Commit 7cad53e6 authored by Christian Heimes's avatar Christian Heimes Committed by Gregory P. Smith

bpo-9216: Add usedforsecurity to hashlib constructors (GH-16044)

The usedforsecurity keyword only argument added to the hash constructors is useful for FIPS builds and similar restrictive environment with non-technical requirements that legacy algorithms be forbidden by their implementations without being explicitly annotated as not being used for any security related purposes.  Linux distros with FIPS support benefit from this being standard rather than making up their own way(s) to do it.

Contributed and Signed-off-by: Christian Heimes christian@python.org
parent 3a4f6670
......@@ -67,7 +67,7 @@ Constructors for hash algorithms that are always present in this module are
:func:`sha1`, :func:`sha224`, :func:`sha256`, :func:`sha384`,
:func:`sha512`, :func:`blake2b`, and :func:`blake2s`.
:func:`md5` is normally available as well, though it
may be missing if you are using a rare "FIPS compliant" build of Python.
may be missing or blocked if you are using a rare "FIPS compliant" build of Python.
Additional algorithms may also be available depending upon the OpenSSL
library that Python uses on your platform. On most platforms the
:func:`sha3_224`, :func:`sha3_256`, :func:`sha3_384`, :func:`sha3_512`,
......@@ -80,6 +80,13 @@ library that Python uses on your platform. On most platforms the
.. versionadded:: 3.6
:func:`blake2b` and :func:`blake2s` were added.
.. versionchanged:: 3.9
All hashlib constructors take a keyword-only argument *usedforsecurity*
with default value *True*. A false value allows the use of insecure and
blocked hashing algorithms in restricted environments. *False* indicates
that the hashing algorithm is not used in a security context, e.g. as a
non-cryptographic one-way compression function.
For example, to obtain the digest of the byte string ``b'Nobody inspects the
spammish repetition'``::
......@@ -99,7 +106,7 @@ More condensed:
>>> hashlib.sha224(b"Nobody inspects the spammish repetition").hexdigest()
'a4337bc45a8fc544c03f52dc550cd6e1e87021bc896588bd79e901e2'
.. function:: new(name[, data])
.. function:: new(name[, data], *, usedforsecurity=True)
Is a generic constructor that takes the string *name* of the desired
algorithm as its first parameter. It also exists to allow access to the
......@@ -308,11 +315,13 @@ New hash objects are created by calling constructor functions:
.. function:: blake2b(data=b'', *, digest_size=64, key=b'', salt=b'', \
person=b'', fanout=1, depth=1, leaf_size=0, node_offset=0, \
node_depth=0, inner_size=0, last_node=False)
node_depth=0, inner_size=0, last_node=False, \
usedforsecurity=True)
.. function:: blake2s(data=b'', *, digest_size=32, key=b'', salt=b'', \
person=b'', fanout=1, depth=1, leaf_size=0, node_offset=0, \
node_depth=0, inner_size=0, last_node=False)
node_depth=0, inner_size=0, last_node=False, \
usedforsecurity=True)
These functions return the corresponding hash objects for calculating
......
......@@ -190,6 +190,15 @@ class HashLibTestCase(unittest.TestCase):
self.assertTrue(set(hashlib.algorithms_guaranteed).
issubset(hashlib.algorithms_available))
def test_usedforsecurity(self):
for cons in self.hash_constructors:
cons(usedforsecurity=True)
cons(usedforsecurity=False)
cons(b'', usedforsecurity=True)
cons(b'', usedforsecurity=False)
hashlib.new("sha256", usedforsecurity=True)
hashlib.new("sha256", usedforsecurity=False)
def test_unknown_hash(self):
self.assertRaises(ValueError, hashlib.new, 'spam spam spam spam spam')
self.assertRaises(TypeError, hashlib.new, 1)
......
......@@ -772,8 +772,11 @@ def uuid1(node=None, clock_seq=None):
def uuid3(namespace, name):
"""Generate a UUID from the MD5 hash of a namespace UUID and a name."""
from hashlib import md5
hash = md5(namespace.bytes + bytes(name, "utf-8")).digest()
return UUID(bytes=hash[:16], version=3)
digest = md5(
namespace.bytes + bytes(name, "utf-8"),
usedforsecurity=False
).digest()
return UUID(bytes=digest[:16], version=3)
def uuid4():
"""Generate a random UUID."""
......
hashlib constructors now support usedforsecurity flag to signal that a
hashing algorithm is not used in a security context.
......@@ -81,6 +81,7 @@ _blake2.blake2b.__new__ as py_blake2b_new
node_depth: int = 0
inner_size: int = 0
last_node: bool = False
usedforsecurity: bool = True
Return a new BLAKE2b hash object.
[clinic start generated code]*/
......@@ -90,8 +91,8 @@ py_blake2b_new_impl(PyTypeObject *type, PyObject *data, int digest_size,
Py_buffer *key, Py_buffer *salt, Py_buffer *person,
int fanout, int depth, unsigned long leaf_size,
unsigned long long node_offset, int node_depth,
int inner_size, int last_node)
/*[clinic end generated code: output=65e732c66c2297a0 input=82be35a4e6a9daa2]*/
int inner_size, int last_node, int usedforsecurity)
/*[clinic end generated code: output=32bfd8f043c6896f input=b947312abff46977]*/
{
BLAKE2bObject *self = NULL;
Py_buffer buf;
......
