forked from python/cpython
-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
pythongh-117233: Detect support for several hashes at hashlib build t…
…ime (pythonGH-117234) Detect libcrypto BLAKE2, Shake, SHA3, and Truncated-SHA512 support at hashlib build time ## BLAKE2 While OpenSSL supports both "b" and "s" variants of the BLAKE2 hash function, other cryptographic libraries may lack support for one or both of the variants. This commit modifies `hashlib`'s C code to detect whether or not the linked libcrypto supports each BLAKE2 variant, and elides references to each variant's NID accordingly. In cases where the underlying libcrypto doesn't fully support BLAKE2, CPython's `./configure` script can be given the following flag to use CPython's interned BLAKE2 implementation: `--with-builtin-hashlib-hashes=blake2`. ## SHA3, Shake, & truncated SHA512. Detect BLAKE2, SHA3, Shake, & truncated SHA512 support in the OpenSSL-ish libcrypto library at build time. This helps allow hashlib's `_hashopenssl` to be used with libraries that do not to support every algorithm that upstream OpenSSL does. Such as AWS-LC & BoringSSL. Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
- Loading branch information
1 parent
01a51f9
commit b8eaad3
Showing
2 changed files
with
62 additions
and
10 deletions.
There are no files selected for viewing
3 changes: 3 additions & 0 deletions
3
Misc/NEWS.d/next/Security/2024-03-25-21-25-28.gh-issue-117233.E4CyI_.rst
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
Detect BLAKE2, SHA3, Shake, & truncated SHA512 support in the OpenSSL-ish | ||
libcrypto library at build time. This allows :mod:`hashlib` to be used with | ||
libraries that do not to support every algorithm that upstream OpenSSL does. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters