From 7cad53e6b084435a220e6604010f1fa5778bd0b1 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Fri, 13 Sep 2019 02:30:00 +0200 Subject: [PATCH] bpo-9216: Add usedforsecurity to hashlib constructors (GH-16044) The usedforsecurity keyword only argument added to the hash constructors is useful for FIPS builds and similar restrictive environment with non-technical requirements that legacy algorithms be forbidden by their implementations without being explicitly annotated as not being used for any security related purposes. Linux distros with FIPS support benefit from this being standard rather than making up their own way(s) to do it. Contributed and Signed-off-by: Christian Heimes christian@python.org --- Doc/library/hashlib.rst | 17 +- Lib/test/test_hashlib.py | 9 + Lib/uuid.py | 7 +- .../2019-09-12-14-54-45.bpo-9216.W7QMpC.rst | 2 + Modules/_blake2/blake2b_impl.c | 5 +- Modules/_blake2/blake2s_impl.c | 5 +- Modules/_blake2/clinic/blake2b_impl.c.h | 27 ++- Modules/_blake2/clinic/blake2s_impl.c.h | 27 ++- Modules/_hashopenssl.c | 81 +++++--- Modules/_sha3/clinic/sha3module.c.h | 48 ++++- Modules/_sha3/sha3module.c | 41 ++-- Modules/clinic/_hashopenssl.c.h | 191 ++++++++++++++---- Modules/clinic/md5module.c.h | 28 ++- Modules/clinic/sha1module.c.h | 28 ++- Modules/clinic/sha256module.c.h | 54 +++-- Modules/clinic/sha512module.c.h | 54 +++-- Modules/md5module.c | 6 +- Modules/sha1module.c | 6 +- Modules/sha256module.c | 12 +- Modules/sha512module.c | 12 +- 20 files changed, 495 insertions(+), 165 deletions(-) create mode 100644 Misc/NEWS.d/next/Library/2019-09-12-14-54-45.bpo-9216.W7QMpC.rst diff --git a/Doc/library/hashlib.rst b/Doc/library/hashlib.rst index a16c7cd4d7c..6eb3a7bb4cc 100644 --- a/Doc/library/hashlib.rst +++ b/Doc/library/hashlib.rst @@ -67,7 +67,7 @@ Constructors for hash algorithms that are always present in this module are :func:`sha1`, :func:`sha224`, :func:`sha256`, :func:`sha384`, :func:`sha512`, :func:`blake2b`, and :func:`blake2s`. :func:`md5` is normally available as well, though it -may be missing if you are using a rare "FIPS compliant" build of Python. +may be missing or blocked if you are using a rare "FIPS compliant" build of Python. Additional algorithms may also be available depending upon the OpenSSL library that Python uses on your platform. On most platforms the :func:`sha3_224`, :func:`sha3_256`, :func:`sha3_384`, :func:`sha3_512`, @@ -80,6 +80,13 @@ library that Python uses on your platform. On most platforms the .. versionadded:: 3.6 :func:`blake2b` and :func:`blake2s` were added. +.. versionchanged:: 3.9 + All hashlib constructors take a keyword-only argument *usedforsecurity* + with default value *True*. A false value allows the use of insecure and + blocked hashing algorithms in restricted environments. *False* indicates + that the hashing algorithm is not used in a security context, e.g. as a + non-cryptographic one-way compression function. + For example, to obtain the digest of the byte string ``b'Nobody inspects the spammish repetition'``:: @@ -99,7 +106,7 @@ More condensed: >>> hashlib.sha224(b"Nobody inspects the spammish repetition").hexdigest() 'a4337bc45a8fc544c03f52dc550cd6e1e87021bc896588bd79e901e2' -.. function:: new(name[, data]) +.. function:: new(name[, data], *, usedforsecurity=True) Is a generic constructor that takes the string *name* of the desired algorithm as its first parameter. It also exists to allow access to the @@ -308,11 +315,13 @@ New hash objects are created by calling constructor functions: .. function:: blake2b(data=b'', *, digest_size=64, key=b'', salt=b'', \ person=b'', fanout=1, depth=1, leaf_size=0, node_offset=0, \ - node_depth=0, inner_size=0, last_node=False) + node_depth=0, inner_size=0, last_node=False, \ + usedforsecurity=True) .. function:: blake2s(data=b'', *, digest_size=32, key=b'', salt=b'', \ person=b'', fanout=1, depth=1, leaf_size=0, node_offset=0, \ - node_depth=0, inner_size=0, last_node=False) + node_depth=0, inner_size=0, last_node=False, \ + usedforsecurity=True) These functions return the corresponding hash objects for calculating diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py index b7b04a37f0d..46088e52dc5 100644 --- a/Lib/test/test_hashlib.py +++ b/Lib/test/test_hashlib.py @@ -190,6 +190,15 @@ class HashLibTestCase(unittest.TestCase): self.assertTrue(set(hashlib.algorithms_guaranteed). issubset(hashlib.algorithms_available)) + def test_usedforsecurity(self): + for cons in self.hash_constructors: + cons(usedforsecurity=True) + cons(usedforsecurity=False) + cons(b'', usedforsecurity=True) + cons(b'', usedforsecurity=False) + hashlib.new("sha256", usedforsecurity=True) + hashlib.new("sha256", usedforsecurity=False) + def test_unknown_hash(self): self.assertRaises(ValueError, hashlib.new, 'spam spam spam spam spam') self.assertRaises(TypeError, hashlib.new, 1) diff --git a/Lib/uuid.py b/Lib/uuid.py index 188e16ba14e..5f3bc9e8de4 100644 --- a/Lib/uuid.py +++ b/Lib/uuid.py @@ -772,8 +772,11 @@ def uuid1(node=None, clock_seq=None): def uuid3(namespace, name): """Generate a UUID from the MD5 hash of a namespace UUID and a name.""" from hashlib import md5 - hash = md5(namespace.bytes + bytes(name, "utf-8")).digest() - return UUID(bytes=hash[:16], version=3) + digest = md5( + namespace.bytes + bytes(name, "utf-8"), + usedforsecurity=False + ).digest() + return UUID(bytes=digest[:16], version=3) def uuid4(): """Generate a random UUID.""" diff --git a/Misc/NEWS.d/next/Library/2019-09-12-14-54-45.bpo-9216.W7QMpC.rst b/Misc/NEWS.d/next/Library/2019-09-12-14-54-45.bpo-9216.W7QMpC.rst new file mode 100644 index 00000000000..a97ca4b8b4f --- /dev/null +++ b/Misc/NEWS.d/next/Library/2019-09-12-14-54-45.bpo-9216.W7QMpC.rst @@ -0,0 +1,2 @@ +hashlib constructors now support usedforsecurity flag to signal that a +hashing algorithm is not used in a security context. diff --git a/Modules/_blake2/blake2b_impl.c b/Modules/_blake2/blake2b_impl.c index edab31ea222..88c103f56c4 100644 --- a/Modules/_blake2/blake2b_impl.c +++ b/Modules/_blake2/blake2b_impl.c @@ -81,6 +81,7 @@ _blake2.blake2b.