-40479: Fix hashlib issue with OpenSSL 3.0.0 (GH-20107)Christian Heimes2020-05-151-4/+11
| | | | | | | | | | OpenSSL 3.0.0-alpha2 was released today. The FIPS_mode() function has been deprecated and removed. It no longer makes sense with the new provider and context system in OpenSSL 3.0.0. EVP_default_properties_is_fips_enabled() is good enough for our needs in unit tests. It's an internal API, too. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-9216: Expose OpenSSL FIPS_mode() as _hashlib.get_fips_mode() (GH-19703)Victor Stinner2020-04-291-0/+43
| | | | | | test.pythoninfo logs OpenSSL FIPS_mode() and Linux /proc/sys/crypto/fips_enabled in a new "fips" section. Co-Authored-By: Petr Viktorin <encukou@gmail.com>
* bpo-40268: Remove unused structmember.h includes (GH-19530)Victor Stinner2020-04-151-1/+0
| | | | | | If only offsetof() is needed: include stddef.h instead. When structmember.h is used, add a comment explaining that PyMemberDef is used.
* bpo-39968: Convert extension modules' macros of get_module_state() to inline ↵Hai Shi2020-03-161-6/+13
| | | | functions (GH-19017)
* bpo-38684: haslib: fix build when Blake2 not enabled in OpenSSL (#17043)Alexandru Ardelean2019-11-041-1/+1
|
* bpo-38270: More fixes for strict crypto policy (GH-16418)Christian Heimes2019-09-271-1/+1
| | | | | | | | | | | | | | | test_hmac and test_hashlib test built-in hashing implementations and OpenSSL-based hashing implementations. Add more checks to skip OpenSSL implementations when a strict crypto policy is active. Use EVP_DigestInit_ex() instead of EVP_DigestInit() to initialize the EVP context. The EVP_DigestInit() function clears alls flags and breaks usedforsecurity flag again. Signed-off-by: Christian Heimes <christian@python.org> https://bugs.python.org/issue38270
* bpo-38142: Updated _hashopenssl.c to be PEP 384 compliant (#16071)Christian Heimes2019-09-251-54/+68
| | | | * Updated _hashopenssl.c to be PEP 384 compliant * Remove refleak test from test_hashlib. The updated type no longer accepts random arguments to __init__.
* bpo-33936: Don't call obsolete init methods with OpenSSL 1.1.0+ (GH-16140)Christian Heimes2019-09-161-1/+1
| | | | | | ``OPENSSL_VERSION_1_1`` was never defined in ``_hashopenssl.c``. https://bugs.python.org/issue33936
* bpo-38153: detect shake independently from sha3 (GH-16143)Christian Heimes2019-09-141-2/+11
| | | | | XOF digests (SHAKE) are not available in OpenSSL 1.1.0 but SHA3 fixed-length digests are. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-37206: Unrepresentable default values no longer represented as None. ↵Serhiy Storchaka2019-09-141-2/+2
| | | | | | | (GH-13933) In ArgumentClinic, value "NULL" should now be used only for unrepresentable default values (like in the optional third parameter of getattr). "None" should be used if None is accepted as argument and passing None has the same effect as not passing the argument at all.
* bpo-38153: Normalize hashlib algorithm names (GH-16083)Christian Heimes2019-09-131-21/+146
| | | | Signed-off-by: Christian Heimes <christian@python.org>
* bpo-9216: Add usedforsecurity to hashlib constructors (GH-16044)Christian Heimes2019-09-131-24/+57
| | | | | The usedforsecurity keyword only argument added to the hash constructors is useful for FIPS builds and similar restrictive environment with non-technical requirements that legacy algorithms be forbidden by their implementations without being explicitly annotated as not being used for any security related purposes. Linux distros with FIPS support benefit from this being standard rather than making up their own way(s) to do it. Contributed and Signed-off-by: Christian Heimes christian@python.org
* bpo-38137: Re-add OpenSSL 1.0.2 compat (GH-16051)Christian Heimes2019-09-121-0/+6
| | | | | | | | | | The defines are required for OpenSSL 1.0.2 and LibreSSL. https://bugs.python.org/issue38134 Automerge-Triggered-By: @tiran
generated by cgit v0.12 at 2024-11-23 13:53:18 (GMT)