hashlib.compare_digest uses OpenSSL's CRYPTO_memcmp() function
when OpenSSL is available.
Note: The _operator module is a builtin module. I don't want to add
libcrypto dependency to libpython. Therefore I duplicated the wrapper
function and added a copy to _hashopenssl.c..
(cherry picked from commit db5aed931f)
Co-authored-by: Christian Heimes <christian@python.org>
The internal module ``_hashlib`` wraps and exposes OpenSSL's HMAC API. The
new code will be used in Python 3.10 after the internal implementation
details of the pure Python HMAC module are no longer part of the public API.
The code is based on a patch by Petr Viktorin for RHEL and Python 3.6.
Co-Authored-By: Petr Viktorin <encukou@gmail.com>
Since c64a1a61e6 two assertions were indented and thus ignored when running test_hmac.
This PR fixes it. As the change is quite trivial I didn't add a NEWS entry.
https://bugs.python.org/issue38270
Also updates the documentation to clarify the situation surrounding
the digestmod parameter that is required despite its position in the
argument list as of 3.8.0 as well as removing old python2 era
references to "binary strings".
We indavertently had this raise ValueError in 3.8.0 for the missing
arg. This is not considered an API change as no reasonable code would
be catching this missing argument error in order to handle it.
test_hmac and test_hashlib test built-in hashing implementations and
OpenSSL-based hashing implementations. Add more checks to skip OpenSSL
implementations when a strict crypto policy is active.
Use EVP_DigestInit_ex() instead of EVP_DigestInit() to initialize the
EVP context. The EVP_DigestInit() function clears alls flags and breaks
usedforsecurity flag again.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue38270
Make it easier to run and test Python on systems with restrict crypto policies:
* add requires_hashdigest to test.support to check if a hash digest algorithm is available and working
* avoid MD5 in test_hmac
* replace MD5 with SHA256 in test_tarfile
* mark network tests that require MD5 for MD5-based digest auth or CRAM-MD5
https://bugs.python.org/issue38270
The hmac module now has hmac.digest(), which provides an optimized HMAC
digest for short messages. hmac.digest() is up to three times faster
than hmac.HMAC().digest().
Signed-off-by: Christian Heimes <christian@python.org>
I have compared output between pre- and post-patch runs of these tests
to make sure there's nothing missing and nothing broken, on both
Windows and Linux. The only differences I found were actually tests
that were previously *not* run.
Merged revisions 79534,79537,79539,79558,79606 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r79534 | florent.xicluna | 2010-03-31 23:21:54 +0200 (mer, 31 mar 2010) | 2 lines
Fix test for xml.etree when using a non-ascii path. And use check_warnings instead of catch_warnings.
........
r79537 | florent.xicluna | 2010-03-31 23:40:32 +0200 (mer, 31 mar 2010) | 2 lines
Fix typo
........
r79539 | florent.xicluna | 2010-04-01 00:01:03 +0200 (jeu, 01 avr 2010) | 2 lines
Replace catch_warnings with check_warnings when it makes sense. Use assertRaises context manager to simplify some tests.
........
r79558 | florent.xicluna | 2010-04-01 20:17:09 +0200 (jeu, 01 avr 2010) | 2 lines
#7092: Fix some -3 warnings, and fix Lib/platform.py when the path contains a double-quote.
........
r79606 | florent.xicluna | 2010-04-02 19:26:42 +0200 (ven, 02 avr 2010) | 2 lines
Backport some robotparser test and skip the test if the external resource is not available.
........
svn+ssh://pythondev@svn.python.org/python/trunk
........
r66321 | brett.cannon | 2008-09-08 17:49:16 -0700 (Mon, 08 Sep 2008) | 7 lines
warnings.catch_warnings() now returns a list or None instead of the custom
WarningsRecorder object. This makes the API simpler to use as no special object
must be learned.
Closes issue 3781.
Review by Benjamin Peterson.
........
svn+ssh://pythondev@svn.python.org/python/trunk
........
r61644 | trent.nelson | 2008-03-19 22:51:16 +0100 (Mi, 19 Mär 2008) | 1 line
Force a clean of the tcltk/tcltk64 directories now that we've completely changed the tcl/tk build environment.
........
r61646 | gregory.p.smith | 2008-03-19 23:23:51 +0100 (Mi, 19 Mär 2008) | 2 lines
Improve the error message when the CRCs don't match.
........
r61647 | trent.nelson | 2008-03-19 23:41:10 +0100 (Mi, 19 Mär 2008) | 1 line
Comment out tcltk/tcltk64 removal.
