diff --git a/Doc/library/hashlib.rst b/Doc/library/hashlib.rst index a16c7cd4d7c..6eb3a7bb4cc 100644 --- a/Doc/library/hashlib.rst +++ b/Doc/library/hashlib.rst @@ -67,7 +67,7 @@ Constructors for hash algorithms that are always present in this module are :func:`sha1`, :func:`sha224`, :func:`sha256`, :func:`sha384`, :func:`sha512`, :func:`blake2b`, and :func:`blake2s`. :func:`md5` is normally available as well, though it -may be missing if you are using a rare "FIPS compliant" build of Python. +may be missing or blocked if you are using a rare "FIPS compliant" build of Python. Additional algorithms may also be available depending upon the OpenSSL library that Python uses on your platform. On most platforms the :func:`sha3_224`, :func:`sha3_256`, :func:`sha3_384`, :func:`sha3_512`, @@ -80,6 +80,13 @@ library that Python uses on your platform. On most platforms the .. versionadded:: 3.6 :func:`blake2b` and :func:`blake2s` were added. +.. versionchanged:: 3.9 + All hashlib constructors take a keyword-only argument *usedforsecurity* + with default value *True*. A false value allows the use of insecure and + blocked hashing algorithms in restricted environments. *False* indicates + that the hashing algorithm is not used in a security context, e.g. as a + non-cryptographic one-way compression function. + For example, to obtain the digest of the byte string ``b'Nobody inspects the spammish repetition'``:: @@ -99,7 +106,7 @@ More condensed: >>> hashlib.sha224(b"Nobody inspects the spammish repetition").hexdigest() 'a4337bc45a8fc544c03f52dc550cd6e1e87021bc896588bd79e901e2' -.. function:: new(name[, data]) +.. function:: new(name[, data], *, usedforsecurity=True) Is a generic constructor that takes the string *name* of the desired algorithm as its first parameter. It also exists to allow access to the @@ -308,11 +315,13 @@ New hash objects are created by calling constructor functions: .. function:: blake2b(data=b'', *, digest_size=64, key=b'', salt=b'', \ person=b'', fanout=1, depth=1, leaf_size=0, node_offset=0, \ - node_depth=0, inner_size=0, last_node=False) + node_depth=0, inner_size=0, last_node=False, \ + usedforsecurity=True) .. function:: blake2s(data=b'', *, digest_size=32, key=b'', salt=b'', \ person=b'', fanout=1, depth=1, leaf_size=0, node_offset=0, \ - node_depth=0, inner_size=0, last_node=False) + node_depth=0, inner_size=0, last_node=False, \ + usedforsecurity=True) These functions return the corresponding hash objects for calculating diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py index b7b04a37f0d..46088e52dc5 100644 --- a/Lib/test/test_hashlib.py +++ b/Lib/test/test_hashlib.py @@ -190,6 +190,15 @@ class HashLibTestCase(unittest.TestCase): self.assertTrue(set(hashlib.algorithms_guaranteed). issubset(hashlib.algorithms_available)) + def test_usedforsecurity(self): + for cons in self.hash_constructors: + cons(usedforsecurity=True) + cons(usedforsecurity=False) + cons(b'', usedforsecurity=True) + cons(b'', usedforsecurity=False) + hashlib.new("sha256", usedforsecurity=True) + hashlib.new("sha256", usedforsecurity=False) + def test_unknown_hash(self): self.assertRaises(ValueError, hashlib.new, 'spam spam spam spam spam') self.assertRaises(TypeError, hashlib.new, 1) diff --git a/Lib/uuid.py b/Lib/uuid.py index 188e16ba14e..5f3bc9e8de4 100644 --- a/Lib/uuid.py +++ b/Lib/uuid.py @@ -772,8 +772,11 @@ def uuid1(node=None, clock_seq=None): def uuid3(namespace, name): """Generate a UUID from the MD5 hash of a namespace UUID and a name.""" from hashlib import md5 - hash = md5(namespace.bytes + bytes(name, "utf-8")).digest() - return UUID(bytes=hash[:16], version=3) + digest = md5( + namespace.bytes + bytes(name, "utf-8"), + usedforsecurity=False + ).digest() + return UUID(bytes=digest[:16], version=3) def uuid4(): """Generate a random UUID.""" diff --git a/Misc/NEWS.d/next/Library/2019-09-12-14-54-45.bpo-9216.W7QMpC.rst b/Misc/NEWS.d/next/Library/2019-09-12-14-54-45.bpo-9216.W7QMpC.rst new file mode 100644 index 00000000000..a97ca4b8b4f --- /dev/null +++ b/Misc/NEWS.d/next/Library/2019-09-12-14-54-45.bpo-9216.W7QMpC.rst @@ -0,0 +1,2 @@ +hashlib constructors now support usedforsecurity flag to signal that a +hashing algorithm is not used in a security context. diff --git a/Modules/_blake2/blake2b_impl.c b/Modules/_blake2/blake2b_impl.c index edab31ea222..88c103f56c4 100644 --- a/Modules/_blake2/blake2b_impl.c +++ b/Modules/_blake2/blake2b_impl.c @@ -81,6 +81,7 @@ _blake2.blake2b.__new__ as py_blake2b_new node_depth: int = 0 inner_size: int = 0 last_node: bool = False + usedforsecurity: bool = True Return a new BLAKE2b hash object. [clinic start generated code]*/ @@ -90,8 +91,8 @@ py_blake2b_new_impl(PyTypeObject *type, PyObject *data, int digest_size, Py_buffer *key, Py_buffer *salt, Py_buffer *person, int fanout, int depth, unsigned long leaf_size, unsigned long long node_offset, int node_depth, - int inner_size, int last_node) -/*[clinic end generated code: output=65e732c66c2297a0 input=82be35a4e6a9daa2]*/ + int inner_size, int last_node, int usedforsecurity) +/*[clinic end generated code: output=32bfd8f043c6896f input=b947312abff46977]*/ { BLAKE2bObject *self = NULL; Py_buffer buf; diff --git a/Modules/_blake2/blake2s_impl.c b/Modules/_blake2/blake2s_impl.c index ef2f7e1980f..c7c7eafdee2 100644 --- a/Modules/_blake2/blake2s_impl.c +++ b/Modules/_blake2/blake2s_impl.c @@ -81,6 +81,7 @@ _blake2.blake2s.