......@@ -81,6 +81,7 @@ _blake2.blake2s.__new__ as py_blake2s_new
node_depth: int = 0
inner_size: int = 0
last_node: bool = False
usedforsecurity: bool = True
Return a new BLAKE2s hash object.
[clinic start generated code]*/
......@@ -90,8 +91,8 @@ py_blake2s_new_impl(PyTypeObject *type, PyObject *data, int digest_size,
Py_buffer *key, Py_buffer *salt, Py_buffer *person,
int fanout, int depth, unsigned long leaf_size,
unsigned long long node_offset, int node_depth,
int inner_size, int last_node)
/*[clinic end generated code: output=b95806be0514dcf7 input=641c0509debf714d]*/
int inner_size, int last_node, int usedforsecurity)
/*[clinic end generated code: output=556181f73905c686 input=4dda87723f23abb0]*/
{
BLAKE2sObject *self = NULL;
Py_buffer buf;
......
......@@ -5,7 +5,8 @@ preserve
PyDoc_STRVAR(py_blake2b_new__doc__,
"blake2b(data=b\'\', /, *, digest_size=_blake2.blake2b.MAX_DIGEST_SIZE,\n"
" key=b\'\', salt=b\'\', person=b\'\', fanout=1, depth=1, leaf_size=0,\n"
" node_offset=0, node_depth=0, inner_size=0, last_node=False)\n"
" node_offset=0, node_depth=0, inner_size=0, last_node=False,\n"
" usedforsecurity=True)\n"
"--\n"
"\n"
"Return a new BLAKE2b hash object.");
......@@ -15,15 +16,15 @@ py_blake2b_new_impl(PyTypeObject *type, PyObject *data, int digest_size,
Py_buffer *key, Py_buffer *salt, Py_buffer *person,
int fanout, int depth, unsigned long leaf_size,
unsigned long long node_offset, int node_depth,
int inner_size, int last_node);
int inner_size, int last_node, int usedforsecurity);
static PyObject *
py_blake2b_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
{
PyObject *return_value = NULL;
static const char * const _keywords[] = {"", "digest_size", "key", "salt", "person", "fanout", "depth", "leaf_size", "node_offset", "node_depth", "inner_size", "last_node", NULL};
static const char * const _keywords[] = {"", "digest_size", "key", "salt", "person", "fanout", "depth", "leaf_size", "node_offset", "node_depth", "inner_size", "last_node", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "blake2b", 0};
PyObject *argsbuf[12];
PyObject *argsbuf[13];
PyObject * const *fastargs;
Py_ssize_t nargs = PyTuple_GET_SIZE(args);
Py_ssize_t noptargs = nargs + (kwargs ? PyDict_GET_SIZE(kwargs) : 0) - 0;
......@@ -39,6 +40,7 @@ py_blake2b_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
int node_depth = 0;
int inner_size = 0;
int last_node = 0;
int usedforsecurity = 1;
fastargs = _PyArg_UnpackKeywords(_PyTuple_CAST(args)->ob_item, nargs, kwargs, NULL, &_parser, 0, 1, 0, argsbuf);
if (!fastargs) {
......@@ -175,12 +177,21 @@ skip_optional_posonly:
goto skip_optional_kwonly;
}
}
if (fastargs[11]) {
last_node = PyObject_IsTrue(fastargs[11]);
if (last_node < 0) {
goto exit;
}
if (!--noptargs) {
goto skip_optional_kwonly;
}
}
usedforsecurity = PyObject_IsTrue(fastargs[12]);
if (usedforsecurity < 0) {
goto exit;
}
skip_optional_kwonly:
return_value = py_blake2b_new_impl(type, data, digest_size, &key, &salt, &person, fanout, depth, leaf_size, node_offset, node_depth, inner_size, last_node);
return_value = py_blake2b_new_impl(type, data, digest_size, &key, &salt, &person, fanout, depth, leaf_size, node_offset, node_depth, inner_size, last_node, usedforsecurity);
exit:
/* Cleanup for key */
......@@ -261,4 +272,4 @@ _blake2_blake2b_hexdigest(BLAKE2bObject *self, PyObject *Py_UNUSED(ignored))
{
return _blake2_blake2b_hexdigest_impl(self);
}
/*[clinic end generated code: output=cbb625d7f60c288c input=a9049054013a1b77]*/
/*[clinic end generated code: output=2d6d0fe9aa42a42a input=a9049054013a1b77]*/
......@@ -5,7 +5,8 @@ preserve
PyDoc_STRVAR(py_blake2s_new__doc__,