........
r61649 | raymond.hettinger | 2008-03-19 23:47:48 +0100 (Mi, 19 Mär 2008) | 1 line
Remove unnecessary traceback save/restore pair.
........
r61650 | trent.nelson | 2008-03-19 23:51:42 +0100 (Mi, 19 Mär 2008) | 1 line
Bump the SIGALM delay from 3 seconds to 20 seconds, mainly in an effort to see if it fixes the alarm failures in this test experienced by some of the buildbots.
........
r61651 | brett.cannon | 2008-03-20 00:01:17 +0100 (Do, 20 Mär 2008) | 5 lines
Make sure that the warnings filter is not reset or changed beyond the current
running test file.
Closes issue2407. Thanks Jerry Seutter.
........
r61652 | gregory.p.smith | 2008-03-20 00:03:25 +0100 (Do, 20 Mär 2008) | 10 lines
Prevent ioctl op codes from being sign extended from int to unsigned long
when used on platforms that actually define ioctl as taking an unsigned long.
(the BSDs and OS X / Darwin)
Adds a unittest for fcntl.ioctl that tests what happens with both positive and
negative numbers.
This was done because of issue1471 but I'm not able to reproduce -that- problem
in the first place on Linux 32bit or 64bit or OS X 10.4 & 10.5 32bit or 64 bit.
........
r61656 | sean.reifschneider | 2008-03-20 01:46:50 +0100 (Do, 20 Mär 2008) | 2 lines
Issue #2143: Fix embedded readline() hang on SSL socket EOF.
........
r61657 | sean.reifschneider | 2008-03-20 01:50:07 +0100 (Do, 20 Mär 2008) | 2 lines
Forgot to add NEWS item about smtplib SSL readline hang fix.
........
r61658 | trent.nelson | 2008-03-20 01:58:44 +0100 (Do, 20 Mär 2008) | 1 line
Revert r61650; the intent of this commit was to try and address alarm failures on some of the build slaves. As Neal points out, it's called after test_main(), so it's not going to factor into the test when run via regrtest.py (and removes the original functionality that Jeffrey wanted that would kill the test if it took longer than 3 seconds to run when executing it directly during development).
........
r61663 | sean.reifschneider | 2008-03-20 04:20:48 +0100 (Do, 20 Mär 2008) | 2 lines
Issue 2188: Documentation hint about disabling proxy detection.
........
r61665 | gregory.p.smith | 2008-03-20 06:41:53 +0100 (Do, 20 Mär 2008) | 7 lines
Attempt to fix the Solaris Sparc 10 buildbot. It was failing with an invalid
argument error on ioctl. This was caused by the added test_fcntl ioctl test
that hard coded 0 as the fd to use. Without a terminal, this fails on solaris.
(it passed from the command line on sol 10, both 32 and 64 bit)
Also, test_ioctl exists so I moved the test into there where it belongs.
........
r61667 | georg.brandl | 2008-03-20 08:25:55 +0100 (Do, 20 Mär 2008) | 2 lines
#2383: remove obsolete XXX comment in stat.py.
........
svn+ssh://pythondev@svn.python.org/python/trunk
........
r58868 | gregory.p.smith | 2007-11-05 16:19:03 -0800 (Mon, 05 Nov 2007) | 3 lines
Fixes Issue 1385: The hmac module now computes the correct hmac when using
hashes with a block size other than 64 bytes (such as sha384 and sha512).
........
svn+ssh://pythondev@svn.python.org/python/branches/p3yk
................
r55636 | neal.norwitz | 2007-05-29 00:06:39 -0700 (Tue, 29 May 2007) | 149 lines
Merged revisions 55506-55635 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r55507 | georg.brandl | 2007-05-22 07:28:17 -0700 (Tue, 22 May 2007) | 2 lines
Remove the "panel" module doc file which has been ignored since 1994.
........
r55522 | mark.hammond | 2007-05-22 19:04:28 -0700 (Tue, 22 May 2007) | 4 lines
Remove definition of PY_UNICODE_TYPE from pyconfig.h, allowing the
definition in unicodeobject.h to be used, giving us the desired
wchar_t in place of 'unsigned short'. As discussed on python-dev.
........
r55525 | neal.norwitz | 2007-05-22 23:35:32 -0700 (Tue, 22 May 2007) | 6 lines
Add -3 option to the interpreter to warn about features that are
deprecated and will be changed/removed in Python 3.0.
This patch is mostly from Anthony. I tweaked some format and added
a little doc.
