diff options
| author |   Matti Picus <matti.picus@gmail.com> | 2022-05-16 22:04:38 +0300 |
|---|---|---|
| committer |   Michał Górny <mgorny@gentoo.org> | 2022-05-17 09:31:30 +0200 |
| commit | b7b63edf88a7f97c9ae404964833a8088d511771 (patch) | |
| tree | 307128a925f333b63fdc4572d8b8626e476977ce | |
| parent | merge py3.8 (diff) | |
| download | pypy-gentoo-3.9-7.3.9_p1.tar.gz pypy-gentoo-3.9-7.3.9_p1.tar.bz2 pypy-gentoo-3.9-7.3.9_p1.zip | |
merge py3.8gentoo-3.9-7.3.9_p1
commit e2ce39f3ebb5a61c70a7fb55444fe2ea99612cfb
Author: Matti Picus <matti.picus@gmail.com>
Date: 2022-05-16 21:02:23 +0200
use EVP_MD_do_all_provided on OpenSSL3 to list only supported algorithms in hashlib.algorithms_available (BPO-47101) (issue 3741)
| -rw-r--r-- | lib_pypy/_cffi_ssl/_cffi_src/build_openssl.py | 2 | ||||
| -rw-r--r-- | lib_pypy/_cffi_ssl/_cffi_src/openssl/evp.py | 6 | ||||
| -rw-r--r-- | lib_pypy/_hashlib/__init__.py | 31 |
3 files changed, 30 insertions, 9 deletions
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/build_openssl.py b/lib_pypy/_cffi_ssl/_cffi_src/build_openssl.py index 456b869260..e06af80c02 100644 --- a/lib_pypy/_cffi_ssl/_cffi_src/build_openssl.py +++ b/lib_pypy/_cffi_ssl/_cffi_src/build_openssl.py @@ -59,6 +59,8 @@ ffi = build_ffi_for_binding( # This goes first so we can define some cryptography-wide symbols. "cryptography", + # Provider comes early as well so we define OSSL_LIB_CTX + "provider", "aes", "asn1", "bignum", diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/evp.py b/lib_pypy/_cffi_ssl/_cffi_src/openssl/evp.py index 4552505f18..04a4b15af2 100644 --- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/evp.py +++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/evp.py @@ -63,9 +63,9 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *, unsigned char *, size_t); const EVP_MD *EVP_get_digestbyname(const char *); int EVP_MD_size(const EVP_MD *); void EVP_MD_do_all(void (*) (const EVP_MD *, const char *, const char *, void *), void *); +void EVP_MD_do_all_provided(OSSL_LIB_CTX *, void (*)(EVP_MD *, void *), void *); int EVP_MD_nid(const EVP_MD *); - EVP_PKEY *EVP_PKEY_new(void); void EVP_PKEY_free(EVP_PKEY *); int EVP_PKEY_type(int); @@ -210,6 +210,10 @@ int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, const unsigned char *, size_t) = NULL; #endif +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_300 +void (*EVP_MD_do_all_provided)(OSSL_LIB_CTX *, void (*)(EVP_MD *, void *), void *) = NULL; +#endif + #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 0; static const long Cryptography_HAS_RAW_KEY = 0; diff --git a/lib_pypy/_hashlib/__init__.py b/lib_pypy/_hashlib/__init__.py index a099cc05bb..73e55b6778 100644 --- a/lib_pypy/_hashlib/__init__.py +++ b/lib_pypy/_hashlib/__init__.py @@ -144,7 +144,11 @@ class NameFetcher: def _fetch_names(): name_fetcher = NameFetcher() handle = ffi.new_handle(name_fetcher) - lib.EVP_MD_do_all(hash_name_mapper_callback, handle) + if lib.OPENSSL_VERSION_NUMBER >= int(0x30000000): + lib.EVP_MD_do_all_provided(ffi.cast("OSSL_LIB_CTX*", 0), + _openssl_hash_name_mapper, handle) + else: + lib.EVP_MD_do_all(_openssl_hash_name_mapper, handle) if name_fetcher.error: raise name_fetcher.error meth_names = name_fetcher.meth_names @@ -153,17 +157,28 @@ def _fetch_names(): name_mapping = { 'blake2s256': 'blake2s', - 'blake2b512': 'blake2b' + 'blake2b512': 'blake2b', + 'shake128': 'shake_128', + 'shake256': 'shake_256', } -@ffi.callback("void(EVP_MD*, const char *, const char *, void*)") -def hash_name_mapper_callback(evp_md, from_name, to_name, userdata): +if lib.OPENSSL_VERSION_NUMBER >= int(0x30000000): + @ffi.callback("void(EVP_MD*, void*)") + def _openssl_hash_name_mapper(evp_md, userdata): + return __openssl_hash_name_mapper(evp_md, userdata) + +else: + @ffi.callback("void(EVP_MD*, const char *, const char *, void*)") + def _openssl_hash_name_mapper(evp_md, from_name, to_name, userdata): + return __openssl_hash_name_mapper(evp_md, userdata) + +def __openssl_hash_name_mapper(evp_md, userdata): if not evp_md: return - # Ignore aliased names, they pollute the list and OpenSSL appears - # to have a its own definition of alias as the resulting list - # still contains duplicate and alternate names for several - # algorithms. + nid = lib.EVP_MD_nid(evp_md) + if nid == lib.NID_undef: + return + from_name = lib.OBJ_nid2ln(nid) lowered = _str_from_buf(from_name).lower().replace('-', '_') name = name_mapping.get(lowered, lowered) if name in ('blake2b512', 'sha3-512'): |