"blake2s(data=b\'\', /, *, digest_size=_blake2.blake2s.MAX_DIGEST_SIZE,\n"
" key=b\'\', salt=b\'\', person=b\'\', fanout=1, depth=1, leaf_size=0,\n"
" node_offset=0, node_depth=0, inner_size=0, last_node=False)\n"
" node_offset=0, node_depth=0, inner_size=0, last_node=False,\n"
" usedforsecurity=True)\n"
"--\n"
"\n"
"Return a new BLAKE2s hash object.");
......@@ -15,15 +16,15 @@ py_blake2s_new_impl(PyTypeObject *type, PyObject *data, int digest_size,
Py_buffer *key, Py_buffer *salt, Py_buffer *person,
int fanout, int depth, unsigned long leaf_size,
unsigned long long node_offset, int node_depth,
int inner_size, int last_node);
int inner_size, int last_node, int usedforsecurity);
static PyObject *
py_blake2s_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
{
PyObject *return_value = NULL;
static const char * const _keywords[] = {"", "digest_size", "key", "salt", "person", "fanout", "depth", "leaf_size", "node_offset", "node_depth", "inner_size", "last_node", NULL};
static const char * const _keywords[] = {"", "digest_size", "key", "salt", "person", "fanout", "depth", "leaf_size", "node_offset", "node_depth", "inner_size", "last_node", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "blake2s", 0};
PyObject *argsbuf[12];
PyObject *argsbuf[13];
PyObject * const *fastargs;
Py_ssize_t nargs = PyTuple_GET_SIZE(args);
Py_ssize_t noptargs = nargs + (kwargs ? PyDict_GET_SIZE(kwargs) : 0) - 0;
......@@ -39,6 +40,7 @@ py_blake2s_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
int node_depth = 0;
int inner_size = 0;
int last_node = 0;
int usedforsecurity = 1;
fastargs = _PyArg_UnpackKeywords(_PyTuple_CAST(args)->ob_item, nargs, kwargs, NULL, &_parser, 0, 1, 0, argsbuf);
if (!fastargs) {
......@@ -175,12 +177,21 @@ skip_optional_posonly:
goto skip_optional_kwonly;
}
}
if (fastargs[11]) {
last_node = PyObject_IsTrue(fastargs[11]);
if (last_node < 0) {
goto exit;
}
if (!--noptargs) {
goto skip_optional_kwonly;
}
}
usedforsecurity = PyObject_IsTrue(fastargs[12]);
if (usedforsecurity < 0) {
goto exit;
}
skip_optional_kwonly:
return_value = py_blake2s_new_impl(type, data, digest_size, &key, &salt, &person, fanout, depth, leaf_size, node_offset, node_depth, inner_size, last_node);
return_value = py_blake2s_new_impl(type, data, digest_size, &key, &salt, &person, fanout, depth, leaf_size, node_offset, node_depth, inner_size, last_node, usedforsecurity);
exit:
/* Cleanup for key */
......@@ -261,4 +272,4 @@ _blake2_blake2s_hexdigest(BLAKE2sObject *self, PyObject *Py_UNUSED(ignored))
{
return _blake2_blake2s_hexdigest_impl(self);
}
/*[clinic end generated code: output=39af5a74c8805b36 input=a9049054013a1b77]*/
/*[clinic end generated code: output=c80d8d06ce40a192 input=a9049054013a1b77]*/
......@@ -405,7 +405,7 @@ static PyTypeObject EVPtype = {
static PyObject *
EVPnew(const EVP_MD *digest,
const unsigned char *cp, Py_ssize_t len)
const unsigned char *cp, Py_ssize_t len, int usedforsecurity)
{
int result = 0;
EVPobject *self;
......@@ -418,6 +418,13 @@ EVPnew(const EVP_MD *digest,
if ((self = newEVPobject()) == NULL)
return NULL;
if (!usedforsecurity) {
#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
EVP_MD_CTX_set_flags(self->ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
#endif
}
if (!EVP_DigestInit(self->ctx, digest)) {
_setException(PyExc_ValueError);
Py_DECREF(self);
......@@ -449,6 +456,8 @@ _hashlib.new as EVP_new
name as name_obj: object
string as data_obj: object(py_default="b''") = NULL
*
usedforsecurity: bool = True
Return a new hash object using the named algorithm.
......@@ -459,8 +468,9 @@ The MD5 and SHA1 algorithms are always supported.