........
r55527 | neal.norwitz | 2007-05-22 23:57:35 -0700 (Tue, 22 May 2007) | 1 line
Whitespace cleanup
........
r55528 | neal.norwitz | 2007-05-22 23:58:36 -0700 (Tue, 22 May 2007) | 1 line
Add a bunch more deprecation warnings for builtins that are going away in 3.0
........
r55549 | georg.brandl | 2007-05-24 09:49:29 -0700 (Thu, 24 May 2007) | 2 lines
shlex.split() now has an optional "posix" parameter.
........
r55550 | georg.brandl | 2007-05-24 10:33:33 -0700 (Thu, 24 May 2007) | 2 lines
Fix parameter passing.
........
r55555 | facundo.batista | 2007-05-24 10:50:54 -0700 (Thu, 24 May 2007) | 6 lines
Added an optional timeout parameter to urllib.ftpwrapper, with tests
(for this and a basic one, because there weren't any). Changed also
NEWS, but didn't find documentation for this function, assumed it
wasn't public...
........
r55563 | facundo.batista | 2007-05-24 13:01:59 -0700 (Thu, 24 May 2007) | 4 lines
Removed the .recv() in the test, is not necessary, and was
causing problems that didn't have anything to do with was
actually being tested...
........
r55564 | facundo.batista | 2007-05-24 13:51:19 -0700 (Thu, 24 May 2007) | 5 lines
Let's see if reading exactly what is written allow this live
test to pass (now I know why there were so few tests in ftp,
http, etc, :( ).
........
r55567 | facundo.batista | 2007-05-24 20:10:28 -0700 (Thu, 24 May 2007) | 4 lines
Trying to make the tests work in Windows and Solaris, everywhere
else just works
........
r55568 | facundo.batista | 2007-05-24 20:47:19 -0700 (Thu, 24 May 2007) | 4 lines
Fixing stupid error, and introducing a sleep, to see if the
other thread is awakened and finish sending data.
........
r55569 | facundo.batista | 2007-05-24 21:20:22 -0700 (Thu, 24 May 2007) | 4 lines
Commenting out the tests until find out who can test them in
one of the problematic enviroments.
........
r55570 | neal.norwitz | 2007-05-24 22:13:40 -0700 (Thu, 24 May 2007) | 2 lines
Get test passing again by commenting out the reference to the test class.
........
r55575 | vinay.sajip | 2007-05-25 00:05:59 -0700 (Fri, 25 May 2007) | 1 line
Updated docstring for SysLogHandler (#1720726).
........
r55576 | vinay.sajip | 2007-05-25 00:06:55 -0700 (Fri, 25 May 2007) | 1 line
Updated documentation for SysLogHandler (#1720726).
........
r55592 | brett.cannon | 2007-05-25 13:17:15 -0700 (Fri, 25 May 2007) | 3 lines
Remove direct call's to file's constructor and replace them with calls to
open() as ths is considered best practice.
........
r55601 | kristjan.jonsson | 2007-05-26 12:19:50 -0700 (Sat, 26 May 2007) | 1 line
Remove the rgbimgmodule from PCBuild8
........
r55602 | kristjan.jonsson | 2007-05-26 12:31:39 -0700 (Sat, 26 May 2007) | 1 line
Include <windows.h> after python.h, so that WINNT is properly set before windows.h is included. Fixes warnings in PC builds.
........
r55603 | walter.doerwald | 2007-05-26 14:04:13 -0700 (Sat, 26 May 2007) | 2 lines
Fix typo.
........
r55604 | peter.astrand | 2007-05-26 15:18:20 -0700 (Sat, 26 May 2007) | 1 line
Applied patch 1669481, slightly modified: Support close_fds on Win32
........
r55606 | neal.norwitz | 2007-05-26 21:08:54 -0700 (Sat, 26 May 2007) | 2 lines
Add the new function object attribute names from py3k.
........
r55617 | lars.gustaebel | 2007-05-27 12:49:30 -0700 (Sun, 27 May 2007) | 20 lines
Added errors argument to TarFile class that allows the user to
specify an error handling scheme for character conversion. Additional
scheme "utf-8" in read mode. Unicode input filenames are now
supported by design. The values of the pax_headers dictionary are now
limited to unicode objects.
Fixed: The prefix field is no longer used in PAX_FORMAT (in
conformance with POSIX).
Fixed: In read mode use a possible pax header size field.
Fixed: Strip trailing slashes from pax header name values.
Fixed: Give values in user-specified pax_headers precedence when
writing.
Added unicode tests. Added pax/regtype4 member to testtar.tar all
possible number fields in a pax header.
Added two chapters to the documentation about the different formats
tarfile.py supports and how unicode issues are handled.
