bpo-38153: detect shake independently from sha3 (GH-16143)

XOF digests (SHAKE) are not available in OpenSSL 1.1.0 but SHA3 fixed-length digests are. Signed-off-by: Christian Heimes <christian@python.org>
2019-09-14 17:29:54 +02:00 · 2019-09-14 17:29:54 +02:00 · eb2b0c694a
parent f919054e53
commit eb2b0c694a
1 changed files with 11 additions and 2 deletions
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@ -34,10 +34,14 @@

 #define MUNCH_SIZE INT_MAX

-#if defined(NID_sha3_224) && defined(EVP_MD_FLAG_XOF)
+#ifdef NID_sha3_224
 #define PY_OPENSSL_HAS_SHA3 1
 #endif

+#if defined(EVP_MD_FLAG_XOF) && defined(NID_shake128)
+#define PY_OPENSSL_HAS_SHAKE 1
+#endif
+
 #ifdef NID_blake2b512
 #define PY_OPENSSL_HAS_BLAKE2 1
 #endif
@ -139,6 +143,8 @@ py_digest_name(const EVP_MD *md)
    case NID_sha3_512:
        name ="sha3_512";
        break;
+#endif
+#ifdef PY_OPENSSL_HAS_SHAKE
    case NID_shake128:
        name ="shake_128";
        break;
@ -177,8 +183,9 @@ py_digest_by_name(const char *name)
    /* OpenSSL uses dash instead of underscore in names of some algorithms
     * like SHA3 and SHAKE. Detect different spellings. */
    if (digest == NULL) {
+        if (0) {}
 #ifdef NID_sha512_224
-        if (!strcmp(name, "sha512_224") || !strcmp(name, "SHA512_224")) {
+        else if (!strcmp(name, "sha512_224") || !strcmp(name, "SHA512_224")) {
            digest = EVP_sha512_224();
        }
        else if (!strcmp(name, "sha512_256") || !strcmp(name, "SHA512_256")) {
@ -199,6 +206,8 @@ py_digest_by_name(const char *name)
        else if (!strcmp(name, "sha3_512")) {
            digest = EVP_sha3_512();
        }
+#endif
+#ifdef PY_OPENSSL_HAS_SHAKE
        else if (!strcmp(name, "shake_128")) {
            digest = EVP_shake128();
        }