[clinic start generated code]*/
static PyObject *
EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj)
/*[clinic end generated code: output=9e7cf664e04b0226 input=1c46e40e0fec91f3]*/
EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj,
int usedforsecurity)
/*[clinic end generated code: output=ddd5053f92dffe90 input=e9ac115d80962ddf]*/
{
Py_buffer view = { 0 };
PyObject *ret_obj;
......@@ -477,7 +487,9 @@ EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj)
digest = EVP_get_digestbyname(name);
ret_obj = EVPnew(digest, (unsigned char*)view.buf, view.len);
ret_obj = EVPnew(digest,
(unsigned char*)view.buf, view.len,
usedforsecurity);
if (data_obj)
PyBuffer_Release(&view);
......@@ -485,7 +497,8 @@ EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj)
}
static PyObject*
EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest)
EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest,
int usedforsecurity)
{
Py_buffer view = { 0 };
PyObject *ret_obj;
......@@ -493,7 +506,9 @@ EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest)
if (data_obj)
GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view);
ret_obj = EVPnew(digest, (unsigned char*)view.buf, view.len);
ret_obj = EVPnew(digest,
(unsigned char*)view.buf, view.len,
usedforsecurity);
if (data_obj)
PyBuffer_Release(&view);
......@@ -505,16 +520,19 @@ EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest)
_hashlib.openssl_md5
string as data_obj: object(py_default="b''") = NULL
*
usedforsecurity: bool = True
Returns a md5 hash object; optionally initialized with a string
[clinic start generated code]*/
static PyObject *
_hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj)
/*[clinic end generated code: output=6caae75b73e22c3f input=52010d3869e1b1a7]*/
_hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj,
int usedforsecurity)
/*[clinic end generated code: output=87b0186440a44f8c input=990e36d5e689b16e]*/
{
return EVP_fast_new(module, data_obj, EVP_md5());
return EVP_fast_new(module, data_obj, EVP_md5(), usedforsecurity);
}
......@@ -522,16 +540,19 @@ _hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj)
_hashlib.openssl_sha1
string as data_obj: object(py_default="b''") = NULL
*
usedforsecurity: bool = True
Returns a sha1 hash object; optionally initialized with a string
[clinic start generated code]*/
static PyObject *
_hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj)
/*[clinic end generated code: output=07606d8f75153e61 input=16807d30e4aa8ae9]*/
_hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj,
int usedforsecurity)
/*[clinic end generated code: output=6813024cf690670d input=948f2f4b6deabc10]*/
{
return EVP_fast_new(module, data_obj, EVP_sha1());
return EVP_fast_new(module, data_obj, EVP_sha1(), usedforsecurity);
}
......@@ -539,16 +560,19 @@ _hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj)
_hashlib.openssl_sha224
string as data_obj: object(py_default="b''") = NULL
*
usedforsecurity: bool = True
Returns a sha224 hash object; optionally initialized with a string
[clinic start generated code]*/
static PyObject *
_hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj)
/*[clinic end generated code: output=55e848761bcef0c9 input=5dbc2f1d84eb459b]*/
_hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj,
int usedforsecurity)
/*[clinic end generated code: output=a2dfe7cc4eb14ebb input=f9272821fadca505]*/
{
return EVP_fast_new(module, data_obj, EVP_sha224());
return EVP_fast_new(module, data_obj, EVP_sha224(), usedforsecurity);
}
......@@ -556,16 +580,19 @@ _hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj)
_hashlib.openssl_sha256
string as data_obj: object(py_default="b''") = NULL
*
usedforsecurity: bool = True
Returns a sha256 hash object; optionally initialized with a string
[clinic start generated code]*/
static PyObject *
_hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj)
/*[clinic end generated code: output=05851d7cce34ac65 input=a68a5d21cda5a80f]*/
_hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj,
int usedforsecurity)
/*[clinic end generated code: output=1f874a34870f0a68 input=549fad9d2930d4c5]*/
{
return EVP_fast_new(module, data_obj, EVP_sha256());
return EVP_fast_new(module, data_obj, EVP_sha256(), usedforsecurity);
}
......@@ -573,16 +600,19 @@ _hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj)
_hashlib.openssl_sha384
string as data_obj: object(py_default="b''") = NULL
*
usedforsecurity: bool = True
Returns a sha384 hash object; optionally initialized with a string
[clinic start generated code]*/
static PyObject *
_hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj)
/*[clinic end generated code: output=5101a4704a932c2f input=6bdfa006622b64ea]*/
_hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj,
int usedforsecurity)
/*[clinic end generated code: output=58529eff9ca457b2 input=48601a6e3bf14ad7]*/
{
return EVP_fast_new(module, data_obj, EVP_sha384());
return EVP_fast_new(module, data_obj, EVP_sha384(), usedforsecurity);
}
......@@ -590,16 +620,19 @@ _hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj)
_hashlib.openssl_sha512
string as data_obj: object(py_default="b''") = NULL
*
usedforsecurity: bool = True
Returns a sha512 hash object; optionally initialized with a string
[clinic start generated code]*/
static PyObject *
_hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj)
/*[clinic end generated code: output=20c8e63ee560a5cb input=ece50182ad4b76a6]*/
_hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj,
int usedforsecurity)
/*[clinic end generated code: output=2c744c9e4a40d5f6 input=c5c46a2a817aa98f]*/
{
return EVP_fast_new(module, data_obj, EVP_sha512());
return EVP_fast_new(module, data_obj, EVP_sha512(), usedforsecurity);
}
......
......@@ -2,6 +2,52 @@
preserve
[clinic start generated code]*/
PyDoc_STRVAR(py_sha3_new__doc__,
"sha3_224(data=b\'\', /, *, usedforsecurity=True)\n"
"--\n"
"\n"
"Return a new BLAKE2b hash object.");
static PyObject *
py_sha3_new_impl(PyTypeObject *type, PyObject *data, int usedforsecurity);
static PyObject *
py_sha3_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
{
PyObject *return_value = NULL;
static const char * const _keywords[] = {"", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "sha3_224", 0};
PyObject *argsbuf[2];
PyObject * const *fastargs;
Py_ssize_t nargs = PyTuple_GET_SIZE(args);
Py_ssize_t noptargs = nargs + (kwargs ? PyDict_GET_SIZE(kwargs) : 0) - 0;
PyObject *data = NULL;
int usedforsecurity = 1;
fastargs = _PyArg_UnpackKeywords(_PyTuple_CAST(args)->ob_item, nargs, kwargs, NULL, &_parser, 0, 1, 0, argsbuf);
if (!fastargs) {
goto exit;
}
if (nargs < 1) {
goto skip_optional_posonly;
}
noptargs--;
data = fastargs[0];
skip_optional_posonly:
if (!noptargs) {
goto skip_optional_kwonly;
}
usedforsecurity = PyObject_IsTrue(fastargs[1]);
if (usedforsecurity < 0) {
goto exit;
}
skip_optional_kwonly:
return_value = py_sha3_new_impl(type, data, usedforsecurity);
exit:
return return_value;
}
PyDoc_STRVAR(_sha3_sha3_224_copy__doc__,
"copy($self, /)\n"
"--\n"
......@@ -118,4 +164,4 @@ _sha3_shake_128_hexdigest(SHA3object *self, PyObject *arg)
exit:
return return_value;
}
/*[clinic end generated code: output=5b3e99b9a96471e8 input=a9049054013a1b77]*/
/*[clinic end generated code: output=c8a97b34e80def62 input=a9049054013a1b77]*/
......@@ -169,21 +169,24 @@ newSHA3object(PyTypeObject *type)
return newobj;
}
/*[clinic input]
@classmethod
_sha3.sha3_224.__new__ as py_sha3_new
data: object(c_default="NULL") = b''
/
*
usedforsecurity: bool = True
Return a new BLAKE2b hash object.
