| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
This merges their code. They're backed by the same single HACL* static library, having them be a single module simplifies maintenance.
This should unbreak the wasm enscripten builds that currently fail due to linking in --whole-archive mode and the HACL* library appearing twice.
Long unnoticed error fixed: _sha512.SHA384Type was doubly assigned and was actually SHA512Type. Nobody depends on those internal names.
Also rename LIBHACL_ make vars to LIBHACL_SHA2_ in preperation for other future HACL things.
|
| |
|
|
|
|
| |
Replace the builtin hashlib implementations of SHA2-384 and SHA2-512
originally from LibTomCrypt with formally verified, side-channel resistant
code from the [HACL*](https://github.com/hacl-star/hacl-star/) project.
The builtins remain a fallback only used when OpenSSL does not provide them.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
replacing hashlib primitives (for the non-OpenSSL case) with verified implementations from HACL*. This is the first PR in the series, and focuses specifically on SHA2-256 and SHA2-224.
This PR imports Hacl_Streaming_SHA2 into the Python tree. This is the HACL* implementation of SHA2, which combines a core implementation of SHA2 along with a layer of buffer management that allows updating the digest with any number of bytes. This supersedes the previous implementation in the tree.
@franziskuskiefer was kind enough to benchmark the changes: in addition to being verified (thus providing significant safety and security improvements), this implementation also provides a sizeable performance boost!
```
---------------------------------------------------------------
Benchmark Time CPU Iterations
---------------------------------------------------------------
Sha2_256_Streaming 3163 ns 3160 ns 219353 // this PR
LibTomCrypt_Sha2_256 5057 ns 5056 ns 136234 // library used by Python currently
```
The changes in this PR are as follows:
- import the subset of HACL* that covers SHA2-256/224 into `Modules/_hacl`
- rewire sha256module.c to use the HACL* implementation
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
setup.py no longer defines Py_BUILD_CORE_MODULE. Instead every
module defines the macro before #include "Python.h" unless
Py_BUILD_CORE_BUILTIN is already defined.
Py_BUILD_CORE_BUILTIN is defined for every module that is built by
Modules/Setup.
The PR also simplifies Modules/Setup. Makefile and makesetup
already define Py_BUILD_CORE_BUILTIN and include Modules/internal
for us.
Signed-off-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move Include/pystrhex.h to Include/internal/pycore_strhex.h.
The header file only contains private functions.
The following C extensions are now built with Py_BUILD_CORE_MODULE
macro defined to get access to the internal C API:
* _blake2
* _hashopenssl
* _md5
* _sha1
* _sha3
* _ssl
* binascii
|
| | |
|
| |
|
| |
Signed-off-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
|
|
|
| |
The following types use Py_TPFLAGS_DISALLOW_INSTANTIATION flag:
* _md5.md5
* _sha1.sha1
* _sha256.sha224
* _sha256.sha256
* _sha512.sha384
* _sha512.sha512
|
| |
|
|
|
| |
(GH-24507)
Automerge-Triggered-By: GH:tiran
|
| |
|
|
|
|
|
|
|
| |
No longer use deprecated aliases to functions:
* Replace PyObject_MALLOC() with PyObject_Malloc()
* Replace PyObject_REALLOC() with PyObject_Realloc()
* Replace PyObject_FREE() with PyObject_Free()
* Replace PyObject_Del() with PyObject_Free()
* Replace PyObject_DEL() with PyObject_Free()
|
| |
|
| |
Convert the _sha256 extension module types to heap types.
|
| | |
|
| |
|
|
|
|
| |
* Rename pycore_byteswap.h to pycore_bitutils.h.
* Move popcount_digit() to pycore_bitutils.h as _Py_popcount32().
* _Py_popcount32() uses GCC and clang builtin function if available.
* Add unit tests to _Py_popcount32().
|
| |
|
| |
Automerge-Triggered-By: @tiran
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new internal pycore_byteswap.h header file with the following
functions:
* _Py_bswap16()
* _Py_bswap32()
* _Py_bswap64()
Use these functions in _ctypes, sha256 and sha512 modules,
and also use in the UTF-32 encoder.
sha256, sha512 and _ctypes modules are now built with the internal
C API.
|
| |
|
|
|
|
| |
If only offsetof() is needed: include stddef.h instead.
When structmember.h is used, add a comment explaining that
PyMemberDef is used.
|
| | |
|
| |
|
| |
Add Py_SET_TYPE() function to set the type of an object.
|
| |
|
|
|
| |
The usedforsecurity keyword only argument added to the hash constructors is useful for FIPS builds and similar restrictive environment with non-technical requirements that legacy algorithms be forbidden by their implementations without being explicitly annotated as not being used for any security related purposes. Linux distros with FIPS support benefit from this being standard rather than making up their own way(s) to do it.
Contributed and Signed-off-by: Christian Heimes christian@python.org
|
| |
|
|
|
|
|
|
|
| |
(GH-13464)
Automatically replace
tp_print -> tp_vectorcall_offset
tp_compare -> tp_as_async
tp_reserved -> tp_as_async
|
| | |
|
| |
|
|
| |
Many type object initializations labeled a field "tp_size" in the
comment, but the name of that field is tp_basicsize.
|
| |
|
|
| |
possible. Patch is writen with Coccinelle.
|
| |
|
|
| |
generated by Argument Clinic. Patch by Petr Viktorin.
|
| |
|
|
| |
Most fixes to Doc/ and Lib/ directories by Ville Skyttä.
|
| |
|
|
|
|
|
| |
Also updates a few internal implementations of the same thing to use the
new built-in code.
Contributed by Arnon Yaari.
|
| | |
|
| |
|
|
| |
Patch by Vajrasky Kok.
|
| | |
|
| |
|
|
| |
as promised by hashlib's documentation.
|
| | |
|
| |\
| |
| |
| |
| | |
non-pydebug builds. Several extension modules now compile cleanly when
assert()s are enabled in standard builds (-DDEBUG flag).
|
| | |
| |
| |
| |
| | |
non-pydebug builds. Several extension modules now compile cleanly when
assert()s are enabled in standard builds (-DDEBUG flag).
|
| |/
|
|
| |
endianess detection and handling.
|
| |
|
|
|
|
| |
* In debug mode, fill the string data with invalid characters
* Simplify also reference counting in PyCodec_BackslashReplaceErrors()
and PyCodec_XMLCharRefReplaceError()
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
svn+ssh://pythondev@svn.python.org/python/trunk
........
r81029 | antoine.pitrou | 2010-05-09 16:46:46 +0200 (dim., 09 mai 2010) | 3 lines
Untabify C files. Will watch buildbots.
........
|
| | |
|
| |
|
|
| |
on py3k.
|
| |
|
|
|
| |
buffer-api supporting objects as input no matter how it was compiled
(built in implementations or external openssl library).
|
| |
|
|
|
| |
type of tp_compare in a separate commit, for ease of reversion
should things go wrong.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
in intobject.h
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
No detailed change log; just check out the change log for the py3k-pep3137
branch. The most obvious changes:
- str8 renamed to bytes (PyString at the C level);
- bytes renamed to buffer (PyBytes at the C level);
- PyString and PyUnicode are no longer compatible.
I.e. we now have an immutable bytes type and a mutable bytes type.
The behavior of PyString was modified quite a bit, to make it more
bytes-like. Some changes are still on the to-do list.
|
| |
|
|
|
|
|
| |
when the OpenSSL library is either not present or not found by setup.py.
These are derived from the public domain libtomcrypt (libtom.org) just like
the existing sha256 and sha512 modules.
|
| | |
|