__new__ as py_blake2s_new node_depth: int = 0 inner_size: int = 0 last_node: bool = False + usedforsecurity: bool = True Return a new BLAKE2s hash object. [clinic start generated code]*/ @@ -90,8 +91,8 @@ py_blake2s_new_impl(PyTypeObject *type, PyObject *data, int digest_size, Py_buffer *key, Py_buffer *salt, Py_buffer *person, int fanout, int depth, unsigned long leaf_size, unsigned long long node_offset, int node_depth, - int inner_size, int last_node) -/*[clinic end generated code: output=b95806be0514dcf7 input=641c0509debf714d]*/ + int inner_size, int last_node, int usedforsecurity) +/*[clinic end generated code: output=556181f73905c686 input=4dda87723f23abb0]*/ { BLAKE2sObject *self = NULL; Py_buffer buf; diff --git a/Modules/_blake2/clinic/blake2b_impl.c.h b/Modules/_blake2/clinic/blake2b_impl.c.h index cd329c07c99..07258c31c9b 100644 --- a/Modules/_blake2/clinic/blake2b_impl.c.h +++ b/Modules/_blake2/clinic/blake2b_impl.c.h @@ -5,7 +5,8 @@ preserve PyDoc_STRVAR(py_blake2b_new__doc__, "blake2b(data=b\'\', /, *, digest_size=_blake2.blake2b.MAX_DIGEST_SIZE,\n" " key=b\'\', salt=b\'\', person=b\'\', fanout=1, depth=1, leaf_size=0,\n" -" node_offset=0, node_depth=0, inner_size=0, last_node=False)\n" +" node_offset=0, node_depth=0, inner_size=0, last_node=False,\n" +" usedforsecurity=True)\n" "--\n" "\n" "Return a new BLAKE2b hash object."); @@ -15,15 +16,15 @@ py_blake2b_new_impl(PyTypeObject *type, PyObject *data, int digest_size, Py_buffer *key, Py_buffer *salt, Py_buffer *person, int fanout, int depth, unsigned long leaf_size, unsigned long long node_offset, int node_depth, - int inner_size, int last_node); + int inner_size, int last_node, int usedforsecurity); static PyObject * py_blake2b_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"", "digest_size", "key", "salt", "person", "fanout", "depth", "leaf_size", "node_offset", "node_depth", "inner_size", "last_node", NULL}; + static const char * const _keywords[] = {"", "digest_size", "key", "salt", "person", "fanout", "depth", "leaf_size", "node_offset", "node_depth", "inner_size", "last_node", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "blake2b", 0}; - PyObject *argsbuf[12]; + PyObject *argsbuf[13]; PyObject * const *fastargs; Py_ssize_t nargs = PyTuple_GET_SIZE(args); Py_ssize_t noptargs = nargs + (kwargs ? PyDict_GET_SIZE(kwargs) : 0) - 0; @@ -39,6 +40,7 @@ py_blake2b_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) int node_depth = 0; int inner_size = 0; int last_node = 0; + int usedforsecurity = 1; fastargs = _PyArg_UnpackKeywords(_PyTuple_CAST(args)->ob_item, nargs, kwargs, NULL, &_parser, 0, 1, 0, argsbuf); if (!fastargs) { @@ -175,12 +177,21 @@ skip_optional_posonly: goto skip_optional_kwonly; } } - last_node = PyObject_IsTrue(fastargs[11]); - if (last_node < 0) { + if (fastargs[11]) { + last_node = PyObject_IsTrue(fastargs[11]); + if (last_node < 0) { + goto exit; + } + if (!--noptargs) { + goto skip_optional_kwonly; + } + } + usedforsecurity = PyObject_IsTrue(fastargs[12]); + if (usedforsecurity < 0) { goto exit; } skip_optional_kwonly: - return_value = py_blake2b_new_impl(type, data, digest_size, &key, &salt, &person, fanout, depth, leaf_size, node_offset, node_depth, inner_size, last_node); + return_value = py_blake2b_new_impl(type, data, digest_size, &key, &salt, &person, fanout, depth, leaf_size, node_offset, node_depth, inner_size, last_node, usedforsecurity); exit: /* Cleanup for key */ @@ -261,4 +272,4 @@ _blake2_blake2b_hexdigest(BLAKE2bObject *self, PyObject *Py_UNUSED(ignored)) { return _blake2_blake2b_hexdigest_impl(self); } -/*[clinic end generated code: output=cbb625d7f60c288c input=a9049054013a1b77]*/ +/*[clinic end generated code: output=2d6d0fe9aa42a42a input=a9049054013a1b77]*/ diff --git a/Modules/_blake2/clinic/blake2s_impl.c.h b/Modules/_blake2/clinic/blake2s_impl.c.h index 560bd68160b..71c5706fb66 100644 --- a/Modules/_blake2/clinic/blake2s_impl.c.h +++ b/Modules/_blake2/clinic/blake2s_impl.c.h @@ -5,7 +5,8 @@ preserve PyDoc_STRVAR(py_blake2s_new__doc__, "blake2s(data=b\'\', /, *, digest_size=_blake2.blake2s.MAX_DIGEST_SIZE,\n" " key=b\'\', salt=b\'\', person=b\'\', fanout=1, depth=1, leaf_size=0,\n" -" node_offset=0, node_depth=0, inner_size=0, last_node=False)\n" +" node_offset=0, node_depth=0, inner_size=0, last_node=False,\n" +" usedforsecurity=True)\n" "--\n" "\n" "Return a new BLAKE2s hash object."); @@ -15,15 +16,15 @@ py_blake2s_new_impl(PyTypeObject *type, PyObject *data, int digest_size, Py_buffer *key, Py_buffer *salt, Py_buffer *person, int fanout, int depth, unsigned long leaf_size, unsigned long long node_offset, int node_depth, - int inner_size, int last_node); + int inner_size, int last_node, int usedforsecurity); static PyObject * py_blake2s_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"", "digest_size", "key", "salt", "person", "fanout", "depth", "leaf_size", "node_offset", "node_depth", "inner_size", "last_node", NULL}; + static const char * const _keywords[] = {"", "digest_size", "key", "salt", "person", "fanout", "depth", "leaf_size", "node_offset", "node_depth", "inner_size", "last_node", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "blake2s", 0}; - PyObject *argsbuf[12]; + PyObject *argsbuf[13]; PyObject * const *fastargs; Py_ssize_t nargs = PyTuple_GET_SIZE(args); Py_ssize_t noptargs = nargs + (kwargs ? PyDict_GET_SIZE(kwargs) : 0) - 0; @@ -39,6 +40,7 @@ py_blake2s_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) int node_depth = 0; int inner_size = 0; int last_node = 0; + int usedforsecurity = 1; fastargs = _PyArg_UnpackKeywords(_PyTuple_CAST(args)->ob_item, nargs, kwargs, NULL, &_parser, 0, 1, 0, argsbuf); if (!fastargs) { @@ -175,12 +177,21 @@ skip_optional_posonly: goto skip_optional_kwonly; } } - last_node = PyObject_IsTrue(fastargs[11]); - if (last_node < 0) { + if (fastargs[11]) { + last_node = PyObject_IsTrue(fastargs[11]); + if (last_node < 0) { + goto exit; + } + if (!