........
r55618 | raymond.hettinger | 2007-05-27 22:23:22 -0700 (Sun, 27 May 2007) | 1 line
Explain when groupby() issues a new group.
........
r55634 | martin.v.loewis | 2007-05-28 21:01:29 -0700 (Mon, 28 May 2007) | 2 lines
Test pre-commit hook for a link to a .py file.
........
r55635 | martin.v.loewis | 2007-05-28 21:02:03 -0700 (Mon, 28 May 2007) | 2 lines
Revert 55634.
........
................
r55639 | neal.norwitz | 2007-05-29 00:58:11 -0700 (Tue, 29 May 2007) | 1 line
Remove sys.exc_{type,exc_value,exc_traceback}
................
r55641 | neal.norwitz | 2007-05-29 01:03:50 -0700 (Tue, 29 May 2007) | 1 line
Missed one sys.exc_type. I wonder why exc_{value,traceback} were already gone
................
r55642 | neal.norwitz | 2007-05-29 01:08:33 -0700 (Tue, 29 May 2007) | 1 line
Missed more doc for sys.exc_* attrs.
................
r55643 | neal.norwitz | 2007-05-29 01:18:19 -0700 (Tue, 29 May 2007) | 1 line
Remove sys.exc_clear()
................
r55665 | guido.van.rossum | 2007-05-29 19:45:43 -0700 (Tue, 29 May 2007) | 4 lines
Make None, True, False keywords.
We can now also delete all the other places that explicitly forbid
assignment to None, but I'm not going to bother right now.
................
r55666 | guido.van.rossum | 2007-05-29 20:01:51 -0700 (Tue, 29 May 2007) | 3 lines
Found another place that needs check for forbidden names.
Fixed test_syntax.py accordingly (it helped me find that one).
................
r55668 | guido.van.rossum | 2007-05-29 20:41:48 -0700 (Tue, 29 May 2007) | 2 lines
Mark None, True, False as keywords.
................
r55673 | neal.norwitz | 2007-05-29 23:28:25 -0700 (Tue, 29 May 2007) | 3 lines
Get the dis module working on modules again after changing dicts
to not return lists and also new-style classes. Add a test.
................
r55674 | neal.norwitz | 2007-05-29 23:35:45 -0700 (Tue, 29 May 2007) | 1 line
Umm, it helps to add the module that the test uses
................
r55675 | neal.norwitz | 2007-05-29 23:53:05 -0700 (Tue, 29 May 2007) | 4 lines
Try to fix up all the other places that were assigning to True/False.
There's at least one more problem in test.test_xmlrpc. I have other
changes in that file and that should be fixed soon (I hope).
................
r55679 | neal.norwitz | 2007-05-30 00:31:55 -0700 (Wed, 30 May 2007) | 1 line
Fix up another place that was assigning to True/False.
................
r55688 | brett.cannon | 2007-05-30 14:19:47 -0700 (Wed, 30 May 2007) | 2 lines
Ditch MimeWriter.
................
r55692 | brett.cannon | 2007-05-30 14:52:00 -0700 (Wed, 30 May 2007) | 2 lines
Remove the mimify module.
................
r55707 | guido.van.rossum | 2007-05-31 05:08:45 -0700 (Thu, 31 May 2007) | 2 lines
Backport the addition of show_code() to dis.py -- it's too handy.
................
r55708 | guido.van.rossum | 2007-05-31 06:22:57 -0700 (Thu, 31 May 2007) | 7 lines
Fix a fairly long-standing bug in the check for assignment to None (and other
keywords, these days). In 2.5, you could write foo(None=1) without getting
a SyntaxError (although foo()'s definition would have to use **kwds to avoid
getting a runtime error complaining about an unknown keyword of course).
This ought to be backported to 2.5.2 or at least 2.6.
................
r55724 | brett.cannon | 2007-05-31 19:32:41 -0700 (Thu, 31 May 2007) | 2 lines
Remove the cfmfile.
................
r55727 | neal.norwitz | 2007-05-31 22:19:44 -0700 (Thu, 31 May 2007) | 1 line
Remove reload() builtin.
................
r55729 | neal.norwitz | 2007-05-31 22:51:30 -0700 (Thu, 31 May 2007) | 59 lines
Merged revisions 55636-55728 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r55637 | georg.brandl | 2007-05-29 00:16:47 -0700 (Tue, 29 May 2007) | 2 lines
Fix rst markup.
