This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Port _hashlib to OpenSSL 3.0.0
Type: enhancement Stage: patch review
Components: SSL Versions: Python 3.9, Python 3.8, Python 3.7
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: ZackerySpytz, christian.heimes, gregory.p.smith, miss-islington
Priority: normal Keywords: patch

Created on 2020-05-03 09:23 by christian.heimes, last changed 2022-04-11 14:59 by admin.

Pull Requests
URL Status Linked Edit
PR 19878 closed christian.heimes, 2020-05-03 09:28
PR 20107 merged christian.heimes, 2020-05-15 15:44
PR 20108 merged christian.heimes, 2020-05-15 15:50
PR 20111 merged miss-islington, 2020-05-15 16:48
PR 20112 merged miss-islington, 2020-05-15 16:48
PR 30455 merged christian.heimes, 2022-01-07 14:21
PR 30573 merged miss-islington, 2022-01-13 08:46
PR 30574 merged christian.heimes, 2022-01-13 09:16
PR 30584 merged christian.heimes, 2022-01-13 19:53
PR 30585 merged miss-islington, 2022-01-13 20:47
PR 30586 merged miss-islington, 2022-01-13 20:47
PR 31153 merged ZackerySpytz, 2022-02-06 03:17
PR 31183 merged miss-islington, 2022-02-07 07:41
PR 31184 merged miss-islington, 2022-02-07 07:41
Messages (16)
msg367962 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2020-05-03 09:23
OpenSSL 3.0.0-alpha1 was releases about a week ago. OpenSSL 1.1.x APIs are still functional. However some APIs have been deprecated and FIPS (usedforsecurity flag) is no longer functional.

* One shot HMAC() is deprecated and should be replaced with EVP_MAC API calls
* ERR_func_error_string() is deprecated
* OpenSSL has introduced a new concept of crypto providers (OSSL_PROVIDER), library context (OPENSSL_CTX) and additional flags. A new function EVP_MD_fetch() has been introduced.
* FIPS support has been rewritten and is now shipped with OpenSSL 3.0.0. EVP_MD_CTX_FLAG_NON_FIPS_ALLOW is no longer supported. FIPS state is no longer part of EVP_MD_CTX but of EVP_MD.

See https://wiki.openssl.org/index.php/OpenSSL_3.0
msg368957 - (view) Author: miss-islington (miss-islington) Date: 2020-05-15 16:28
New changeset 16d4e6f6f559b4fd21c9d29fea303489f658674f by Christian Heimes in branch 'master':
bpo-40479: Fix hashlib issue with OpenSSL 3.0.0 (GH-20107)
https://github.com/python/cpython/commit/16d4e6f6f559b4fd21c9d29fea303489f658674f
msg368958 - (view) Author: miss-islington (miss-islington) Date: 2020-05-15 16:48
New changeset 62d618c06bd395308b7163dbcb26c7e6d0922033 by Christian Heimes in branch 'master':
bpo-40479: Test with latest OpenSSL versions (GH-20108)
https://github.com/python/cpython/commit/62d618c06bd395308b7163dbcb26c7e6d0922033
msg368961 - (view) Author: miss-islington (miss-islington) Date: 2020-05-15 17:06
New changeset 5e6b491403d7211588dcd399167f5bc21781c69c by Miss Islington (bot) in branch '3.7':
bpo-40479: Test with latest OpenSSL versions (GH-20108)
https://github.com/python/cpython/commit/5e6b491403d7211588dcd399167f5bc21781c69c
msg368962 - (view) Author: miss-islington (miss-islington) Date: 2020-05-15 17:10
New changeset 5a06cf01ecb6a048fb47c086adc1336f54fe8789 by Miss Islington (bot) in branch '3.8':
bpo-40479: Test with latest OpenSSL versions (GH-20108)
https://github.com/python/cpython/commit/5a06cf01ecb6a048fb47c086adc1336f54fe8789
msg410097 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2022-01-08 12:24
Simple benchmark with openssl-3.0.0-5.el9.x86_64

With custom EVP_MD cache:
$ ./python -m timeit -s "from hashlib import md5" "md5(b'12345678', usedforsecurity=False).digest()"500000 loops, best of 5: 520 nsec per loop
$ ./python -m timeit -s "from hashlib import sha512" "sha512(b'12345678', usedforsecurity=False).digest()"
500000 loops, best of 5: 730 nsec per loop