--noptargs) { + goto skip_optional_kwonly; + } + } + usedforsecurity = PyObject_IsTrue(fastargs[12]); + if (usedforsecurity < 0) { goto exit; } skip_optional_kwonly: - return_value = py_blake2s_new_impl(type, data, digest_size, &key, &salt, &person, fanout, depth, leaf_size, node_offset, node_depth, inner_size, last_node); + return_value = py_blake2s_new_impl(type, data, digest_size, &key, &salt, &person, fanout, depth, leaf_size, node_offset, node_depth, inner_size, last_node, usedforsecurity); exit: /* Cleanup for key */ @@ -261,4 +272,4 @@ _blake2_blake2s_hexdigest(BLAKE2sObject *self, PyObject *Py_UNUSED(ignored)) { return _blake2_blake2s_hexdigest_impl(self); } -/*[clinic end generated code: output=39af5a74c8805b36 input=a9049054013a1b77]*/ +/*[clinic end generated code: output=c80d8d06ce40a192 input=a9049054013a1b77]*/ diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c index c685279c7a7..c65c698cbba 100644 --- a/Modules/_hashopenssl.c +++ b/Modules/_hashopenssl.c @@ -405,7 +405,7 @@ static PyTypeObject EVPtype = { static PyObject * EVPnew(const EVP_MD *digest, - const unsigned char *cp, Py_ssize_t len) + const unsigned char *cp, Py_ssize_t len, int usedforsecurity) { int result = 0; EVPobject *self; @@ -418,6 +418,13 @@ EVPnew(const EVP_MD *digest, if ((self = newEVPobject()) == NULL) return NULL; + if (!usedforsecurity) { +#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW + EVP_MD_CTX_set_flags(self->ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); +#endif + } + + if (!EVP_DigestInit(self->ctx, digest)) { _setException(PyExc_ValueError); Py_DECREF(self); @@ -449,6 +456,8 @@ _hashlib.new as EVP_new name as name_obj: object string as data_obj: object(py_default="b''") = NULL + * + usedforsecurity: bool = True Return a new hash object using the named algorithm. @@ -459,8 +468,9 @@ The MD5 and SHA1 algorithms are always supported. [clinic start generated code]*/ static PyObject * -EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj) -/*[clinic end generated code: output=9e7cf664e04b0226 input=1c46e40e0fec91f3]*/ +EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj, + int usedforsecurity) +/*[clinic end generated code: output=ddd5053f92dffe90 input=e9ac115d80962ddf]*/ { Py_buffer view = { 0 }; PyObject *ret_obj; @@ -477,7 +487,9 @@ EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj) digest = EVP_get_digestbyname(name); - ret_obj = EVPnew(digest, (unsigned char*)view.buf, view.len); + ret_obj = EVPnew(digest, + (unsigned char*)view.buf, view.len, + usedforsecurity); if (data_obj) PyBuffer_Release(&view); @@ -485,7 +497,8 @@ EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj) } static PyObject* -EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest) +EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest, + int usedforsecurity) { Py_buffer view = { 0 }; PyObject *ret_obj; @@ -493,7 +506,9 @@ EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest) if (data_obj) GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view); - ret_obj = EVPnew(digest, (unsigned char*)view.buf, view.len); + ret_obj = EVPnew(digest, + (unsigned char*)view.buf, view.len, + usedforsecurity); if (data_obj) PyBuffer_Release(&view); @@ -505,16 +520,19 @@ EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest) _hashlib.openssl_md5 string as data_obj: object(py_default="b''") = NULL + * + usedforsecurity: bool = True Returns a md5 hash object; optionally initialized with a string [clinic start generated code]*/ static PyObject * -_hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj) -/*[clinic end generated code: output=6caae75b73e22c3f input=52010d3869e1b1a7]*/ +_hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity) +/*[clinic end generated code: output=87b0186440a44f8c input=990e36d5e689b16e]*/ { - return EVP_fast_new(module, data_obj, EVP_md5()); + return EVP_fast_new(module, data_obj, EVP_md5(), usedforsecurity); } @@ -522,16 +540,19 @@ _hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj) _hashlib.openssl_sha1 string as data_obj: object(py_default="b''") = NULL + * + usedforsecurity: bool = True Returns a sha1 hash object; optionally initialized with a string [clinic start generated code]*/ static PyObject * -_hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj) -/*[clinic end generated code: output=07606d8f75153e61 input=16807d30e4aa8ae9]*/ +_hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity) +/*[clinic end generated code: output=6813024cf690670d input=948f2f4b6deabc10]*/ { - return EVP_fast_new(module, data_obj, EVP_sha1()); + return EVP_fast_new(module, data_obj, EVP_sha1(), usedforsecurity); } @@ -539,16 +560,19 @@ _hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj) _hashlib.openssl_sha224 string as data_obj: object(py_default="b''") = NULL + * + usedforsecurity: bool = True Returns a sha224 hash object; optionally initialized with a string [clinic start generated code]*/ static PyObject * -_hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj) -/*[clinic end generated code: output=55e848761bcef0c9 input=5dbc2f1d84eb459b]*/ +_hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity) +/*[clinic end generated code: output=a2dfe7cc4eb14ebb input=f9272821fadca505]*/ { - return EVP_fast_new(module, data_obj, EVP_sha224()); + return EVP_fast_new(module, data_obj, EVP_sha224(), usedforsecurity); } @@ -556,16 +580,19 @@ _hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj) _hashlib.openssl_sha256 string as data_obj: object(py_default="b''") = NULL + * + usedforsecurity: bool = True Returns a sha256 hash object; optionally initialized with a string [clinic start generated code]*/ static PyObject * -_hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj) -/*[clinic end generated code: output=05851d7cce34ac65 input=a68a5d21cda5a80f]*/ +_hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity) +/*[clinic end generated code: output=1f874a34870f0a68 input=549fad9d2930d4c5]*/ { - return EVP_fast_new(module, data_obj, EVP_sha256()); + return