mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-10-09 00:22:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 17

bpo-47101: list only activated algorithms in hashlib.algorithms_available (GH-32076)

Browse source
This commit is contained in:
Christian Heimes 2022-03-23 22:30:05 +02:00 committed by GitHub
parent c62b944dfc
commit 48e2010d92
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 20 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Lib/test/test_hashlib.py
View file

@ -223,6 +223,10 @@ class HashLibTestCase(unittest.TestCase):
def test_algorithms_available(self): def test_algorithms_available(self):
self.assertTrue(set(hashlib.algorithms_guaranteed). self.assertTrue(set(hashlib.algorithms_guaranteed).
issubset(hashlib.algorithms_available)) issubset(hashlib.algorithms_available))
# all available algorithms must be loadable, bpo-47101
self.assertNotIn("undefined", hashlib.algorithms_available)
for name in hashlib.algorithms_available:
digest = hashlib.new(name, usedforsecurity=False)
def test_usedforsecurity_true(self): def test_usedforsecurity_true(self):
hashlib.new("sha256", usedforsecurity=True) hashlib.new("sha256", usedforsecurity=True)

4
Misc/NEWS.d/next/Library/2022-03-23-15-31-02.bpo-47101.rVSld-.rst Normal file
View file

@ -0,0 +1,4 @@
:const:`hashlib.algorithms_available` now lists only algorithms that are
provided by activated crypto providers on OpenSSL 3.0. Legacy algorithms are
not listed unless the legacy provider has been loaded into the default
OSSL context.

13
Modules/_hashopenssl.c
View file

@ -1836,15 +1836,21 @@ typedef struct _internal_name_mapper_state {
/* A callback function to pass to OpenSSL's OBJ_NAME_do_all(...) */ /* A callback function to pass to OpenSSL's OBJ_NAME_do_all(...) */
static void static void
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
_openssl_hash_name_mapper(EVP_MD *md, void *arg)
#else
_openssl_hash_name_mapper(const EVP_MD *md, const char *from, _openssl_hash_name_mapper(const EVP_MD *md, const char *from,
const char *to, void *arg) const char *to, void *arg)
#endif
{ {
_InternalNameMapperState *state = (_InternalNameMapperState *)arg; _InternalNameMapperState *state = (_InternalNameMapperState *)arg;
PyObject *py_name; PyObject *py_name;
assert(state != NULL); assert(state != NULL);
if (md == NULL) // ignore all undefined providers
if ((md == NULL) || (EVP_MD_nid(md) == NID_undef)) {
return; return;
}
py_name = py_digest_name(md); py_name = py_digest_name(md);
if (py_name == NULL) { if (py_name == NULL) {
@ -1870,7 +1876,12 @@ hashlib_md_meth_names(PyObject *module)
return -1; return -1;
} }
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
// get algorithms from all activated providers in default context
EVP_MD_do_all_provided(NULL, &_openssl_hash_name_mapper, &state);
#else
EVP_MD_do_all(&_openssl_hash_name_mapper, &state); EVP_MD_do_all(&_openssl_hash_name_mapper, &state);
#endif
if (state.error) { if (state.error) {
Py_DECREF(state.set); Py_DECREF(state.set);