[clinic start generated code]*/
static PyObject *
py_sha3_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
py_sha3_new_impl(PyTypeObject *type, PyObject *data, int usedforsecurity)
/*[clinic end generated code: output=90409addc5d5e8b0 input=bcfcdf2e4368347a]*/
{
SHA3object *self = NULL;
Py_buffer buf = {NULL, NULL};
HashReturn res;
PyObject *data = NULL;
if (!_PyArg_NoKeywords(_PyType_Name(type), kwargs)) {
return NULL;
}
if (!PyArg_UnpackTuple(args, _PyType_Name(type), 0, 1, &data)) {
return NULL;
}
self = newSHA3object(type);
if (self == NULL) {
......@@ -529,22 +532,22 @@ static PyGetSetDef SHA3_getseters[] = {
}
PyDoc_STRVAR(sha3_224__doc__,
"sha3_224([data]) -> SHA3 object\n\
"sha3_224([data], *, usedforsecurity=True) -> SHA3 object\n\
\n\
Return a new SHA3 hash object with a hashbit length of 28 bytes.");
PyDoc_STRVAR(sha3_256__doc__,
"sha3_256([data]) -> SHA3 object\n\
"sha3_256([data], *, usedforsecurity=True) -> SHA3 object\n\
\n\
Return a new SHA3 hash object with a hashbit length of 32 bytes.");
PyDoc_STRVAR(sha3_384__doc__,
"sha3_384([data]) -> SHA3 object\n\
"sha3_384([data], *, usedforsecurity=True) -> SHA3 object\n\
\n\
Return a new SHA3 hash object with a hashbit length of 48 bytes.");
PyDoc_STRVAR(sha3_512__doc__,
"sha3_512([data]) -> SHA3 object\n\
"sha3_512([data], *, usedforsecurity=True) -> SHA3 object\n\
\n\
Return a new SHA3 hash object with a hashbit length of 64 bytes.");
......@@ -555,22 +558,22 @@ SHA3_TYPE(SHA3_512type, "_sha3.sha3_512", sha3_512__doc__, SHA3_methods);
#ifdef PY_WITH_KECCAK
PyDoc_STRVAR(keccak_224__doc__,
"keccak_224([data]) -> Keccak object\n\
"keccak_224([data], *, usedforsecurity=True) -> Keccak object\n\
\n\
Return a new Keccak hash object with a hashbit length of 28 bytes.");
PyDoc_STRVAR(keccak_256__doc__,
"keccak_256([data]) -> Keccak object\n\
"keccak_256([data], *, usedforsecurity=True) -> Keccak object\n\
\n\
Return a new Keccak hash object with a hashbit length of 32 bytes.");
PyDoc_STRVAR(keccak_384__doc__,
"keccak_384([data]) -> Keccak object\n\
"keccak_384([data], *, usedforsecurity=True) -> Keccak object\n\
\n\
Return a new Keccak hash object with a hashbit length of 48 bytes.");
PyDoc_STRVAR(keccak_512__doc__,
"keccak_512([data]) -> Keccak object\n\
"keccak_512([data], *, usedforsecurity=True) -> Keccak object\n\
\n\
Return a new Keccak hash object with a hashbit length of 64 bytes.");
......@@ -672,12 +675,12 @@ static PyMethodDef SHAKE_methods[] = {
};
PyDoc_STRVAR(shake_128__doc__,
"shake_128([data]) -> SHAKE object\n\
"shake_128([data], *, usedforsecurity=True) -> SHAKE object\n\
\n\
Return a new SHAKE hash object.");
PyDoc_STRVAR(shake_256__doc__,
"shake_256([data]) -> SHAKE object\n\
"shake_256([data], *, usedforsecurity=True) -> SHAKE object\n\
\n\
Return a new SHAKE hash object.");
......
This diff is collapsed.
