@ -1,4 +1,4 @@
From d307f5706434e0cb445fb48291852bd7ec46ddbd Mon Sep 17 00:00:00 2001
From 11deb3112bd90bc2dce2fcd4a1f5975c08b91360 Mon Sep 17 00:00:00 2001
From: Charalampos Stratakis <cstratak@redhat.com>
Date: Thu, 12 Dec 2019 16:58:31 +0100
Subject: [PATCH 1/5] Expose blake2b and blake2s hashes from OpenSSL
@ -29,10 +29,10 @@ index 73d758a..5921360 100644
computed = m.hexdigest() if not shake else m.hexdigest(length)
self.assertEqual(
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
index af6d1b2..980712f 100644
index 2998820..b96001e 100644
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -1 079,6 +1079 ,41 @@ _hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj,
@@ -1 128,6 +1128 ,41 @@ _hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj,
}
@ -74,7 +74,7 @@ index af6d1b2..980712f 100644
#ifdef PY_OPENSSL_HAS_SHA3
/*[clinic input]
@@ -2 067,6 +2102 ,8 @@ static struct PyMethodDef EVP_functions[] = {
@@ -2 116,6 +2151 ,8 @@ static struct PyMethodDef EVP_functions[] = {
_HASHLIB_OPENSSL_SHA256_METHODDEF
_HASHLIB_OPENSSL_SHA384_METHODDEF
_HASHLIB_OPENSSL_SHA512_METHODDEF
@ -84,7 +84,7 @@ index af6d1b2..980712f 100644
_HASHLIB_OPENSSL_SHA3_256_METHODDEF
_HASHLIB_OPENSSL_SHA3_384_METHODDEF
diff --git a/Modules/clinic/_hashopenssl.c.h b/Modules/clinic/_hashopenssl.c.h
index fb61a44..1e42b87 100644
index 84e2346..7fe03a3 100644
--- a/Modules/clinic/_hashopenssl.c.h
+++ b/Modules/clinic/_hashopenssl.c.h
@@ -743,6 +743,156 @@ exit:
@ -248,13 +248,13 @@ index fb61a44..1e42b87 100644
#ifndef _HASHLIB_SCRYPT_METHODDEF
#define _HASHLIB_SCRYPT_METHODDEF
#endif /* !defined(_HASHLIB_SCRYPT_METHODDEF) */
-/*[clinic end generated code: output= b339e255db698147 input=a9049054013a1b77]*/
+/*[clinic end generated code: output= 1d988d457a8beebe input=a9049054013a1b77]*/
-/*[clinic end generated code: output= 4734184f6555dc95 input=a9049054013a1b77]*/
+/*[clinic end generated code: output= f0bfddb963a21208 input=a9049054013a1b77]*/
--
2.45.0
2.47.1
From c247ff164269fb68236a79a1359cc37c1a8a0004 Mon Sep 17 00:00:00 2001
From ea9d5c84e25b5c04c2823e1edee4354dd6b2b7a5 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Thu, 25 Jul 2019 17:19:06 +0200
Subject: [PATCH 2/5] Disable Python's hash implementations in FIPS mode,
@ -445,10 +445,10 @@ index a8bad9d..1b1d937 100644
+ if (_Py_hashlib_fips_error(exc, name)) return NULL; \
+} while (0)
diff --git a/configure.ac b/configure.ac
index 384718d..c4a1198 100644
index 9270b5f..a9eb2c9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -74 45,7 +7445 ,8 @@ PY_STDLIB_MOD([_sha2],
@@ -74 82,7 +7482 ,8 @@ PY_STDLIB_MOD([_sha2],
PY_STDLIB_MOD([_sha3], [test "$with_builtin_sha3" = yes])
PY_STDLIB_MOD([_blake2],
[test "$with_builtin_blake2" = yes], [],
@ -459,10 +459,10 @@ index 384718d..c4a1198 100644
PY_STDLIB_MOD([_crypt],
[], [test "$ac_cv_crypt_crypt" = yes],
--
2.45.0
2.47.1
From e58b32f238f1d4503248f3a8b1489f7567bdbd6d Mon Sep 17 00:00:00 2001
From 29a7b7ac9e18a501ed78bde7a449b90c57d44e24 Mon Sep 17 00:00:00 2001
From: Charalampos Stratakis <cstratak@redhat.com>
Date: Fri, 29 Jan 2021 14:16:21 +0100
Subject: [PATCH 3/5] Use python's fall back crypto implementations only if we
@ -552,10 +552,10 @@ index dd61a9a..6031b02 100644
get_builtin_constructor = getattr(hashlib,
'__get_builtin_constructor')
--
2.45.0
2.47.1
From 2b14d347948dc01af587b9e21cd448833a38c7b5 Mon Sep 17 00:00:00 2001
From 59accf544492400c9fd32a8e682fb6f2206e932e Mon Sep 17 00:00:00 2001
From: Charalampos Stratakis <cstratak@redhat.com>
Date: Wed, 31 Jul 2019 15:43:43 +0200
Subject: [PATCH 4/5] Test equivalence of hashes for the various digests with
@ -712,10 +712,10 @@ index 6031b02..5bd5297 100644
class KDFTests(unittest.TestCase):
--
2.45.0
2.47.1
From b98c72b356a529a68cb4216526b838a57937cf6f Mon Sep 17 00:00:00 2001
From 21efadd8b488956482bdc6ccd91c37dcef705129 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Mon, 26 Aug 2019 19:39:48 +0200
Subject: [PATCH 5/5] Guard against Python HMAC in FIPS mode
@ -766,7 +766,7 @@ index 8b4eb2f..8930bda 100644
digest_cons = digestmod
elif isinstance(digestmod, str):
diff --git a/Lib/test/test_hmac.py b/Lib/test/test_hmac.py
index a39a2c4..b7b24ab 100644
index 1502fba..7997073 100644
--- a/Lib/test/test_hmac.py
+++ b/Lib/test/test_hmac.py
@@ -5,6 +5,7 @@ import hashlib
@ -805,7 +805,7 @@ index a39a2c4..b7b24ab 100644
@unittest.skipUnless(sha256_module is not None, 'need _sha256')
def test_with_sha256_module(self):
h = hmac.HMAC(b"key", b"hash this!", digestmod=sha256_module.sha256)
@@ -48 1,6 +489,7 @@ class Sanity TestCase(unittest.TestCase):
@@ -48 9,6 +497,7 @@ class Update TestCase(unittest.TestCase):
class CopyTestCase(unittest.TestCase):
@ -813,7 +813,7 @@ index a39a2c4..b7b24ab 100644
@hashlib_helper.requires_hashdigest('sha256')
def test_attributes_old(self):
# Testing if attributes are of same type.
@@ - 492,6 +501 ,7 @@ class CopyTestCase(unittest.TestCase):
@@ - 500,6 +509 ,7 @@ class CopyTestCase(unittest.TestCase):
self.assertEqual(type(h1._outer), type(h2._outer),
"Types of outer don't match.")
@ -822,5 +822,5 @@ index a39a2c4..b7b24ab 100644
def test_realcopy_old(self):
# Testing if the copy method created a real copy.
--
2.45.0
2.47.1