__new__ as py_blake2b_new node_depth: int = 0 inner_size: int = 0 last_node: bool = False + usedforsecurity: bool = True Return a new BLAKE2b hash object. [clinic start generated code]*/ @@ -90,8 +91,8 @@ py_blake2b_new_impl(PyTypeObject *type, PyObject *data, int digest_size, Py_buffer *key, Py_buffer *salt, Py_buffer *person, int fanout, int depth, unsigned long leaf_size, unsigned long long node_offset, int node_depth, - int inner_size, int last_node) -/*[clinic end generated code: output=65e732c66c2297a0 input=82be35a4e6a9daa2]*/ + int inner_size, int last_node, int usedforsecurity) +/*[clinic end generated code: output=32bfd8f043c6896f input=b947312abff46977]*/ { BLAKE2bObject *self = NULL; Py_buffer buf; diff --git a/Modules/_blake2/blake2s_impl.c b/Modules/_blake2/blake2s_impl.c index ef2f7e1980f..c7c7eafdee2 100644 --- a/Modules/_blake2/blake2s_impl.c +++ b/Modules/_blake2/blake2s_impl.c @@ -81,6 +81,7 @@ _blake2.blake2s.__new__ as py_blake2s_new node_depth: int = 0 inner_size: int = 0 last_node: bool = False + usedforsecurity: bool = True Return a new BLAKE2s hash object. [clinic start generated code]*/ @@ -90,8 +91,8 @@ py_blake2s_new_impl(PyTypeObject *type, PyObject *data, int digest_size, Py_buffer *key, Py_buffer *salt, Py_buffer *person, int fanout, int depth, unsigned long leaf_size, unsigned long long node_offset, int node_depth, - int inner_size, int last_node) -/*[clinic end generated code: output=b95806be0514dcf7 input=641c0509debf714d]*/ + int inner_size, int last_node, int usedforsecurity) +/*[clinic end generated code: output=556181f73905c686 input=4dda87723f23abb0]*/ { BLAKE2sObject *self = NULL; Py_buffer buf; diff --git a/Modules/_blake2/clinic/blake2b_impl.c.h b/Modules/_blake2/clinic/blake2b_impl.c.h index cd329c07c99..07258c31c9b 100644 --- a/Modules/_blake2/clinic/blake2b_impl.c.h +++ b/Modules/_blake2/clinic/blake2b_impl.c.h @@ -5,7 +5,8 @@ preserve PyDoc_STRVAR(py_blake2b_new__doc__, "blake2b(data=b\'\', /, *, digest_size=_blake2.blake2b.MAX_DIGEST_SIZE,\n" " key=b\'\', salt=b\'\', person=b\'\', fanout=1, depth=1, leaf_size=0,\n" -" node_offset=0, node_depth=0, inner_size=0, last_node=False)\n" +" node_offset=0, node_depth=0, inner_size=0, last_node=False,\n" +" usedforsecurity=True)\n" "--\n" "\n" "Return a new BLAKE2b hash object."); @@ -15,15 +16,15 @@ py_blake2b_new_impl(PyTypeObject *type, PyObject *data, int digest_size, Py_buffer *key, Py_buffer *salt, Py_buffer *person, int fanout, int depth, unsigned long leaf_size, unsigned long long node_offset, int node_depth, - int inner_size, int last_node); + int inner_size, int last_node, int usedforsecurity); static PyObject * py_blake2b_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"", "digest_size", "key", "salt", "person", "fanout", "depth", "leaf_size", "node_offset", "node_depth", "inner_size", "last_node", NULL}; + static const char * const _keywords[] = {"", "digest_size", "key", "salt", "person", "fanout", "depth", "leaf_size", "node_offset", "node_depth", "inner_size", "last_node", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "blake2b", 0}; - PyObject *argsbuf[12]; + PyObject *argsbuf[13]; PyObject * const *fastargs; Py_ssize_t nargs = PyTuple_GET_SIZE(args); Py_ssize_t noptargs = nargs + (kwargs ? PyDict_GET_SIZE(kwargs) : 0) - 0; @@ -39,6 +40,7 @@ py_blake2b_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) int node_depth = 0; int inner_size = 0; int last_node = 0; + int usedforsecurity = 1; fastargs = _PyArg_UnpackKeywords(_PyTuple_CAST(args)->ob_item, nargs, kwargs, NULL, &_parser, 0, 1, 0, argsbuf); if (!fastargs) { @@ -175,12 +177,21 @@ skip_optional_posonly: goto skip_optional_kwonly; } } - last_node = PyObject_IsTrue(fastargs[11]); - if (last_node < 0) { + if (fastargs[11]) { + last_node = PyObject_IsTrue(fastargs[11]); + if (last_node < 0) { + goto exit; + } + if (!--noptargs) { + goto skip_optional_kwonly; + } + } + usedforsecurity = PyObject_IsTrue(fastargs[12]); + if (usedforsecurity < 0) { goto exit; } skip_optional_kwonly: - return_value = py_blake2b_new_impl(type, data, digest_size, &key, &salt, &person, fanout, depth, leaf_size, node_offset, node_depth, inner_size, last_node); + return_value = py_blake2b_new_impl(type, data, digest_size, &key, &salt, &person, fanout, depth, leaf_size, node_offset, node_depth, inner_size, last_node, usedforsecurity); exit: /* Cleanup for key */ @@ -261,4 +272,4 @@ _blake2_blake2b_hexdigest(BLAKE2bObject *self, PyObject *Py_UNUSED(ignored)) { return _blake2_blake2b_hexdigest_impl(self); } -/*[clinic end generated code: output=cbb625d7f60c288c input=a9049054013a1b77]*/ +/*[clinic end generated code: output=2d6d0fe9aa42a42a input=a9049054013a1b77]*/ diff --git a/Modules/_blake2/clinic/blake2s_impl.c.h b/Modules/_blake2/clinic/blake2s_impl.c.h index 560bd68160b..71c5706fb66 100644 --- a/Modules/_blake2/clinic/blake2s_impl.c.h +++ b/Modules/_blake2/clinic/blake2s_impl.c.h @@ -5,7 +5,8 @@ preserve PyDoc_STRVAR(py_blake2s_new__doc__, "blake2s(data=b\'\', /, *, digest_size=_blake2.blake2s.MAX_DIGEST_SIZE,\n" " key=b\'\', salt=b\'\', person=b\'\', fanout=1, depth=1, leaf_size=0,\n" -" node_offset=0, node_depth=0, inner_size=0, last_node=False)\n" +" node_offset=0, node_depth=0, inner_size=0, last_node=False,\n" +" usedforsecurity=True)\n" "--\n" "\n" "Return a new BLAKE2s hash object."); @@ -15,15 +16,15 @@ py_blake2s_new_impl(PyTypeObject *type, PyObject *data, int digest_size, Py_buffer *key, Py_buffer *salt, Py_buffer *person, int fanout, int depth, unsigned long leaf_size, unsigned long long node_offset, int node_depth, - int inner_size, int last_node); + int inner_size, int last_node, int usedforsecurity); static PyObject * py_blake2s_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"", "digest_size", "key", "salt", "person", "fanout", "depth", "leaf_size", "node_offset", "node_depth", "inner_size", "last_node", NULL}; + static const char * const _keywords[] = {"", "digest_size", "key", "salt", "person", "fanout", "depth", "leaf_size", "node_offset", "node_depth", "inner_size", "last_node", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "blake2s", 0}; - PyObject *argsbuf[12]; + PyObject *argsbuf[13]; PyObject * const *fastargs; Py_ssize_t nargs = PyTuple_GET_SIZE(args); Py_ssize_t noptargs = nargs + (kwargs ? PyDict_GET_SIZE(kwargs) : 0) - 0; @@ -39,6 +40,7 @@ py_blake2s_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) int node_depth = 0; int inner_size = 0; int last_node = 0; + int usedforsecurity = 1; fastargs = _PyArg_UnpackKeywords(_PyTuple_CAST(args)->ob_item, nargs, kwargs, NULL, &_parser, 0, 1, 0, argsbuf); if (!fastargs) { @@ -175,12 +177,21 @@ skip_optional_posonly: goto skip_optional_kwonly; } } - last_node = PyObject_IsTrue(fastargs[11]); - if (last_node < 0) { + if (fastargs[11]) { + last_node = PyObject_IsTrue(fastargs[11]); + if (last_node < 0) { + goto exit; + } + if (!