......@@ -66,7 +66,7 @@ PyDoc_STRVAR(MD5Type_update__doc__,
{"update", (PyCFunction)MD5Type_update, METH_O, MD5Type_update__doc__},
PyDoc_STRVAR(_md5_md5__doc__,
"md5($module, /, string=b\'\')\n"
"md5($module, /, string=b\'\', *, usedforsecurity=True)\n"
"--\n"
"\n"
"Return a new MD5 hash object; optionally initialized with a string.");
......@@ -75,17 +75,18 @@ PyDoc_STRVAR(_md5_md5__doc__,
{"md5", (PyCFunction)(void(*)(void))_md5_md5, METH_FASTCALL|METH_KEYWORDS, _md5_md5__doc__},
static PyObject *
_md5_md5_impl(PyObject *module, PyObject *string);
_md5_md5_impl(PyObject *module, PyObject *string, int usedforsecurity);
static PyObject *
_md5_md5(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
PyObject *return_value = NULL;
static const char * const _keywords[] = {"string", NULL};
static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "md5", 0};
PyObject *argsbuf[1];
PyObject *argsbuf[2];
Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
PyObject *string = NULL;
int usedforsecurity = 1;
args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
if (!args) {
......@@ -94,11 +95,24 @@ _md5_md5(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kw
if (!noptargs) {
goto skip_optional_pos;
}
if (args[0]) {
string = args[0];
if (!--noptargs) {
goto skip_optional_pos;
}
}
skip_optional_pos:
return_value = _md5_md5_impl(module, string);
if (!noptargs) {
goto skip_optional_kwonly;
}
usedforsecurity = PyObject_IsTrue(args[1]);
if (usedforsecurity < 0) {
goto exit;
}
skip_optional_kwonly:
return_value = _md5_md5_impl(module, string, usedforsecurity);
exit:
return return_value;
}
/*[clinic end generated code: output=53133f08cf9095fc input=a9049054013a1b77]*/
/*[clinic end generated code: output=dbe3abc60086f3ef input=a9049054013a1b77]*/
......@@ -66,7 +66,7 @@ PyDoc_STRVAR(SHA1Type_update__doc__,
{"update", (PyCFunction)SHA1Type_update, METH_O, SHA1Type_update__doc__},
PyDoc_STRVAR(_sha1_sha1__doc__,
"sha1($module, /, string=b\'\')\n"
"sha1($module, /, string=b\'\', *, usedforsecurity=True)\n"
"--\n"
"\n"
"Return a new SHA1 hash object; optionally initialized with a string.");
......@@ -75,17 +75,18 @@ PyDoc_STRVAR(_sha1_sha1__doc__,
{"sha1", (PyCFunction)(void(*)(void))_sha1_sha1, METH_FASTCALL|METH_KEYWORDS, _sha1_sha1__doc__},
static PyObject *
_sha1_sha1_impl(PyObject *module, PyObject *string);
_sha1_sha1_impl(PyObject *module, PyObject *string, int usedforsecurity);
static PyObject *
_sha1_sha1(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
PyObject *return_value = NULL;
static const char * const _keywords[] = {"string", NULL};
static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "sha1", 0};
PyObject *argsbuf[1];
PyObject *argsbuf[2];
Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
PyObject *string = NULL;
int usedforsecurity = 1;
args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
if (!args) {
......@@ -94,11 +95,24 @@ _sha1_sha1(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *
if (!noptargs) {
goto skip_optional_pos;
}
if (args[0]) {
string = args[0];
if (!--noptargs) {
goto skip_optional_pos;
}
}
skip_optional_pos:
return_value = _sha1_sha1_impl(module, string);
if (!noptargs) {
goto skip_optional_kwonly;
}
usedforsecurity = PyObject_IsTrue(args[1]);
if (usedforsecurity < 0) {
goto exit;
}
skip_optional_kwonly:
return_value = _sha1_sha1_impl(module, string, usedforsecurity);
exit:
return return_value;
}
/*[clinic end generated code: output=1ae7e73ec84a27d5 input=a9049054013a1b77]*/
/*[clinic end generated code: output=3ddd637ae17e14b3 input=a9049054013a1b77]*/
......@@ -66,7 +66,7 @@ PyDoc_STRVAR(SHA256Type_update__doc__,
{"update", (PyCFunction)SHA256Type_update, METH_O, SHA256Type_update__doc__},
PyDoc_STRVAR(_sha256_sha256__doc__,
"sha256($module, /, string=b\'\')\n"
"sha256($module, /, string=b\'\', *, usedforsecurity=True)\n"
"--\n"
"\n"
"Return a new SHA-256 hash object; optionally initialized with a string.");
......@@ -75,17 +75,18 @@ PyDoc_STRVAR(_sha256_sha256__doc__,
{"sha256", (PyCFunction)(void(*)(void))_sha256_sha256, METH_FASTCALL|METH_KEYWORDS, _sha256_sha256__doc__},
static PyObject *
_sha256_sha256_impl(PyObject *module, PyObject *string);
_sha256_sha256_impl(PyObject *module, PyObject *string, int usedforsecurity);
static PyObject *
_sha256_sha256(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
PyObject *return_value = NULL;
static const char * const _keywords[] = {"string", NULL};
static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "sha256", 0};
PyObject *argsbuf[1];
PyObject *argsbuf[2];
Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
PyObject *string = NULL;
int usedforsecurity = 1;
args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
if (!args) {
......@@ -94,16 +95,29 @@ _sha256_sha256(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObje
if (!noptargs) {
goto skip_optional_pos;
}
if (args[0]) {
string = args[0];
if (!--noptargs) {
goto skip_optional_pos;
}
}
skip_optional_pos:
return_value = _sha256_sha256_impl(module, string);
if (!noptargs) {
goto skip_optional_kwonly;
}
usedforsecurity = PyObject_IsTrue(args[1]);
if (usedforsecurity < 0) {
goto exit;
}
skip_optional_kwonly:
return_value = _sha256_sha256_impl(module, string, usedforsecurity);
exit:
return return_value;
}
PyDoc_STRVAR(_sha256_sha224__doc__,