........
r55638 | neal.norwitz | 2007-05-29 00:51:39 -0700 (Tue, 29 May 2007) | 1 line
Fix typo in doc
........
r55671 | neal.norwitz | 2007-05-29 21:53:41 -0700 (Tue, 29 May 2007) | 1 line
Fix indentation (whitespace only).
........
r55676 | thomas.heller | 2007-05-29 23:58:30 -0700 (Tue, 29 May 2007) | 1 line
Fix compiler warnings.
........
r55677 | thomas.heller | 2007-05-30 00:01:25 -0700 (Wed, 30 May 2007) | 2 lines
Correct the name of a field in the WIN32_FIND_DATAA and WIN32_FIND_DATAW structures.
Closes bug #1726026.
........
r55686 | brett.cannon | 2007-05-30 13:46:26 -0700 (Wed, 30 May 2007) | 2 lines
Have MimeWriter raise a DeprecationWarning as per PEP 4 and its documentation.
........
r55690 | brett.cannon | 2007-05-30 14:48:58 -0700 (Wed, 30 May 2007) | 3 lines
Have mimify raise a DeprecationWarning. The docs and PEP 4 have listed the
module as deprecated for a while.
........
r55696 | brett.cannon | 2007-05-30 15:24:28 -0700 (Wed, 30 May 2007) | 2 lines
Have md5 raise a DeprecationWarning as per PEP 4.
........
r55705 | neal.norwitz | 2007-05-30 21:14:22 -0700 (Wed, 30 May 2007) | 1 line
Add some spaces in the example code.
........
r55716 | brett.cannon | 2007-05-31 12:20:00 -0700 (Thu, 31 May 2007) | 2 lines
Have the sha module raise a DeprecationWarning as specified in PEP 4.
........
r55719 | brett.cannon | 2007-05-31 12:40:42 -0700 (Thu, 31 May 2007) | 2 lines
Cause buildtools to raise a DeprecationWarning.
........
r55721 | brett.cannon | 2007-05-31 13:01:11 -0700 (Thu, 31 May 2007) | 2 lines
Have cfmfile raise a DeprecationWarning as per PEP 4.
........
r55726 | neal.norwitz | 2007-05-31 21:56:47 -0700 (Thu, 31 May 2007) | 1 line
Mail if there is an installation failure.
........
................
r55730 | neal.norwitz | 2007-05-31 23:22:07 -0700 (Thu, 31 May 2007) | 2 lines
Remove the code that was missed in rev 55303.
................
r55738 | neal.norwitz | 2007-06-01 19:10:43 -0700 (Fri, 01 Jun 2007) | 1 line
Fix doc breakage
................
r55741 | neal.norwitz | 2007-06-02 00:41:58 -0700 (Sat, 02 Jun 2007) | 1 line
Remove timing module (plus some remnants of other modules).
................
r55742 | neal.norwitz | 2007-06-02 00:51:44 -0700 (Sat, 02 Jun 2007) | 1 line
Remove posixfile module (plus some remnants of other modules).
................
r55744 | neal.norwitz | 2007-06-02 10:18:56 -0700 (Sat, 02 Jun 2007) | 1 line
Fix doc breakage.
................
r55745 | neal.norwitz | 2007-06-02 11:32:16 -0700 (Sat, 02 Jun 2007) | 1 line
Make a whatsnew 3.0 template.
................
r55754 | neal.norwitz | 2007-06-03 23:24:18 -0700 (Sun, 03 Jun 2007) | 1 line
SF #1730441, os._execvpe raises UnboundLocal due to new try/except semantics
................
r55755 | neal.norwitz | 2007-06-03 23:26:00 -0700 (Sun, 03 Jun 2007) | 1 line
Get rid of extra whitespace
................
r55794 | guido.van.rossum | 2007-06-06 15:29:22 -0700 (Wed, 06 Jun 2007) | 3 lines
Make this compile in GCC 2.96, which does not allow interspersing
declarations and code.
................
A new hashlib module to replace the md5 and sha modules. It adds
support for additional secure hashes such as SHA-256 and SHA-512. The
hashlib module uses OpenSSL for fast platform optimized
implementations of algorithms when available. The old md5 and sha
modules still exist as wrappers around hashlib to preserve backwards
compatibility.
and test_support.run_classtests() into run_unittest()
and use it wherever possible.
Also don't use "from test.test_support import ...", but
"from test import test_support" in a few spots.
From SF patch #662807.
imports e.g. test_support must do so using an absolute package name
such as "import test.test_support" or "from test import test_support".
This also updates the README in Lib/test, and gets rid of the
duplicate data dirctory in Lib/test/data (replaced by
Lib/email/test/data).
Now Tim and Jack can have at it. :)