EVP_fast_new(module, data_obj, EVP_sha256(), usedforsecurity); } @@ -573,16 +600,19 @@ _hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj) _hashlib.openssl_sha384 string as data_obj: object(py_default="b''") = NULL + * + usedforsecurity: bool = True Returns a sha384 hash object; optionally initialized with a string [clinic start generated code]*/ static PyObject * -_hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj) -/*[clinic end generated code: output=5101a4704a932c2f input=6bdfa006622b64ea]*/ +_hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity) +/*[clinic end generated code: output=58529eff9ca457b2 input=48601a6e3bf14ad7]*/ { - return EVP_fast_new(module, data_obj, EVP_sha384()); + return EVP_fast_new(module, data_obj, EVP_sha384(), usedforsecurity); } @@ -590,16 +620,19 @@ _hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj) _hashlib.openssl_sha512 string as data_obj: object(py_default="b''") = NULL + * + usedforsecurity: bool = True Returns a sha512 hash object; optionally initialized with a string [clinic start generated code]*/ static PyObject * -_hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj) -/*[clinic end generated code: output=20c8e63ee560a5cb input=ece50182ad4b76a6]*/ +_hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity) +/*[clinic end generated code: output=2c744c9e4a40d5f6 input=c5c46a2a817aa98f]*/ { - return EVP_fast_new(module, data_obj, EVP_sha512()); + return EVP_fast_new(module, data_obj, EVP_sha512(), usedforsecurity); } diff --git a/Modules/_sha3/clinic/sha3module.c.h b/Modules/_sha3/clinic/sha3module.c.h index 554442df0ec..1c79c269391 100644 --- a/Modules/_sha3/clinic/sha3module.c.h +++ b/Modules/_sha3/clinic/sha3module.c.h @@ -2,6 +2,52 @@ preserve [clinic start generated code]*/ +PyDoc_STRVAR(py_sha3_new__doc__, +"sha3_224(data=b\'\', /, *, usedforsecurity=True)\n" +"--\n" +"\n" +"Return a new BLAKE2b hash object."); + +static PyObject * +py_sha3_new_impl(PyTypeObject *type, PyObject *data, int usedforsecurity); + +static PyObject * +py_sha3_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) +{ + PyObject *return_value = NULL; + static const char * const _keywords[] = {"", "usedforsecurity", NULL}; + static _PyArg_Parser _parser = {NULL, _keywords, "sha3_224", 0}; + PyObject *argsbuf[2]; + PyObject * const *fastargs; + Py_ssize_t nargs = PyTuple_GET_SIZE(args); + Py_ssize_t noptargs = nargs + (kwargs ? PyDict_GET_SIZE(kwargs) : 0) - 0; + PyObject *data = NULL; + int usedforsecurity = 1; + + fastargs = _PyArg_UnpackKeywords(_PyTuple_CAST(args)->ob_item, nargs, kwargs, NULL, &_parser, 0, 1, 0, argsbuf); + if (!fastargs) { + goto exit; + } + if (nargs < 1) { + goto skip_optional_posonly; + } + noptargs--; + data = fastargs[0]; +skip_optional_posonly: + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(fastargs[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = py_sha3_new_impl(type, data, usedforsecurity); + +exit: + return return_value; +} + PyDoc_STRVAR(_sha3_sha3_224_copy__doc__, "copy($self, /)\n" "--\n" @@ -118,4 +164,4 @@ _sha3_shake_128_hexdigest(SHA3object *self, PyObject *arg) exit: return return_value; } -/*[clinic end generated code: output=5b3e99b9a96471e8 input=a9049054013a1b77]*/ +/*[clinic end generated code: output=c8a97b34e80def62 input=a9049054013a1b77]*/ diff --git a/Modules/_sha3/sha3module.c b/Modules/_sha3/sha3module.c index c1fb6185e24..d4ca9a111da 100644 --- a/Modules/_sha3/sha3module.c +++ b/Modules/_sha3/sha3module.c @@ -169,21 +169,24 @@ newSHA3object(PyTypeObject *type) return newobj; } +/*[clinic input] +@classmethod +_sha3.sha3_224.__new__ as py_sha3_new + data: object(c_default="NULL") = b'' + / + * + usedforsecurity: bool = True + +Return a new BLAKE2b hash object. +[clinic start generated code]*/ static PyObject * -py_sha3_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) +py_sha3_new_impl(PyTypeObject *type, PyObject *data, int usedforsecurity) +/*[clinic end generated code: output=90409addc5d5e8b0 input=bcfcdf2e4368347a]*/ { SHA3object *self = NULL; Py_buffer buf = {NULL, NULL}; HashReturn res; - PyObject *data = NULL; - - if (!_PyArg_NoKeywords(_PyType_Name(type), kwargs)) { - return NULL; - } - if (!PyArg_UnpackTuple(args, _PyType_Name(type), 0, 1, &data)) { - return NULL; - } self = newSHA3object(type); if (self == NULL) { @@ -529,22 +532,22 @@ static PyGetSetDef SHA3_getseters[] = { } PyDoc_STRVAR(sha3_224__doc__, -"sha3_224([data]) -> SHA3 object\n\ +"sha3_224([data], *, usedforsecurity=True) -> SHA3 object\n\ \n\ Return a new SHA3 hash object with a hashbit length of 28 bytes."); PyDoc_STRVAR(sha3_256__doc__, -"sha3_256([data]) -> SHA3 object\n\ +"sha3_256([data], *, usedforsecurity=True) -> SHA3 object\n\ \n\ Return a new SHA3 hash object with a hashbit length of 32 bytes."); PyDoc_STRVAR(sha3_384__doc__, -"sha3_384([data]) -> SHA3 object\n\ +"sha3_384([data], *, usedforsecurity=True) -> SHA3 object\n\ \n\ Return a new SHA3 hash object with a hashbit length of 48 bytes."); PyDoc_STRVAR(sha3_512__doc__, -"sha3_512([data]) -> SHA3 object\n\ +"sha3_512([data], *, usedforsecurity=True) -> SHA3 object\n\ \n\ Return a new SHA3 hash object with a hashbit length of 64 bytes."); @@ -555,22 +558,22 @@ SHA3_TYPE(SHA3_512type, "_sha3.sha3_512", sha3_512__doc__, SHA3_methods); #ifdef PY_WITH_KECCAK PyDoc_STRVAR(keccak_224__doc__, -"keccak_224([data]) -> Keccak object\n\ +"keccak_224([data], *, usedforsecurity=True) -> Keccak object\n\ \n\ Return a new Keccak hash object with a hashbit length of 28 bytes."); PyDoc_STRVAR(keccak_256__doc__, -"keccak_256([data]) -> Keccak object\n\ +"keccak_256([data], *, usedforsecurity=True) -> Keccak object\n\ \n\ Return a new Keccak hash object with a hashbit length of 32 bytes."); PyDoc_STRVAR(keccak_384__doc__, -"keccak_384([data]) -> Keccak