"sha224($module, /, string=b\'\')\n"
"sha224($module, /, string=b\'\', *, usedforsecurity=True)\n"
"--\n"
"\n"
"Return a new SHA-224 hash object; optionally initialized with a string.");
......@@ -112,17 +126,18 @@ PyDoc_STRVAR(_sha256_sha224__doc__,
{"sha224", (PyCFunction)(void(*)(void))_sha256_sha224, METH_FASTCALL|METH_KEYWORDS, _sha256_sha224__doc__},
static PyObject *
_sha256_sha224_impl(PyObject *module, PyObject *string);
_sha256_sha224_impl(PyObject *module, PyObject *string, int usedforsecurity);
static PyObject *
_sha256_sha224(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
PyObject *return_value = NULL;
static const char * const _keywords[] = {"string", NULL};
static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "sha224", 0};
PyObject *argsbuf[1];
PyObject *argsbuf[2];
Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
PyObject *string = NULL;
int usedforsecurity = 1;
args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
if (!args) {
......@@ -131,11 +146,24 @@ _sha256_sha224(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObje
if (!noptargs) {
goto skip_optional_pos;
}
if (args[0]) {
string = args[0];
if (!--noptargs) {
goto skip_optional_pos;
}
}
skip_optional_pos:
return_value = _sha256_sha224_impl(module, string);
if (!noptargs) {
goto skip_optional_kwonly;
}
usedforsecurity = PyObject_IsTrue(args[1]);
if (usedforsecurity < 0) {
goto exit;
}
skip_optional_kwonly:
return_value = _sha256_sha224_impl(module, string, usedforsecurity);
exit:
return return_value;
}
/*[clinic end generated code: output=c54d0956ec88409d input=a9049054013a1b77]*/
/*[clinic end generated code: output=c8cca8adbe72ec9a input=a9049054013a1b77]*/
......@@ -66,7 +66,7 @@ PyDoc_STRVAR(SHA512Type_update__doc__,
{"update", (PyCFunction)SHA512Type_update, METH_O, SHA512Type_update__doc__},
PyDoc_STRVAR(_sha512_sha512__doc__,
"sha512($module, /, string=b\'\')\n"
"sha512($module, /, string=b\'\', *, usedforsecurity=True)\n"
"--\n"
"\n"
"Return a new SHA-512 hash object; optionally initialized with a string.");
......@@ -75,17 +75,18 @@ PyDoc_STRVAR(_sha512_sha512__doc__,
{"sha512", (PyCFunction)(void(*)(void))_sha512_sha512, METH_FASTCALL|METH_KEYWORDS, _sha512_sha512__doc__},
static PyObject *
_sha512_sha512_impl(PyObject *module, PyObject *string);
_sha512_sha512_impl(PyObject *module, PyObject *string, int usedforsecurity);
static PyObject *
_sha512_sha512(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
PyObject *return_value = NULL;
static const char * const _keywords[] = {"string", NULL};
static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "sha512", 0};
PyObject *argsbuf[1];
PyObject *argsbuf[2];
Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
PyObject *string = NULL;
int usedforsecurity = 1;
args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
if (!args) {
......@@ -94,16 +95,29 @@ _sha512_sha512(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObje
if (!noptargs) {
goto skip_optional_pos;
}
if (args[0]) {
string = args[0];
if (!--noptargs) {
goto skip_optional_pos;
}
}
skip_optional_pos:
return_value = _sha512_sha512_impl(module, string);
if (!noptargs) {
goto skip_optional_kwonly;
}
usedforsecurity = PyObject_IsTrue(args[1]);
if (usedforsecurity < 0) {
goto exit;
}
skip_optional_kwonly:
return_value = _sha512_sha512_impl(module, string, usedforsecurity);
exit:
return return_value;
}
PyDoc_STRVAR(_sha512_sha384__doc__,
"sha384($module, /, string=b\'\')\n"
"sha384($module, /, string=b\'\', *, usedforsecurity=True)\n"
"--\n"
"\n"
"Return a new SHA-384 hash object; optionally initialized with a string.");
......@@ -112,17 +126,18 @@ PyDoc_STRVAR(_sha512_sha384__doc__,
{"sha384", (PyCFunction)(void(*)(void))_sha512_sha384, METH_FASTCALL|METH_KEYWORDS, _sha512_sha384__doc__},
static PyObject *
_sha512_sha384_impl(PyObject *module, PyObject *string);
_sha512_sha384_impl(PyObject *module, PyObject *string, int usedforsecurity);
static PyObject *
_sha512_sha384(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
PyObject *return_value = NULL;
static const char * const _keywords[] = {"string", NULL};
static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "sha384", 0};
PyObject *argsbuf[1];
PyObject *argsbuf[2];
Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
PyObject *string = NULL;
int usedforsecurity = 1;
args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
if (!args) {
......@@ -131,11 +146,24 @@ _sha512_sha384(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObje
if (!noptargs) {
goto skip_optional_pos;
}
if (args[0]) {
string = args[0];
if (!--noptargs) {
goto skip_optional_pos;
}
}
skip_optional_pos:
return_value = _sha512_sha384_impl(module, string);
if (!noptargs) {
goto skip_optional_kwonly;
}
usedforsecurity = PyObject_IsTrue(args[1]);
if (usedforsecurity < 0) {
goto exit;
}
skip_optional_kwonly:
return_value = _sha512_sha384_impl(module, string, usedforsecurity);
exit:
return return_value;
}
/*[clinic end generated code: output=580df4b667084a7e input=a9049054013a1b77]*/
/*[clinic end generated code: output=bbfa72d8703c82b5 input=a9049054013a1b77]*/
......@@ -503,13 +503,15 @@ static PyTypeObject MD5type = {
_md5.md5
string: object(c_default="NULL") = b''
*
usedforsecurity: bool = True
Return a new MD5 hash object; optionally initialized with a string.