--noptargs) { + goto skip_optional_kwonly; + } + } + usedforsecurity = PyObject_IsTrue(fastargs[12]); + if (usedforsecurity < 0) { goto exit; } skip_optional_kwonly: - return_value = py_blake2s_new_impl(type, data, digest_size, &key, &salt, &person, fanout, depth, leaf_size, node_offset, node_depth, inner_size, last_node); + return_value = py_blake2s_new_impl(type, data, digest_size, &key, &salt, &person, fanout, depth, leaf_size, node_offset, node_depth, inner_size, last_node, usedforsecurity); exit: /* Cleanup for key */ @@ -261,4 +272,4 @@ _blake2_blake2s_hexdigest(BLAKE2sObject *self, PyObject *Py_UNUSED(ignored)) { return _blake2_blake2s_hexdigest_impl(self); } -/*[clinic end generated code: output=39af5a74c8805b36 input=a9049054013a1b77]*/ +/*[clinic end generated code: output=c80d8d06ce40a192 input=a9049054013a1b77]*/ diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c index c685279c7a7..c65c698cbba 100644 --- a/Modules/_hashopenssl.c +++ b/Modules/_hashopenssl.c @@ -405,7 +405,7 @@ static PyTypeObject EVPtype = { static PyObject * EVPnew(const EVP_MD *digest, - const unsigned char *cp, Py_ssize_t len) + const unsigned char *cp, Py_ssize_t len, int usedforsecurity) { int result = 0; EVPobject *self; @@ -418,6 +418,13 @@ EVPnew(const EVP_MD *digest, if ((self = newEVPobject()) == NULL) return NULL; + if (!usedforsecurity) { +#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW + EVP_MD_CTX_set_flags(self->ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); +#endif + } + + if (!EVP_DigestInit(self->ctx, digest)) { _setException(PyExc_ValueError); Py_DECREF(self); @@ -449,6 +456,8 @@ _hashlib.new as EVP_new name as name_obj: object string as data_obj: object(py_default="b''") = NULL + * + usedforsecurity: bool = True Return a new hash object using the named algorithm. @@ -459,8 +468,9 @@ The MD5 and SHA1 algorithms are always supported. [clinic start generated code]*/ static PyObject * -EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj) -/*[clinic end generated code: output=9e7cf664e04b0226 input=1c46e40e0fec91f3]*/ +EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj, + int usedforsecurity) +/*[clinic end generated code: output=ddd5053f92dffe90 input=e9ac115d80962ddf]*/ { Py_buffer view = { 0 }; PyObject *ret_obj; @@ -477,7 +487,9 @@ EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj) digest = EVP_get_digestbyname(name); - ret_obj = EVPnew(digest, (unsigned char*)view.buf, view.len); + ret_obj = EVPnew(digest, + (unsigned char*)view.buf, view.len, + usedforsecurity); if (data_obj) PyBuffer_Release(&view); @@ -485,7 +497,8 @@ EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj) } static PyObject* -EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest) +EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest, + int usedforsecurity) { Py_buffer view = { 0 }; PyObject *ret_obj; @@ -493,7 +506,9 @@ EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest) if (data_obj) GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view); - ret_obj = EVPnew(digest, (unsigned char*)view.buf, view.len); + ret_obj = EVPnew(digest, + (unsigned char*)view.buf, view.len, + usedforsecurity); if (data_obj) PyBuffer_Release(&view); @@ -505,16 +520,19 @@ EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest) _hashlib.openssl_md5 string as data_obj: object(py_default="b''") = NULL + * + usedforsecurity: bool = True Returns a md5 hash object; optionally initialized with a string [clinic start generated code]*/ static PyObject * -_hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj) -/*[clinic end generated code: output=6caae75b73e22c3f input=52010d3869e1b1a7]*/ +_hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity) +/*[clinic end generated code: output=87b0186440a44f8c input=990e36d5e689b16e]*/ { - return EVP_fast_new(module, data_obj, EVP_md5()); + return EVP_fast_new(module, data_obj, EVP_md5(), usedforsecurity); } @@ -522,16 +540,19 @@ _hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj) _hashlib.openssl_sha1 string as data_obj: object(py_default="b''") = NULL + * + usedforsecurity: bool = True Returns a sha1 hash object; optionally initialized with a string [clinic start generated code]*/ static PyObject * -_hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj) -/*[clinic end generated code: output=07606d8f75153e61 input=16807d30e4aa8ae9]*/ +_hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity) +/*[clinic end generated code: output=6813024cf690670d input=948f2f4b6deabc10]*/ { - return EVP_fast_new(module, data_obj, EVP_sha1()); + return EVP_fast_new(module, data_obj, EVP_sha1(), usedforsecurity); } @@ -539,16 +560,19 @@ _hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj) _hashlib.openssl_sha224 string as data_obj: object(py_default="b''") = NULL + * + usedforsecurity: bool = True Returns a sha224 hash object; optionally initialized with a string [clinic start generated code]*/ static PyObject * -_hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj) -/*[clinic end generated code: output=55e848761bcef0c9 input=5dbc2f1d84eb459b]*/ +_hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity) +/*[clinic end generated code: output=a2dfe7cc4eb14ebb