git.ipfire.org Git - thirdparty/Python/cpython.git/commit

[3.12] gh-117233: Detect support for several hashes at hashlib build time (GH-117234) (#117767)

gh-117233: Detect support for several hashes at hashlib build time (GH-117234)

Detect libcrypto BLAKE2, Shake, SHA3, and Truncated-SHA512 support at hashlib build time

GH-GH- BLAKE2

While OpenSSL supports both "b" and "s" variants of the BLAKE2 hash
function, other cryptographic libraries may lack support for one or both
of the variants. This commit modifies `hashlib`'s C code to detect
whether or not the linked libcrypto supports each BLAKE2 variant, and
elides references to each variant's NID accordingly. In cases where the
underlying libcrypto doesn't fully support BLAKE2, CPython's
`./configure` script can be given the following flag to use CPython's
interned BLAKE2 implementation: `--with-builtin-hashlib-hashes=blake2`.

GH-GH- SHA3, Shake, & truncated SHA512.

Detect BLAKE2, SHA3, Shake, & truncated SHA512 support in the
OpenSSL-ish libcrypto library at build time. This helps allow hashlib's
`_hashopenssl` to be used with libraries that do not to support every
algorithm that upstream OpenSSL does. Such as AWS-LC & BoringSSL.

(cherry picked from commit b8eaad30090b46f115dfed23266305b6546fb364)

Co-authored-by: Will Childs-Klein <willck93@gmail.com>
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Thu, 11 Apr 2024 18:36:31 +0000 (20:36 +0200)
committer	GitHub <noreply@github.com>
	Thu, 11 Apr 2024 18:36:31 +0000 (18:36 +0000)
commit	9376a9f0d85d0e7cd54f5aa010ff057700916c93
tree	622e0b56503f648bb3cf8ac2b974d0dd1e1e297e	tree \| snapshot
parent	84fb531fc2323cf3196366c3d0fbc0f43df99045	commit \| diff

Misc/NEWS.d/next/Security/2024-03-25-21-25-28.gh-issue-117233.E4CyI_.rst	[new file with mode: 0644]	blob
Modules/_hashopenssl.c		diff \| blob \| blame \| history