Without EVP_MD cache:
$ ./python -m timeit -s "from hashlib import md5" "md5(b'', usedforsecurity=False).digest()"
500000 loops, best of 5: 807 nsec per loop
$ ./python -m timeit -s "from hashlib import sha512" "sha512(b'12345678', usedforsecurity=False).digest()"
200000 loops, best of 5: 1.03 usec per loop
msg410471 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2022-01-13 08:46
New changeset 443b308fee088e21bbf472c376c5c9e3648f916c by Christian Heimes in branch 'main':
bpo-40479: Fix hashlib's usedforsecurity for OpenSSL 3.0.0 (GH-30455)
https://github.com/python/cpython/commit/443b308fee088e21bbf472c376c5c9e3648f916c
msg410479 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2022-01-13 09:51
Something went wrong with Miss Islington. 
3ce6945f5f434806eea700eb5ff1bed6d39395e1 / GH-30573 is backport to 3.10.
msg410481 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2022-01-13 10:21
New changeset 4ddd5da2691bea39e36debbc7f53c7cc4f13904e by Christian Heimes in branch '3.9':
[3.9] bpo-40479: Fix hashlib's usedforsecurity for OpenSSL 3.0.0 (GH-30455) (GH-30574)
https://github.com/python/cpython/commit/4ddd5da2691bea39e36debbc7f53c7cc4f13904e
msg410523 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2022-01-13 20:48
New changeset 276c234ce0fa6732237f1b187989837324d9dea3 by Christian Heimes in branch 'main':
bpo-40479: Fix typo, flag must be set for OpenSSL < 3.0.0 (GH-30584)
https://github.com/python/cpython/commit/276c234ce0fa6732237f1b187989837324d9dea3
msg410525 - (view) Author: miss-islington (miss-islington) Date: 2022-01-13 21:08
New changeset 47422a852de14a8ec11d058136c7c864d2cc7fc9 by Miss Islington (bot) in branch '3.10':
[3.10] bpo-40479: Fix typo, flag must be set for OpenSSL < 3.0.0 (GH-30584) (GH-30585)
https://github.com/python/cpython/commit/47422a852de14a8ec11d058136c7c864d2cc7fc9
msg410526 - (view) Author: miss-islington (miss-islington) Date: 2022-01-13 21:19
New changeset 537f16adfa31b5b1fe9d656d571d1e10fb115351 by Miss Islington (bot) in branch '3.9':
bpo-40479: Fix typo, flag must be set for OpenSSL < 3.0.0 (GH-30584)
https://github.com/python/cpython/commit/537f16adfa31b5b1fe9d656d571d1e10fb115351
msg412614 - (view) Author: Zackery Spytz (ZackerySpytz) * (Python triager) Date: 2022-02-06 03:22
There is a missing call to va_end() in 443b308fee088e21bbf472c376c5c9e3648f916c (which is undefined behavior).  PR 31153 fixes this.
msg412715 - (view) Author: miss-islington (miss-islington) Date: 2022-02-07 07:40
New changeset 59e004af63742361b67d1e1ae70229ff0db1059d by Zackery Spytz in branch 'main':
bpo-40479: Fix undefined behavior in Modules/_hashopenssl.c (GH-31153)
https://github.com/python/cpython/commit/59e004af63742361b67d1e1ae70229ff0db1059d
msg412716 - (view) Author: miss-islington (miss-islington) Date: 2022-02-07 08:05
New changeset 3ceff9968be059209f0d7271365f38895207b24d by Miss Islington (bot) in branch '3.10':
bpo-40479: Fix undefined behavior in Modules/_hashopenssl.c (GH-31153)
https://github.com/python/cpython/commit/3ceff9968be059209f0d7271365f38895207b24d
msg412717 - (view) Author: miss-islington (miss-islington) Date: 2022-02-07 08:08
New changeset 0892a0e3ec925ac959bc959b985293b4b96ef863 by Miss Islington (bot) in branch '3.9':
bpo-40479: Fix undefined behavior in Modules/_hashopenssl.c (GH-31153)
https://github.com/python/cpython/commit/0892a0e3ec925ac959bc959b985293b4b96ef863
History
Date User Action Args
2022-04-11 14:59:30adminsetgithub: 84659
2022-02-07 08:08:13miss-islingtonsetmessages: + msg412717
2022-02-07 08:05:39miss-islingtonsetmessages: + msg412716
2022-02-07 07:41:10miss-islingtonsetpull_requests: + pull_request29356
2022-02-07 07:41:05miss-islingtonsetpull_requests: + pull_request29355
2022-02-07 07:40:58miss-islingtonsetmessages: + msg412715
2022-02-06 03:22:19ZackerySpytzsetmessages: + msg412614
2022-02-06 03:17:34ZackerySpytzsetnosy: + ZackerySpytz
pull_requests: + pull_request29330
2022-01-13 21:19:53miss-islingtonsetmessages: + msg410526
2022-01-13 21:08:55miss-islingtonsetmessages: + msg410525
2022-01-13 20:48:12christian.heimessetmessages: + msg410523
2022-01-13 20:47:55miss-islingtonsetpull_requests: + pull_request28784
2022-01-13 20:47:51miss-islingtonsetpull_requests: + pull_request28783
2022-01-13 19:53:45christian.heimessetpull_requests: + pull_request28782
2022-01-13 10:21:14christian.heimessetmessages: + msg410481
2022-01-13 09:51:15christian.heimessetmessages: + msg410479
2022-01-13 09:16:54christian.heimessetpull_requests: + pull_request28774
2022-01-13 08:46:48christian.heimessetmessages: + msg410471
2022-01-13 08:46:48miss-islingtonsetpull_requests: + pull_request28773
2022-01-08 12:24:41christian.heimessetmessages: + msg410097
2022-01-07 14:21:39christian.heimessetpull_requests: + pull_request28659
2021-12-22 10:43:40christian.heimeslinkissue46149 superseder
2020-05-15 17:10:20miss-islingtonsetmessages: + msg368962
2020-05-15 17:06:01miss-islingtonsetmessages: + msg368961
2020-05-15 16:48:51miss-islingtonsetpull_requests: + pull_request19419
2020-05-15 16:48:41miss-islingtonsetpull_requests: + pull_request19418
2020-05-15 16:48:33miss-islingtonsetmessages: + msg368958
2020-05-15 16:28:12miss-islingtonsetnosy: + miss-islington
messages: + msg368957
2020-05-15 15:50:54christian.heimessetpull_requests: + pull_request19415
2020-05-15 15:44:26christian.heimessetpull_requests: + pull_request19414
2020-05-03 09:28:19christian.heimessetkeywords: + patch
stage: patch review
pull_requests: + pull_request19190
2020-05-03 09:23:23christian.heimescreate