input=f9272821fadca505]*/ { - return EVP_fast_new(module, data_obj, EVP_sha224()); + return EVP_fast_new(module, data_obj, EVP_sha224(), usedforsecurity); } @@ -556,16 +580,19 @@ _hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj) _hashlib.openssl_sha256 string as data_obj: object(py_default="b''") = NULL + * + usedforsecurity: bool = True Returns a sha256 hash object; optionally initialized with a string [clinic start generated code]*/ static PyObject * -_hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj) -/*[clinic end generated code: output=05851d7cce34ac65 input=a68a5d21cda5a80f]*/ +_hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity) +/*[clinic end generated code: output=1f874a34870f0a68 input=549fad9d2930d4c5]*/ { - return EVP_fast_new(module, data_obj, EVP_sha256()); + return EVP_fast_new(module, data_obj, EVP_sha256(), usedforsecurity); } @@ -573,16 +600,19 @@ _hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj) _hashlib.openssl_sha384 string as data_obj: object(py_default="b''") = NULL + * + usedforsecurity: bool = True Returns a sha384 hash object; optionally initialized with a string [clinic start generated code]*/ static PyObject * -_hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj) -/*[clinic end generated code: output=5101a4704a932c2f input=6bdfa006622b64ea]*/ +_hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity) +/*[clinic end generated code: output=58529eff9ca457b2 input=48601a6e3bf14ad7]*/ { - return EVP_fast_new(module, data_obj, EVP_sha384()); + return EVP_fast_new(module, data_obj, EVP_sha384(), usedforsecurity); } @@ -590,16 +620,19 @@ _hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj) _hashlib.openssl_sha512 string as data_obj: object(py_default="b''") = NULL + * + usedforsecurity: bool = True Returns a sha512 hash object; optionally initialized with a string [clinic start generated code]*/ static PyObject * -_hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj) -/*[clinic end generated code: output=20c8e63ee560a5cb input=ece50182ad4b76a6]*/ +_hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity) +/*[clinic end generated code: output=2c744c9e4a40d5f6 input=c5c46a2a817aa98f]*/ { - return EVP_fast_new(module, data_obj, EVP_sha512()); + return EVP_fast_new(module, data_obj, EVP_sha512(), usedforsecurity); } diff --git a/Modules/_sha3/clinic/sha3module.c.h b/Modules/_sha3/clinic/sha3module.c.h index 554442df0ec..1c79c269391 100644 --- a/Modules/_sha3/clinic/sha3module.c.h +++ b/Modules/_sha3/clinic/sha3module.c.h @@ -2,6 +2,52 @@ preserve [clinic start generated code]*/ +PyDoc_STRVAR(py_sha3_new__doc__, +"sha3_224(data=b\'\', /, *, usedforsecurity=True)\n" +"--\n" +"\n" +"Return a new BLAKE2b hash object."); + +static PyObject * +py_sha3_new_impl(PyTypeObject *type, PyObject *data, int usedforsecurity); + +static PyObject * +py_sha3_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) +{ + PyObject *return_value = NULL; + static const char * const _keywords[] = {"", "usedforsecurity", NULL}; + static _PyArg_Parser _parser = {NULL, _keywords, "sha3_224", 0}; + PyObject *argsbuf[2]; + PyObject * const *fastargs; + Py_ssize_t nargs = PyTuple_GET_SIZE(args); + Py_ssize_t noptargs = nargs + (kwargs ? PyDict_GET_SIZE(kwargs) : 0) - 0; + PyObject *data = NULL; + int usedforsecurity = 1; + + fastargs = _PyArg_UnpackKeywords(_PyTuple_CAST(args)->ob_item, nargs, kwargs, NULL, &_parser, 0, 1, 0, argsbuf); + if (!fastargs) { + goto exit; + } + if (nargs < 1) { + goto skip_optional_posonly; + } + noptargs--; + data = fastargs[0]; +skip_optional_posonly: + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(fastargs[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = py_sha3_new_impl(type, data, usedforsecurity); + +exit: + return return_value; +} + PyDoc_STRVAR(_sha3_sha3_224_copy__doc__, "copy($self, /)\n" "--\n" @@ -118,4 +164,4 @@ _sha3_shake_128_hexdigest(SHA3object *self, PyObject *arg) exit: return return_value; } -/*[clinic end generated code: output=5b3e99b9a96471e8 input=a9049054013a1b77]*/ +/*[clinic end generated code: output=c8a97b34e80def62 input=a9049054013a1b77]*/ diff --git a/Modules/_sha3/sha3module.c b/Modules/_sha3/sha3module.c index c1fb6185e24..d4ca9a111da 100644 --- a/Modules/_sha3/sha3module.c +++ b/Modules/_sha3/sha3module.c @@ -169,21 +169,24 @@ newSHA3object(PyTypeObject *type) return newobj; } +/*[clinic input] +@classmethod +_sha3.sha3_224.__new__ as py_sha3_new + data: object(c_default="NULL") = b'' + / + * + usedforsecurity: bool = True + +Return a new BLAKE2b hash object. +[clinic start generated code]*/ static PyObject * -py_sha3_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) +py_sha3_new_impl(PyTypeObject *type, PyObject *data, int usedforsecurity) +/*[clinic end generated code: output=90409addc5d5e8b0 input=bcfcdf2e4368347a]*/ { SHA3object *self = NULL; Py_buffer buf = {NULL, NULL}; HashReturn res; - PyObject *data = NULL; - - if (!_PyArg_NoKeywords(_PyType_Name(type), kwargs)) { - return NULL; - } - if (!PyArg_UnpackTuple(args, _PyType_Name(type), 0, 1, &data)) { - return NULL; - } self = newSHA3object(type); if (self == NULL) { @@ -529,22 +532,22 @@ static PyGetSetDef SHA3_getseters[] = { } PyDoc_STRVAR(sha3_224__doc__, -"sha3_224([data]) -> SHA3 object\n\ +"sha3_224([data], *, usedforsecurity=True) -> SHA3 object\n\ \n\ Return a new SHA3 hash object with a hashbit length of 28 bytes."); PyDoc_STRVAR(sha3_256__doc__, -"sha3_256([data]) -> SHA3 object\n\ +"sha3_256([data], *, usedforsecurity=True) -> SHA3 object\n\ \n\ Return a new SHA3 hash object with a hashbit length of 32 bytes."); PyDoc_STRVAR(sha3_384__doc__, -"sha3_384([data]) -> SHA3 object\n\ +"sha3_384([data], *, usedforsecurity=True) -> SHA3 object\n\ \n\ Return a new SHA3 hash object with a hashbit length of 48 bytes."); PyDoc_STRVAR(sha3_512__doc__, -"sha3_512([data]) -> SHA3 object\n\ +"sha3_512([data], *, usedforsecurity=True) -> SHA3 object\n\ \n\ Return a new SHA3 hash object with a hashbit length of 64 bytes."); @@ -555,22 +558,22 @@ SHA3_TYPE(SHA3_512type, "_sha3.sha3_512", sha3_512__doc__, SHA3_methods); #ifdef PY_WITH_KECCAK PyDoc_STRVAR(keccak_224__doc__, -"keccak_224([data]) -> Keccak object\n\ +"keccak_224([data], *, usedforsecurity=True) -> Keccak object\n\ \n\ Return a new Keccak hash object with a hashbit length of 28 bytes."); PyDoc_STRVAR(keccak_256__doc__, -"keccak_256([data]) -> Keccak object\n\ +"keccak_256([data], *, usedforsecurity=True) -> Keccak object\n\ \n\ Return a new Keccak hash object with a hashbit length of 32 bytes."); PyDoc_STRVAR(keccak_384__doc__, -"keccak_384([data]) -> Keccak object\n\ +"keccak_384([data], *, usedforsecurity=True) -> Keccak object\n\ \n\ Return a new Keccak hash object with a hashbit length of 48 bytes."); PyDoc_STRVAR(keccak_512__doc__, -"keccak_512([data]) -> Keccak object\n\ +"keccak_512([data], *, usedforsecurity=True) -> Keccak object\n\ \n\ Return a new Keccak hash object with a hashbit length of 64 bytes."); @@ -672,12 +675,12 @@ static PyMethodDef SHAKE_methods[] = { }; PyDoc_STRVAR(shake_128__doc__, -"shake_128([data]) -> SHAKE object\n\ +"shake_128([data], *, usedforsecurity=True) -> SHAKE object\n\ \n\ Return a new SHAKE hash object."); PyDoc_STRVAR(shake_256__doc__, -"shake_256([data]) -> SHAKE object\n\ +"shake_256([data], *, usedforsecurity=True) -> SHAKE object\n\ \n\ Return a new SHAKE hash object."); diff --git a/Modules/clinic/_hashopenssl.c.h b/Modules/clinic/_hashopenssl.c.h index 9aaea47e832..de53e7e196c 100644 --- a/Modules/clinic/_hashopenssl.c.h +++ b/Modules/clinic/_hashopenssl.c.h @@ -66,7 +66,7 @@ PyDoc_STRVAR(EVP_update__doc__, {"update", (PyCFunction)EVP_update, METH_O, EVP_update__doc__}, PyDoc_STRVAR(EVP_new__doc__, -"new($module, /, name, string=b\'\')\n" +"new($module, /, name, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Return a new hash object using the named algorithm.\n" @@ -80,18 +80,20 @@ PyDoc_STRVAR(EVP_new__doc__, {"new", (PyCFunction)(void(*)(void))EVP_new, METH_FASTCALL|METH_KEYWORDS, EVP_new__doc__}, static PyObject * -EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj); +EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj, + int usedforsecurity); static PyObject * EVP_new(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"name", "string", NULL}; + static const char * const _keywords[] = {"name", "string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "new", 0}; - PyObject *argsbuf[2]; + PyObject *argsbuf[3]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 1; PyObject *name_obj; PyObject *data_obj = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 1, 2, 0, argsbuf); if (!args) { @@ -101,16 +103,29 @@ EVP_new(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwn if (!noptargs) { goto skip_optional_pos; } - data_obj = args[1]; + if (args[1]) { + data_obj = args[1]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = EVP_new_impl(module, name_obj, data_obj); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[2]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = EVP_new_impl(module, name_obj, data_obj, usedforsecurity); exit: return return_value; } PyDoc_STRVAR(_hashlib_openssl_md5__doc__, -"openssl_md5($module, /, string=b\'\')\n" +"openssl_md5($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Returns a md5 hash object; optionally initialized with a string"); @@ -119,17 +134,19 @@ PyDoc_STRVAR(_hashlib_openssl_md5__doc__, {"openssl_md5", (PyCFunction)(void(*)(void))_hashlib_openssl_md5, METH_FASTCALL|METH_KEYWORDS, _hashlib_openssl_md5__doc__}, static PyObject * -_hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj); +_hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity); static PyObject * _hashlib_openssl_md5(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "openssl_md5", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *data_obj = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -138,16 +155,29 @@ _hashlib_openssl_md5(PyObject *module, PyObject *const *args, Py_ssize_t nargs, if (!noptargs) { goto skip_optional_pos; } - data_obj = args[0]; + if (args[0]) { + data_obj = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _hashlib_openssl_md5_impl(module, data_obj); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _hashlib_openssl_md5_impl(module, data_obj, usedforsecurity); exit: return return_value; } PyDoc_STRVAR(_hashlib_openssl_sha1__doc__, -"openssl_sha1($module, /, string=b\'\')\n" +"openssl_sha1($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Returns a sha1 hash object; optionally initialized with a string"); @@ -156,17 +186,19 @@ PyDoc_STRVAR(_hashlib_openssl_sha1__doc__, {"openssl_sha1", (PyCFunction)(void(*)(void))_hashlib_openssl_sha1, METH_FASTCALL|METH_KEYWORDS, _hashlib_openssl_sha1__doc__}, static PyObject * -_hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj); +_hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity); static PyObject * _hashlib_openssl_sha1(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "openssl_sha1", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *data_obj = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -175,16 +207,29 @@ _hashlib_openssl_sha1(PyObject *module, PyObject *const *args, Py_ssize_t nargs, if (!noptargs) { goto skip_optional_pos; } - data_obj = args[0]; + if (args[0]) { + data_obj = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _hashlib_openssl_sha1_impl(module, data_obj); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _hashlib_openssl_sha1_impl(module, data_obj, usedforsecurity); exit: return return_value; } PyDoc_STRVAR(_hashlib_openssl_sha224__doc__, -"openssl_sha224($module, /, string=b\'\')\n" +"openssl_sha224($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Returns a sha224 hash object; optionally initialized with a string"); @@ -193,17 +238,19 @@ PyDoc_STRVAR(_hashlib_openssl_sha224__doc__, {"openssl_sha224", (PyCFunction)(void(*)(void))_hashlib_openssl_sha224, METH_FASTCALL|METH_KEYWORDS, _hashlib_openssl_sha224__doc__}, static PyObject * -_hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj); +_hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity); static PyObject * _hashlib_openssl_sha224(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "openssl_sha224", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *data_obj = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -212,16 +259,29 @@ _hashlib_openssl_sha224(PyObject *module, PyObject *const *args, Py_ssize_t narg if (!noptargs) { goto skip_optional_pos; } - data_obj = args[0]; + if (args[0]) { + data_obj = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _hashlib_openssl_sha224_impl(module, data_obj); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _hashlib_openssl_sha224_impl(module, data_obj, usedforsecurity); exit: return return_value; } PyDoc_STRVAR(_hashlib_openssl_sha256__doc__, -"openssl_sha256($module, /, string=b\'\')\n" +"openssl_sha256($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Returns a sha256 hash object; optionally initialized with a string"); @@ -230,17 +290,19 @@ PyDoc_STRVAR(_hashlib_openssl_sha256__doc__, {"openssl_sha256", (PyCFunction)(void(*)(void))_hashlib_openssl_sha256, METH_FASTCALL|METH_KEYWORDS, _hashlib_openssl_sha256__doc__}, static PyObject * -_hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj); +_hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity); static PyObject * _hashlib_openssl_sha256(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "openssl_sha256", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *data_obj = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -249,16 +311,29 @@ _hashlib_openssl_sha256(PyObject *module, PyObject *const *args, Py_ssize_t narg if (!noptargs) { goto skip_optional_pos; } - data_obj = args[0]; + if (args[0]) { + data_obj = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _hashlib_openssl_sha256_impl(module, data_obj); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _hashlib_openssl_sha256_impl(module, data_obj, usedforsecurity); exit: return return_value; } PyDoc_STRVAR(_hashlib_openssl_sha384__doc__, -"openssl_sha384($module, /, string=b\'\')\n" +"openssl_sha384($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Returns a sha384 hash object; optionally initialized with a string"); @@ -267,17 +342,19 @@ PyDoc_STRVAR(_hashlib_openssl_sha384__doc__, {"openssl_sha384", (PyCFunction)(void(*)(void))_hashlib_openssl_sha384, METH_FASTCALL|METH_KEYWORDS, _hashlib_openssl_sha384__doc__}, static PyObject * -_hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj); +_hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity); static PyObject * _hashlib_openssl_sha384(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "openssl_sha384", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *data_obj = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -286,16 +363,29 @@ _hashlib_openssl_sha384(PyObject *module, PyObject *const *args, Py_ssize_t narg if (!noptargs) { goto skip_optional_pos; } - data_obj = args[0]; + if (args[0]) { + data_obj = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _hashlib_openssl_sha384_impl(module, data_obj); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _hashlib_openssl_sha384_impl(module, data_obj, usedforsecurity); exit: return return_value; } PyDoc_STRVAR(_hashlib_openssl_sha512__doc__, -"openssl_sha512($module, /, string=b\'\')\n" +"openssl_sha512($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Returns a sha512 hash object; optionally initialized with a string"); @@ -304,17 +394,19 @@ PyDoc_STRVAR(_hashlib_openssl_sha512__doc__, {"openssl_sha512", (PyCFunction)(void(*)(void))_hashlib_openssl_sha512, METH_FASTCALL|METH_KEYWORDS, _hashlib_openssl_sha512__doc__}, static PyObject * -_hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj); +_hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj, + int usedforsecurity); static PyObject * _hashlib_openssl_sha512(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "openssl_sha512", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *data_obj = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -323,9 +415,22 @@ _hashlib_openssl_sha512(PyObject *module, PyObject *const *args, Py_ssize_t narg if (!noptargs) { goto skip_optional_pos; } - data_obj = args[0]; + if (args[0]) { + data_obj = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _hashlib_openssl_sha512_impl(module, data_obj); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _hashlib_openssl_sha512_impl(module, data_obj, usedforsecurity); exit: return return_value; @@ -623,4 +728,4 @@ exit: #ifndef _HASHLIB_SCRYPT_METHODDEF #define _HASHLIB_SCRYPT_METHODDEF #endif /* !defined(_HASHLIB_SCRYPT_METHODDEF) */ -/*[clinic end generated code: output=38c2637f67e9bb79 input=a9049054013a1b77]*/ +/*[clinic end generated code: output=acb22ccddb7043c7 input=a9049054013a1b77]*/ diff --git a/Modules/clinic/md5module.c.h b/Modules/clinic/md5module.c.h index 12484cc0e3d..c109f9efec6 100644 --- a/Modules/clinic/md5module.c.h +++ b/Modules/clinic/md5module.c.h @@ -66,7 +66,7 @@ PyDoc_STRVAR(MD5Type_update__doc__, {"update", (PyCFunction)MD5Type_update, METH_O, MD5Type_update__doc__}, PyDoc_STRVAR(_md5_md5__doc__, -"md5($module, /, string=b\'\')\n" +"md5($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Return a new MD5 hash object; optionally initialized with a string."); @@ -75,17 +75,18 @@ PyDoc_STRVAR(_md5_md5__doc__, {"md5", (PyCFunction)(void(*)(void))_md5_md5, METH_FASTCALL|METH_KEYWORDS, _md5_md5__doc__}, static PyObject * -_md5_md5_impl(PyObject *module, PyObject *string); +_md5_md5_impl(PyObject *module, PyObject *string, int usedforsecurity); static PyObject * _md5_md5(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "md5", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *string = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -94,11 +95,24 @@ _md5_md5(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kw if (!noptargs) { goto skip_optional_pos; } - string = args[0]; + if (args[0]) { + string = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _md5_md5_impl(module, string); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _md5_md5_impl(module, string, usedforsecurity); exit: return return_value; } -/*[clinic end generated code: output=53133f08cf9095fc input=a9049054013a1b77]*/ +/*[clinic end generated code: output=dbe3abc60086f3ef input=a9049054013a1b77]*/ diff --git a/Modules/clinic/sha1module.c.h b/Modules/clinic/sha1module.c.h index 001c6af7378..fc37b1ab880 100644 --- a/Modules/clinic/sha1module.c.h +++ b/Modules/clinic/sha1module.c.h @@ -66,7 +66,7 @@ PyDoc_STRVAR(SHA1Type_update__doc__, {"update", (PyCFunction)SHA1Type_update, METH_O, SHA1Type_update__doc__}, PyDoc_STRVAR(_sha1_sha1__doc__, -"sha1($module, /, string=b\'\')\n" +"sha1($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Return a new SHA1 hash object; optionally initialized with a string."); @@ -75,17 +75,18 @@ PyDoc_STRVAR(_sha1_sha1__doc__, {"sha1", (PyCFunction)(void(*)(void))_sha1_sha1, METH_FASTCALL|METH_KEYWORDS, _sha1_sha1__doc__}, static PyObject * -_sha1_sha1_impl(PyObject *module, PyObject *string); +_sha1_sha1_impl(PyObject *module, PyObject *string, int usedforsecurity); static PyObject * _sha1_sha1(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "sha1", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *string = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -94,11 +95,24 @@ _sha1_sha1(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject * if (!noptargs) { goto skip_optional_pos; } - string = args[0]; + if (args[0]) { + string = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _sha1_sha1_impl(module, string); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _sha1_sha1_impl(module, string, usedforsecurity); exit: return return_value; } -/*[clinic end generated code: output=1ae7e73ec84a27d5 input=a9049054013a1b77]*/ +/*[clinic end generated code: output=3ddd637ae17e14b3 input=a9049054013a1b77]*/ diff --git a/Modules/clinic/sha256module.c.h b/Modules/clinic/sha256module.c.h index 658abb15cf3..2a788ea9849 100644 --- a/Modules/clinic/sha256module.c.h +++ b/Modules/clinic/sha256module.c.h @@ -66,7 +66,7 @@ PyDoc_STRVAR(SHA256Type_update__doc__, {"update", (PyCFunction)SHA256Type_update, METH_O, SHA256Type_update__doc__}, PyDoc_STRVAR(_sha256_sha256__doc__, -"sha256($module, /, string=b\'\')\n" +"sha256($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Return a new SHA-256 hash object; optionally initialized with a string."); @@ -75,17 +75,18 @@ PyDoc_STRVAR(_sha256_sha256__doc__, {"sha256", (PyCFunction)(void(*)(void))_sha256_sha256, METH_FASTCALL|METH_KEYWORDS, _sha256_sha256__doc__}, static PyObject * -_sha256_sha256_impl(PyObject *module, PyObject *string); +_sha256_sha256_impl(PyObject *module, PyObject *string, int usedforsecurity); static PyObject * _sha256_sha256(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "sha256", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *string = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -94,16 +95,29 @@ _sha256_sha256(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObje if (!noptargs) { goto skip_optional_pos; } - string = args[0]; + if (args[0]) { + string = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _sha256_sha256_impl(module, string); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _sha256_sha256_impl(module, string, usedforsecurity); exit: return return_value; } PyDoc_STRVAR(_sha256_sha224__doc__, -"sha224($module, /, string=b\'\')\n" +"sha224($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Return a new SHA-224 hash object; optionally initialized with a string."); @@ -112,17 +126,18 @@ PyDoc_STRVAR(_sha256_sha224__doc__, {"sha224", (PyCFunction)(void(*)(void))_sha256_sha224, METH_FASTCALL|METH_KEYWORDS, _sha256_sha224__doc__}, static PyObject * -_sha256_sha224_impl(PyObject *module, PyObject *string); +_sha256_sha224_impl(PyObject *module, PyObject *string, int usedforsecurity); static PyObject * _sha256_sha224(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "sha224", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *string = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -131,11 +146,24 @@ _sha256_sha224(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObje if (!noptargs) { goto skip_optional_pos; } - string = args[0]; + if (args[0]) { + string = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _sha256_sha224_impl(module, string); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _sha256_sha224_impl(module, string, usedforsecurity); exit: return return_value; } -/*[clinic end generated code: output=c54d0956ec88409d input=a9049054013a1b77]*/ +/*[clinic end generated code: output=c8cca8adbe72ec9a input=a9049054013a1b77]*/ diff --git a/Modules/clinic/sha512module.c.h b/Modules/clinic/sha512module.c.h index 459a9341cfc..b8185b62bb6 100644 --- a/Modules/clinic/sha512module.c.h +++ b/Modules/clinic/sha512module.c.h @@ -66,7 +66,7 @@ PyDoc_STRVAR(SHA512Type_update__doc__, {"update", (PyCFunction)SHA512Type_update, METH_O, SHA512Type_update__doc__}, PyDoc_STRVAR(_sha512_sha512__doc__, -"sha512($module, /, string=b\'\')\n" +"sha512($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Return a new SHA-512 hash object; optionally initialized with a string."); @@ -75,17 +75,18 @@ PyDoc_STRVAR(_sha512_sha512__doc__, {"sha512", (PyCFunction)(void(*)(void))_sha512_sha512, METH_FASTCALL|METH_KEYWORDS, _sha512_sha512__doc__}, static PyObject * -_sha512_sha512_impl(PyObject *module, PyObject *string); +_sha512_sha512_impl(PyObject *module, PyObject *string, int usedforsecurity); static PyObject * _sha512_sha512(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "sha512", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *string = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -94,16 +95,29 @@ _sha512_sha512(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObje if (!noptargs) { goto skip_optional_pos; } - string = args[0]; + if (args[0]) { + string = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _sha512_sha512_impl(module, string); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _sha512_sha512_impl(module, string, usedforsecurity); exit: return return_value; } PyDoc_STRVAR(_sha512_sha384__doc__, -"sha384($module, /, string=b\'\')\n" +"sha384($module, /, string=b\'\', *, usedforsecurity=True)\n" "--\n" "\n" "Return a new SHA-384 hash object; optionally initialized with a string."); @@ -112,17 +126,18 @@ PyDoc_STRVAR(_sha512_sha384__doc__, {"sha384", (PyCFunction)(void(*)(void))_sha512_sha384, METH_FASTCALL|METH_KEYWORDS, _sha512_sha384__doc__}, static PyObject * -_sha512_sha384_impl(PyObject *module, PyObject *string); +_sha512_sha384_impl(PyObject *module, PyObject *string, int usedforsecurity); static PyObject * _sha512_sha384(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) { PyObject *return_value = NULL; - static const char * const _keywords[] = {"string", NULL}; + static const char * const _keywords[] = {"string", "usedforsecurity", NULL}; static _PyArg_Parser _parser = {NULL, _keywords, "sha384", 0}; - PyObject *argsbuf[1]; + PyObject *argsbuf[2]; Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0; PyObject *string = NULL; + int usedforsecurity = 1; args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf); if (!args) { @@ -131,11 +146,24 @@ _sha512_sha384(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObje if (!noptargs) { goto skip_optional_pos; } - string = args[0]; + if (args[0]) { + string = args[0]; + if (!--noptargs) { + goto skip_optional_pos; + } + } skip_optional_pos: - return_value = _sha512_sha384_impl(module, string); + if (!noptargs) { + goto skip_optional_kwonly; + } + usedforsecurity = PyObject_IsTrue(args[1]); + if (usedforsecurity < 0) { + goto exit; + } +skip_optional_kwonly: + return_value = _sha512_sha384_impl(module, string, usedforsecurity); exit: return return_value; } -/*[clinic end generated code: output=580df4b667084a7e input=a9049054013a1b77]*/ +/*[clinic end generated code: output=bbfa72d8703c82b5 input=a9049054013a1b77]*/ diff --git a/Modules/md5module.c b/Modules/md5module.c index b9a351a8c1c..f2c2d32cbe7 100644 --- a/Modules/md5module.c +++ b/Modules/md5module.c @@ -503,13 +503,15 @@ static PyTypeObject MD5type = { _md5.md5 string: object(c_default="NULL") = b'' + * + usedforsecurity: bool = True Return a new MD5 hash object; optionally initialized with a string. [clinic start generated code]*/ static PyObject * -_md5_md5_impl(PyObject *module, PyObject *string) -/*[clinic end generated code: output=2cfd0f8c091b97e6 input=d12ef8f72d684f7b]*/ +_md5_md5_impl(PyObject *module, PyObject *string, int usedforsecurity) +/*[clinic end generated code: output=587071f76254a4ac input=7a144a1905636985]*/ { MD5object *new; Py_buffer buf; diff --git a/Modules/sha1module.c b/Modules/sha1module.c index ce2ad267e77..4d191c3c488 100644 --- a/Modules/sha1module.c +++ b/Modules/sha1module.c @@ -480,13 +480,15 @@ static PyTypeObject SHA1type = { _sha1.sha1 string: object(c_default="NULL") = b'' + * + usedforsecurity: bool = True Return a new SHA1 hash object; optionally initialized with a string. [clinic start generated code]*/ static PyObject * -_sha1_sha1_impl(PyObject *module, PyObject *string) -/*[clinic end generated code: output=e5982830d1dece51 input=27ea54281d995ec2]*/ +_sha1_sha1_impl(PyObject *module, PyObject *string, int usedforsecurity) +/*[clinic end generated code: output=6f8b3af05126e18e input=bd54b68e2bf36a8a]*/ { SHA1object *new; Py_buffer buf; diff --git a/Modules/sha256module.c b/Modules/sha256module.c index b8d6c4cf800..245f4c04542 100644 --- a/Modules/sha256module.c +++ b/Modules/sha256module.c @@ -601,13 +601,15 @@ static PyTypeObject SHA256type = { _sha256.sha256 string: object(c_default="NULL") = b'' + * + usedforsecurity: bool = True Return a new SHA-256 hash object; optionally initialized with a string. [clinic start generated code]*/ static PyObject * -_sha256_sha256_impl(PyObject *module, PyObject *string) -/*[clinic end generated code: output=fa644436dcea5c31 input=09cce3fb855056b2]*/ +_sha256_sha256_impl(PyObject *module, PyObject *string, int usedforsecurity) +/*[clinic end generated code: output=a1de327e8e1185cf input=9be86301aeb14ea5]*/ { SHAobject *new; Py_buffer buf; @@ -641,13 +643,15 @@ _sha256_sha256_impl(PyObject *module, PyObject *string) _sha256.sha224 string: object(c_default="NULL") = b'' + * + usedforsecurity: bool = True Return a new SHA-224 hash object; optionally initialized with a string. [clinic start generated code]*/ static PyObject * -_sha256_sha224_impl(PyObject *module, PyObject *string) -/*[clinic end generated code: output=21e3ba22c3404f93 input=27a04ba24c353a73]*/ +_sha256_sha224_impl(PyObject *module, PyObject *string, int usedforsecurity) +/*[clinic end generated code: output=08be6b36569bc69c input=9fcfb46e460860ac]*/ { SHAobject *new; Py_buffer buf; diff --git a/Modules/sha512module.c b/Modules/sha512module.c index 98b97917f4c..df4f9d2d741 100644 --- a/Modules/sha512module.c +++ b/Modules/sha512module.c @@ -666,13 +666,15 @@ static PyTypeObject SHA512type = { _sha512.sha512 string: object(c_default="NULL") = b'' + * + usedforsecurity: bool = True Return a new SHA-512 hash object; optionally initialized with a string. [clinic start generated code]*/ static PyObject * -_sha512_sha512_impl(PyObject *module, PyObject *string) -/*[clinic end generated code: output=8b865a2df73bd387 input=e69bad9ae9b6a308]*/ +_sha512_sha512_impl(PyObject *module, PyObject *string, int usedforsecurity) +/*[clinic end generated code: output=a8d9e5f9e6a0831c input=23b4daebc2ebb9c9]*/ { SHAobject *new; Py_buffer buf; @@ -706,13 +708,15 @@ _sha512_sha512_impl(PyObject *module, PyObject *string) _sha512.sha384 string: object(c_default="NULL") = b'' + * + usedforsecurity: bool = True Return a new SHA-384 hash object; optionally initialized with a string. [clinic start generated code]*/ static PyObject * -_sha512_sha384_impl(PyObject *module, PyObject *string) -/*[clinic end generated code: output=ae4b2e26decf81e8 input=c9327788d4ea4545]*/ +_sha512_sha384_impl(PyObject *module, PyObject *string, int usedforsecurity) +/*[clinic end generated code: output=da7d594a08027ac3 input=59ef72f039a6b431]*/ { SHAobject *new; Py_buffer buf;