object\n\ +"keccak_384([data], *, usedforsecurity=True) -> Keccak object\n\ \n\ Return a new Keccak hash object with a hashbit length of 48 bytes."); PyDoc_STRVAR(keccak_512__doc__, -"keccak_512([data]) -> Keccak object\n\ +"keccak_512([data], *, usedforsecurity=True) -> Keccak object\n\ \n\ Return a new Keccak hash object with a hashbit length of 64 bytes."); @@ -672,12 +675,12 @@ static PyMethodDef SHAKE_methods[] = { }; PyDoc_STRVAR(shake_128__doc__, -"shake_128([data]) -> SHAKE object\n\ +"shake_128([data], *, usedforsecurity=True) -> SHAKE object\n\ \n\ Return a new SHAKE hash object."); PyDoc_STRVAR(shake_256__doc__, -"shake_256([data]) -> SHAKE object\n\ +"shake_256([data], *, usedforsecurity=True) -> SHAKE object\n\ \n\ Return a new SHAKE hash object."); diff --git a/Modules/clinic/_hashopenssl.c.h b/Modules/clinic/_hashopenssl.c.h index 9aaea47e832..de53e7e196c 100644 --- a/Modules/clinic/_hashopenssl.c.h +++ b/Modules/clinic/_hashopenssl.c.h @@ -66,7 +66,7 @@ PyDoc_STRVAR(EVP_update__doc__, {"update", (PyCFunction)EVP_update, METH_O, EVP_update__doc__}, PyDoc_STRVAR(EVP_new__doc__, -"new($module, /, name, string=b\'\')\n" +"new($module, /, name, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Return a new hash object using the named algorithm.\n" @@ -80,18 +80,20 @@ PyDoc_STRVAR(EVP_new__doc__, {"new", (PyCFunction)(void(*)(void))EVP_new, METH_FASTCALL|METH_KEYWORDS, EVP_new__doc__}, static PyObject * -EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj); +EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj, + int usedforsecurity); static PyObject * EVP_new(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"name", "string", NULL}; + static const char * const _keywords[] = {"name", "string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "new", 0}; - PyObject *argsbuf[2]; + PyObject *argsbuf[3]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 1; PyObject *name_obj; PyObject *data_obj = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 1, 2, 0, argsbuf); if (!args) { @@ -101,16 +103,29 @@ EVP_new(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwn if (!noptargs) { goto skip_optional_pos; } - data_obj = args[1]; + if (args[1]) { + data_obj = args[1]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = EVP_new_impl(module, name_obj, data_obj); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[2]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = EVP_new_impl(module, name_obj, data_obj, usedforsecurity); exit: return return_value; } PyDoc_STRVAR(_hashlib_openssl_md5__doc__, -"openssl_md5($module, /, string=b\'\')\n" +"openssl_md5($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Returns a md5 hash object; optionally initialized with a string"); @@ -119,17 +134,19 @@ PyDoc_STRVAR(_hashlib_openssl_md5__doc__, {"openssl_md5", (PyCFunction)(void(*)(void))_hashlib_openssl_md5, METH_FASTCALL|METH_KEYWORDS, _hashlib_openssl_md5__doc__}, static PyObject * -_hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj); +_hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity); static PyObject * _hashlib_openssl_md5(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "openssl_md5", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *data_obj = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -138,16 +155,29 @@ _hashlib_openssl_md5(PyObject *module, PyObject *const *args, Py_ssize_t nargs, if (!noptargs) { goto skip_optional_pos; } - data_obj = args[0]; + if (args[0]) { + data_obj = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _hashlib_openssl_md5_impl(module, data_obj); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _hashlib_openssl_md5_impl(module, data_obj, usedforsecurity); exit: return return_value; } PyDoc_STRVAR(_hashlib_openssl_sha1__doc__, -"openssl_sha1($module, /, string=b\'\')\n" +"openssl_sha1($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Returns a sha1 hash object; optionally initialized with a string"); @@ -156,17 +186,19 @@ PyDoc_STRVAR(_hashlib_openssl_sha1__doc__, {"openssl_sha1", (PyCFunction)(void(*)(void))_hashlib_openssl_sha1, METH_FASTCALL|METH_KEYWORDS, _hashlib_openssl_sha1__doc__}, static PyObject * -_hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj); +_hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity); static PyObject * _hashlib_openssl_sha1(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "openssl_sha1", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *data_obj = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -175,16 +207,29 @@ _hashlib_openssl_sha1(PyObject *module, PyObject *const *args, Py_ssize_t nargs, if (!noptargs) { goto skip_optional_pos; } - data_obj = args[0]; + if (args[0]) { + data_obj = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _hashlib_openssl_sha1_impl(module, data_obj); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _hashlib_openssl_sha1_impl(module, data_obj, usedforsecurity); exit: return return_value; } PyDoc_STRVAR(_hashlib_openssl_sha224__doc__, -"openssl_sha224($module, /, string=b\'\')\n" +"openssl_sha224($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Returns a sha224 hash object; optionally initialized with a string"); @@ -193,17 +238,19 @@ PyDoc_STRVAR(_hashlib_openssl_sha224__doc__, {"openssl_sha224", (PyCFunction)(void(*)(void))_hashlib_openssl_sha224, METH_FASTCALL|METH_KEYWORDS, _hashlib_openssl_sha224__doc__}, static PyObject * -_hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj); +_hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity); static PyObject * _hashlib_openssl_sha224(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "openssl_sha224", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *data_obj = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -212,16 +259,29 @@ _hashlib_openssl_sha224(PyObject *module, PyObject *const *args, Py_ssize_t narg if (!noptargs) { goto skip_optional_pos; } - data_obj = args[0]; + if (args[0]) { + data_obj = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _hashlib_openssl_sha224_impl(module, data_obj); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _hashlib_openssl_sha224_impl(module, data_obj, usedforsecurity); exit: return return_value; } PyDoc_STRVAR(_hashlib_openssl_sha256__doc__, -"openssl_sha256($module, /, string=b\'\')\n" +"openssl_sha256($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Returns a sha256 hash object; optionally initialized with a string"); @@ -230,17 +290,19 @@ PyDoc_STRVAR(_hashlib_openssl_sha256__doc__, {"openssl_sha256", (PyCFunction)(void(*)(void))_hashlib_openssl_sha256, METH_FASTCALL|METH_KEYWORDS, _hashlib_openssl_sha256__doc__}, static PyObject * -_hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj); +_hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity); static PyObject * _hashlib_openssl_sha256(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "openssl_sha256", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *data_obj = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -249,16 +311,29 @@ _hashlib_openssl_sha256(PyObject *module, PyObject *const *args, Py_ssize_t narg if (!noptargs) { goto skip_optional_pos; } - data_obj = args[0]; + if (args[0]) { + data_obj = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _hashlib_openssl_sha256_impl(module, data_obj); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _hashlib_openssl_sha256_impl(module, data_obj, usedforsecurity); exit: return return_value; } PyDoc_STRVAR(_hashlib_openssl_sha384__doc__, -"openssl_sha384($module, /, string=b\'\')\n" +"openssl_sha384($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Returns a sha384 hash object; optionally initialized with a string"); @@ -267,17 +342,19 @@ PyDoc_STRVAR(_hashlib_openssl_sha384__doc__, {"openssl_sha384", (PyCFunction)(void(*)(void))_hashlib_openssl_sha384, METH_FASTCALL|METH_KEYWORDS, _hashlib_openssl_sha384__doc__}, static PyObject * -_hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj); +_hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity); static PyObject * _hashlib_openssl_sha384(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "openssl_sha384", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *data_obj = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -286,16 +363,29 @@ _hashlib_openssl_sha384(PyObject *module, PyObject *const *args, Py_ssize_t narg if (!noptargs) { goto skip_optional_pos; } - data_obj = args[0]; + if (args[0]) { + data_obj = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _hashlib_openssl_sha384_impl(module, data_obj); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _hashlib_openssl_sha384_impl(module, data_obj, usedforsecurity); exit: return return_value; } PyDoc_STRVAR(_hashlib_openssl_sha512__doc__, -"openssl_sha512($module, /, string=b\'\')\n" +"openssl_sha512($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Returns a sha512 hash object; optionally initialized with a string"); @@ -304,17 +394,19 @@ PyDoc_STRVAR(_hashlib_openssl_sha512__doc__, {"openssl_sha512", (PyCFunction)(void(*)(void))_hashlib_openssl_sha512, METH_FASTCALL|METH_KEYWORDS, _hashlib_openssl_sha512__doc__}, static PyObject * -_hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj); +_hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity); static PyObject * _hashlib_openssl_sha512(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "openssl_sha512", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *data_obj = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -323,9 +415,22 @@ _hashlib_openssl_sha512(PyObject *module, PyObject *const *args, Py_ssize_t narg if (!noptargs) { goto skip_optional_pos; } - data_obj = args[0]; + if (args[0]) { + data_obj = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _hashlib_openssl_sha512_impl(module, data_obj); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _hashlib_openssl_sha512_impl(module, data_obj, usedforsecurity); exit: return return_value; @@ -623,4 +728,4 @@ exit: #ifndef _HASHLIB_SCRYPT_METHODDEF #define _HASHLIB_SCRYPT_METHODDEF #endif /* !defined(_HASHLIB_SCRYPT_METHODDEF) */ -/*[clinic end generated code: output=38c2637f67e9bb79 input=a9049054013a1b77]*/ +/*[clinic end generated code: output=acb22ccddb7043c7 input=a9049054013a1b77]*/ diff --git a/Modules/clinic/md5module.c.h b/Modules/clinic/md5module.c.h index 12484cc0e3d..c109f9efec6 100644 --- a/Modules/clinic/md5module.c.h +++ b/Modules/clinic/md5module.c.h @@ -66,7 +66,7 @@ PyDoc_STRVAR(MD5Type_update__doc__, {"update", (PyCFunction)MD5Type_update, METH_O, MD5Type_update__doc__}, PyDoc_STRVAR(_md5_md5__doc__, -"md5($module, /, string=b\'\')\n" +"md5($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Return a new MD5 hash object; optionally initialized with a string."); @@ -75,17 +75,18 @@ PyDoc_STRVAR(_md5_md5__doc__, {"md5", (PyCFunction)(void(*)(void))_md5_md5, METH_FASTCALL|METH_KEYWORDS, _md5_md5__doc__}, static PyObject * -_md5_md5_impl(PyObject *module, PyObject *string); +_md5_md5_impl(PyObject *module, PyObject *string, int usedforsecurity); static PyObject * _md5_md5(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "md5", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *string = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -94,11 +95,24 @@ _md5_md5(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kw if (!noptargs) { goto skip_optional_pos; } - string = args[0]; + if (args[0]) { + string = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _md5_md5_impl(module, string); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _md5_md5_impl(module, string, usedforsecurity); exit: return return_value; } -/*[clinic end generated code: output=53133f08cf9095fc input=a9049054013a1b77]*/ +/*[clinic end generated code: output=dbe3abc60086f3ef input=a9049054013a1b77]*/ diff --git a/Modules/clinic/sha1module.c.h b/Modules/clinic/sha1module.c.h index 001c6af7378..fc37b1ab880 100644 --- a/Modules/clinic/sha1module.c.h +++ b/Modules/clinic/sha1module.c.h @@ -66,7 +66,7 @@ PyDoc_STRVAR(SHA1Type_update__doc__, {"update", (PyCFunction)SHA1Type_update, METH_O, SHA1Type_update__doc__}, PyDoc_STRVAR(_sha1_sha1__doc__, -"sha1($module, /, string=b\'\')\n" +"sha1($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Return a new SHA1 hash object; optionally initialized with a string."); @@ -75,17 +75,18 @@ PyDoc_STRVAR(_sha1_sha1__doc__, {"sha1", (PyCFunction)(void(*)(void))_sha1_sha1, METH_FASTCALL|METH_KEYWORDS, _sha1_sha1__doc__}, static PyObject * -_sha1_sha1_impl(PyObject *module, PyObject *string); +_sha1_sha1_impl(PyObject *module, PyObject *string, int usedforsecurity); static PyObject * _sha1_sha1(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "sha1", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *string = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -94,11 +95,24 @@ _sha1_sha1(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject * if (!noptargs) { goto skip_optional_pos; } - string = args[0]; + if (args[0]) { + string = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _sha1_sha1_impl(module, string); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _sha1_sha1_impl(module, string, usedforsecurity); exit: return return_value; } -/*[clinic end generated code: output=1ae7e73ec84a27d5 input=a9049054013a1b77]*/ +/*[clinic end generated code: output=3ddd637ae17e14b3 input=a9049054013a1b77]*/ diff --git a/Modules/clinic/sha256module.c.h b/Modules/clinic/sha256module.c.h index 658abb15cf3..2a788ea9849 100644 --- a/Modules/clinic/sha256module.c.h +++ b/Modules/clinic/sha256module.c.h @@ -66,7 +66,7 @@ PyDoc_STRVAR(SHA256Type_update__doc__, {"update", (PyCFunction)SHA256Type_update, METH_O, SHA256Type_update__doc__}, PyDoc_STRVAR(_sha256_sha256__doc__, -"sha256($module, /, string=b\'\')\n" +"sha256($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Return a new SHA-256 hash object; optionally initialized with a string."); @@ -75,17 +75,18 @@ PyDoc_STRVAR(_sha256_sha256__doc__, {"sha256", (PyCFunction)(void(*)(void))_sha256_sha256, METH_FASTCALL|METH_KEYWORDS, _sha256_sha256__doc__}, static PyObject * -_sha256_sha256_impl(PyObject *module, PyObject *string); +_sha256_sha256_impl(PyObject *module, PyObject *string, int usedforsecurity); static PyObject * _sha256_sha256(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "sha256", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *string = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -94,16 +95,29 @@ _sha256_sha256(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObje if (!noptargs) { goto skip_optional_pos; } - string = args[0]; + if (args[0]) { + string = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _sha256_sha256_impl(module, string); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _sha256_sha256_impl(module, string, usedforsecurity); exit: return return_value; } PyDoc_STRVAR(_sha256_sha224__doc__, -"sha224($module, /, string=b\'\')\n" +"sha224($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Return a new SHA-224 hash object; optionally initialized with a string."); @@ -112,17 +126,18 @@ PyDoc_STRVAR(_sha256_sha224__doc__, {"sha224", (PyCFunction)(void(*)(void))_sha256_sha224, METH_FASTCALL|METH_KEYWORDS, _sha256_sha224__doc__}, static PyObject * -_sha256_sha224_impl(PyObject *module, PyObject *string); +_sha256_sha224_impl(PyObject *module, PyObject *string, int usedforsecurity); static PyObject * _sha256_sha224(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "sha224", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *string = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -131,11 +146,24 @@ _sha256_sha224(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObje if (!noptargs) { goto skip_optional_pos; } - string = args[0]; + if (args[0]) { + string = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _sha256_sha224_impl(module, string); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _sha256_sha224_impl(module, string, usedforsecurity); exit: return return_value; } -/*[clinic end generated code: output=c54d0956ec88409d input=a9049054013a1b77]*/ +/*[clinic end generated code: output=c8cca8adbe72ec9a input=a9049054013a1b77]*/ diff --git a/Modules/clinic/sha512module.c.h b/Modules/clinic/sha512module.c.h index 459a9341cfc..b8185b62bb6 100644 --- a/Modules/clinic/sha512module.c.h +++ b/Modules/clinic/sha512module.c.h @@ -66,7 +66,7 @@ PyDoc_STRVAR(SHA512Type_update__doc__, {"update", (PyCFunction)SHA512Type_update, METH_O, SHA512Type_update__doc__}, PyDoc_STRVAR(_sha512_sha512__doc__, -"sha512($module, /, string=b\'\')\n" +"sha512($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Return a new SHA-512 hash object; optionally initialized with a string."); @@ -75,17 +75,18 @@ PyDoc_STRVAR(_sha512_sha512__doc__, {"sha512", (PyCFunction)(void(*)(void))_sha512_sha512, METH_FASTCALL|METH_KEYWORDS, _sha512_sha512__doc__}, static PyObject * -_sha512_sha512_impl(PyObject *module, PyObject *string); +_sha512_sha512_impl(PyObject *module, PyObject *string, int usedforsecurity); static PyObject * _sha512_sha512(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "sha512", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *string = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -94,16 +95,29 @@ _sha512_sha512(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObje if (!noptargs) { goto skip_optional_pos; } - string = args[0]; + if (args[0]) { + string = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _sha512_sha512_impl(module, string); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _sha512_sha512_impl(module, string, usedforsecurity); exit: return return_value; } PyDoc_STRVAR(_sha512_sha384__doc__, -"sha384($module, /, string=b\'\')\n" +"sha384($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Return a new SHA-384 hash object; optionally initialized with a string."); @@ -112,17 +126,18 @@ PyDoc_STRVAR(_sha512_sha384__doc__, {"sha384", (PyCFunction)(void(*)(void))_sha512_sha384, METH_FASTCALL|METH_KEYWORDS, _sha512_sha384__doc__}, static PyObject * -_sha512_sha384_impl(PyObject *module, PyObject *string); +_sha512_sha384_impl(PyObject *module, PyObject *string, int usedforsecurity); static PyObject * _sha512_sha384(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "sha384", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *string = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -131,11 +146,24 @@ _sha512_sha384(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObje if (!noptargs) { goto skip_optional_pos; } - string = args[0]; + if (args[0]) { + string = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _sha512_sha384_impl(module, string); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _sha512_sha384_impl(module, string, usedforsecurity); exit: return return_value; } -/*[clinic end generated code: output=580df4b667084a7e input=a9049054013a1b77]*/ +/*[clinic end generated code: output=bbfa72d8703c82b5 input=a9049054013a1b77]*/ diff --git a/Modules/md5module.c b/Modules/md5module.c index b9a351a8c1c..f2c2d32cbe7 100644 --- a/Modules/md5module.c +++ b/Modules/md5module.c @@ -503,13 +503,15 @@ static PyTypeObject MD5type = { _md5.md5 string: object(c_default="NULL") = b'' + * + usedforsecurity: bool = True Return a new MD5 hash object; optionally initialized with a string. [clinic start generated code]*/ static PyObject * -_md5_md5_impl(PyObject *module, PyObject *string) -/*[clinic end generated code: output=2cfd0f8c091b97e6 input=d12ef8f72d684f7b]*/ +_md5_md5_impl(PyObject *module, PyObject *string, int usedforsecurity) +/*[clinic end generated code: output=587071f76254a4ac input=7a144a1905636985]*/ { MD5object *new; Py_buffer buf; diff --git a/Modules/sha1module.c b/Modules/sha1module.c index ce2ad267e77..4d191c3c488 100644 --- a/Modules/sha1module.c +++ b/Modules/sha1module.c @@ -480,13 +480,15 @@ static PyTypeObject SHA1type = { _sha1.sha1 string: object(c_default="NULL") = b'' + * + usedforsecurity: bool = True Return a new SHA1 hash object; optionally initialized with a string. [clinic start generated code]*/ static PyObject * -_sha1_sha1_impl(PyObject *module, PyObject *string) -/*[clinic end generated code: output=e5982830d1dece51 input=27ea54281d995ec2]*/ +_sha1_sha1_impl(PyObject *module, PyObject *string, int usedforsecurity) +/*[clinic end generated code: output=6f8b3af05126e18e input=bd54b68e2bf36a8a]*/ { SHA1object *new; Py_buffer buf; diff --git a/Modules/sha256module.c b/Modules/sha256module.c index b8d6c4cf800..245f4c04542 100644 --- a/Modules/sha256module.c +++ b/Modules/sha256module.c @@ -601,13 +601,15 @@ static PyTypeObject SHA256type = { _sha256.sha256 string: object(c_default="NULL") = b'' + * + usedforsecurity: bool = True Return a new SHA-256 hash object; optionally initialized with a string. [clinic start generated code]*/ static PyObject * -_sha256_sha256_impl(PyObject *module, PyObject *string) -/*[clinic end generated code: output=fa644436dcea5c31 input=09cce3fb855056b2]*/ +_sha256_sha256_impl(PyObject *module, PyObject *string, int usedforsecurity) +/*[clinic end generated code: output=a1de327e8e1185cf input=9be86301aeb14ea5]*/ { SHAobject *new; Py_buffer buf; @@ -641,13 +643,15 @@ _sha256_sha256_impl(PyObject *module, PyObject *string) _sha256.sha224 string: object(c_default="NULL") = b'' + * + usedforsecurity: bool = True Return a new SHA-224 hash object; optionally initialized with a string. [clinic start generated code]*/ static PyObject * -_sha256_sha224_impl(PyObject *module, PyObject *string) -/*[clinic end generated code: output=21e3ba22c3404f93 input=27a04ba24c353a73]*/ +_sha256_sha224_impl(PyObject *module, PyObject *string, int usedforsecurity) +/*[clinic end generated code: output=08be6b36569bc69c input=9fcfb46e460860ac]*/ { SHAobject *new; Py_buffer buf; diff --git a/Modules/sha512module.c b/Modules/sha512module.c index 98b97917f4c..df4f9d2d741 100644 --- a/Modules/sha512module.c +++ b/Modules/sha512module.c @@ -666,13 +666,15 @@ static PyTypeObject SHA512type = { _sha512.sha512 string: object(c_default="NULL") = b'' + * + usedforsecurity: bool = True Return a new SHA-512 hash object; optionally initialized with a string. [clinic start generated code]*/ static PyObject * -_sha512_sha512_impl(PyObject *module, PyObject *string) -/*[clinic end generated code: output=8b865a2df73bd387 input=e69bad9ae9b6a308]*/ +_sha512_sha512_impl(PyObject *module, PyObject *string, int usedforsecurity) +/*[clinic end generated code: output=a8d9e5f9e6a0831c input=23b4daebc2ebb9c9]*/ { SHAobject *new; Py_buffer buf; @@ -706,13 +708,15 @@ _sha512_sha512_impl(PyObject *module, PyObject *string) _sha512.sha384 string: object(c_default="NULL") = b'' + * + usedforsecurity: bool = True Return a new SHA-384 hash object; optionally initialized with a string. [clinic start generated code]*/ static PyObject * -_sha512_sha384_impl(PyObject *module, PyObject *string) -/*[clinic end generated code: output=ae4b2e26decf81e8 input=c9327788d4ea4545]*/ +_sha512_sha384_impl(PyObject *module, PyObject *string, int usedforsecurity) +/*[clinic end generated code: output=da7d594a08027ac3 input=59ef72f039a6b431]*/ { SHAobject *new; Py_buffer buf;