[clinic start generated code]*/
static PyObject *
_md5_md5_impl(PyObject *module, PyObject *string)
/*[clinic end generated code: output=2cfd0f8c091b97e6 input=d12ef8f72d684f7b]*/
_md5_md5_impl(PyObject *module, PyObject *string, int usedforsecurity)
/*[clinic end generated code: output=587071f76254a4ac input=7a144a1905636985]*/
{
MD5object *new;
Py_buffer buf;
......
......@@ -480,13 +480,15 @@ static PyTypeObject SHA1type = {
_sha1.sha1
string: object(c_default="NULL") = b''
*
usedforsecurity: bool = True
Return a new SHA1 hash object; optionally initialized with a string.
[clinic start generated code]*/
static PyObject *
_sha1_sha1_impl(PyObject *module, PyObject *string)
/*[clinic end generated code: output=e5982830d1dece51 input=27ea54281d995ec2]*/
_sha1_sha1_impl(PyObject *module, PyObject *string, int usedforsecurity)
/*[clinic end generated code: output=6f8b3af05126e18e input=bd54b68e2bf36a8a]*/
{
SHA1object *new;
Py_buffer buf;
......
......@@ -601,13 +601,15 @@ static PyTypeObject SHA256type = {
_sha256.sha256
string: object(c_default="NULL") = b''
*
usedforsecurity: bool = True
Return a new SHA-256 hash object; optionally initialized with a string.
[clinic start generated code]*/
static PyObject *
_sha256_sha256_impl(PyObject *module, PyObject *string)
/*[clinic end generated code: output=fa644436dcea5c31 input=09cce3fb855056b2]*/
_sha256_sha256_impl(PyObject *module, PyObject *string, int usedforsecurity)
/*[clinic end generated code: output=a1de327e8e1185cf input=9be86301aeb14ea5]*/
{
SHAobject *new;
Py_buffer buf;
......@@ -641,13 +643,15 @@ _sha256_sha256_impl(PyObject *module, PyObject *string)
_sha256.sha224
string: object(c_default="NULL") = b''
*
usedforsecurity: bool = True
Return a new SHA-224 hash object; optionally initialized with a string.
[clinic start generated code]*/
static PyObject *
_sha256_sha224_impl(PyObject *module, PyObject *string)
/*[clinic end generated code: output=21e3ba22c3404f93 input=27a04ba24c353a73]*/
_sha256_sha224_impl(PyObject *module, PyObject *string, int usedforsecurity)
/*[clinic end generated code: output=08be6b36569bc69c input=9fcfb46e460860ac]*/
{
SHAobject *new;
Py_buffer buf;
......
......@@ -666,13 +666,15 @@ static PyTypeObject SHA512type = {
_sha512.sha512
string: object(c_default="NULL") = b''
*
usedforsecurity: bool = True
Return a new SHA-512 hash object; optionally initialized with a string.
[clinic start generated code]*/
static PyObject *
_sha512_sha512_impl(PyObject *module, PyObject *string)
/*[clinic end generated code: output=8b865a2df73bd387 input=e69bad9ae9b6a308]*/
_sha512_sha512_impl(PyObject *module, PyObject *string, int usedforsecurity)
/*[clinic end generated code: output=a8d9e5f9e6a0831c input=23b4daebc2ebb9c9]*/
{
SHAobject *new;
Py_buffer buf;
......@@ -706,13 +708,15 @@ _sha512_sha512_impl(PyObject *module, PyObject *string)
_sha512.sha384
string: object(c_default="NULL") = b''
*
usedforsecurity: bool = True
Return a new SHA-384 hash object; optionally initialized with a string.
[clinic start generated code]*/
static PyObject *
_sha512_sha384_impl(PyObject *module, PyObject *string)
/*[clinic end generated code: output=ae4b2e26decf81e8 input=c9327788d4ea4545]*/
_sha512_sha384_impl(PyObject *module, PyObject *string, int usedforsecurity)
/*[clinic end generated code: output=da7d594a08027ac3 input=59ef72f039a6b431]*/
{
SHAobject *new;
Py_buffer buf;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment