bpo-38153: Normalize hashlib algorithm names (GH-16083)

Signed-off-by: Christian Heimes <christian@python.org>
2025-08-04 08:59:19 +00:00 · 2019-09-13 15:31:19 +02:00 · 2019-09-13 15:31:19 +02:00 · 995b5d38e7
commit 995b5d38e7
parent 375a3e2bdb
4 changed files with 179 additions and 32 deletions
--- a/Lib/hashlib.py
+++ b/Lib/hashlib.py
@ -70,37 +70,44 @@ __all__ = __always_supported + ('new', 'algorithms_guaranteed',

 __builtin_constructor_cache = {}

+__block_openssl_constructor = {
+    'sha3_224', 'sha3_256', 'sha3_384', 'sha3_512',
+    'shake_128', 'shake_256',
+    'blake2b', 'blake2s',
+}
+
 def __get_builtin_constructor(name):
    cache = __builtin_constructor_cache
    constructor = cache.get(name)
    if constructor is not None:
        return constructor
    try:
-        if name in ('SHA1', 'sha1'):
+        if name in {'SHA1', 'sha1'}:
            import _sha1
            cache['SHA1'] = cache['sha1'] = _sha1.sha1
-        elif name in ('MD5', 'md5'):
+        elif name in {'MD5', 'md5'}:
            import _md5
            cache['MD5'] = cache['md5'] = _md5.md5
-        elif name in ('SHA256', 'sha256', 'SHA224', 'sha224'):
+        elif name in {'SHA256', 'sha256', 'SHA224', 'sha224'}:
            import _sha256
            cache['SHA224'] = cache['sha224'] = _sha256.sha224
            cache['SHA256'] = cache['sha256'] = _sha256.sha256
-        elif name in ('SHA512', 'sha512', 'SHA384', 'sha384'):
+        elif name in {'SHA512', 'sha512', 'SHA384', 'sha384'}:
            import _sha512
            cache['SHA384'] = cache['sha384'] = _sha512.sha384
            cache['SHA512'] = cache['sha512'] = _sha512.sha512
-        elif name in ('blake2b', 'blake2s'):
+        elif name in {'blake2b', 'blake2s'}:
            import _blake2
            cache['blake2b'] = _blake2.blake2b
            cache['blake2s'] = _blake2.blake2s
-        elif name in {'sha3_224', 'sha3_256', 'sha3_384', 'sha3_512',
-                      'shake_128', 'shake_256'}:
+        elif name in {'sha3_224', 'sha3_256', 'sha3_384', 'sha3_512'}:
            import _sha3
            cache['sha3_224'] = _sha3.sha3_224
            cache['sha3_256'] = _sha3.sha3_256
            cache['sha3_384'] = _sha3.sha3_384
            cache['sha3_512'] = _sha3.sha3_512
+        elif name in {'shake_128', 'shake_256'}:
+            import _sha3
            cache['shake_128'] = _sha3.shake_128
            cache['shake_256'] = _sha3.shake_256
    except ImportError:
@ -114,8 +121,8 @@ def __get_builtin_constructor(name):


 def __get_openssl_constructor(name):
-    if name in {'blake2b', 'blake2s'}:
-        # Prefer our blake2 implementation.
+    if name in __block_openssl_constructor:
+        # Prefer our blake2 and sha3 implementation.
        return __get_builtin_constructor(name)
    try:
        f = getattr(_hashlib, 'openssl_' + name)
@ -140,8 +147,8 @@ def __hash_new(name, data=b'', **kwargs):
    """new(name, data=b'') - Return a new hashing object using the named algorithm;
    optionally initialized with data (which must be a bytes-like object).
    """
-    if name in {'blake2b', 'blake2s'}:
-        # Prefer our blake2 implementation.
+    if name in __block_openssl_constructor:
+        # Prefer our blake2 and sha3 implementation
        # OpenSSL 1.1.0 comes with a limited implementation of blake2b/s.
        # It does neither support keyed blake2 nor advanced features like
        # salt, personal, tree hashing or SSE.