From eb2b0c694aef6122fdf95015abb24e0d095b6401 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Sat, 14 Sep 2019 17:29:54 +0200 Subject: [PATCH] bpo-38153: detect shake independently from sha3 (GH-16143) XOF digests (SHAKE) are not available in OpenSSL 1.1.0 but SHA3 fixed-length digests are. Signed-off-by: Christian Heimes --- Modules/_hashopenssl.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c index aa91be2f2e3..b86cbd09743 100644 --- a/Modules/_hashopenssl.c +++ b/Modules/_hashopenssl.c @@ -34,10 +34,14 @@ #define MUNCH_SIZE INT_MAX -#if defined(NID_sha3_224) && defined(EVP_MD_FLAG_XOF) +#ifdef NID_sha3_224 #define PY_OPENSSL_HAS_SHA3 1 #endif +#if defined(EVP_MD_FLAG_XOF) && defined(NID_shake128) +#define PY_OPENSSL_HAS_SHAKE 1 +#endif + #ifdef NID_blake2b512 #define PY_OPENSSL_HAS_BLAKE2 1 #endif @@ -139,6 +143,8 @@ py_digest_name(const EVP_MD *md) case NID_sha3_512: name ="sha3_512"; break; +#endif +#ifdef PY_OPENSSL_HAS_SHAKE case NID_shake128: name ="shake_128"; break; @@ -177,8 +183,9 @@ py_digest_by_name(const char *name) /* OpenSSL uses dash instead of underscore in names of some algorithms * like SHA3 and SHAKE. Detect different spellings. */ if (digest == NULL) { + if (0) {} #ifdef NID_sha512_224 - if (!strcmp(name, "sha512_224") || !strcmp(name, "SHA512_224")) { + else if (!strcmp(name, "sha512_224") || !strcmp(name, "SHA512_224")) { digest = EVP_sha512_224(); } else if (!strcmp(name, "sha512_256") || !strcmp(name, "SHA512_256")) { @@ -199,6 +206,8 @@ py_digest_by_name(const char *name) else if (!strcmp(name, "sha3_512")) { digest = EVP_sha3_512(); } +#endif +#ifdef PY_OPENSSL_HAS_SHAKE else if (!strcmp(name, "shake_128")) { digest = EVP_shake128(); }