Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 5fa9620

Browse filesBrowse files
encukoustratakis
encukou
authored and
stratakis
committed
Expose OpenSSL FIPS_mode() as hashlib.get_fips_mode()
1 parent 19a40f7 commit 5fa9620
Copy full SHA for 5fa9620

3 files changed

+65-1Lines changed: 65 additions & 1 deletion

File tree

Expand file treeCollapse file tree
Open diff view settings
Filter options
Expand file treeCollapse file tree
Open diff view settings
Collapse file

‎Lib/hashlib.py‎

Copy file name to clipboardExpand all lines: Lib/hashlib.py
+5Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -236,6 +236,11 @@ def prf(msg, inner=inner, outer=outer):
236236
except ImportError:
237237
pass
238238

239+
try:
240+
from _hashlib import get_fips_mode
241+
except ImportError:
242+
pass
243+
239244

240245
for __func_name in __always_supported:
241246
# try them all, some may not work due to the OpenSSL
Collapse file

‎Modules/_hashopenssl.c‎

Copy file name to clipboardExpand all lines: Modules/_hashopenssl.c
+36Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,9 @@
2525
#include <openssl/objects.h>
2626
#include "openssl/err.h"
2727

28+
/* Expose FIPS_mode */
29+
#include <openssl/crypto.h>
30+
2831
#include "clinic/_hashopenssl.c.h"
2932
/*[clinic input]
3033
module _hashlib
@@ -987,6 +990,38 @@ GEN_CONSTRUCTOR(sha256)
987990
GEN_CONSTRUCTOR(sha384)
988991
GEN_CONSTRUCTOR(sha512)
989992

993+
/*[clinic input]
994+
_hashlib.get_fips_mode
995+
996+
Determine the OpenSSL FIPS mode of operation.
997+
998+
Effectively any non-zero return value indicates FIPS mode;
999+
values other than 1 may have additional significance.
1000+
1001+
See OpenSSL documentation for the FIPS_mode() function for details.
1002+
[clinic start generated code]*/
1003+
1004+
static PyObject *
1005+
_hashlib_get_fips_mode_impl(PyObject *module)
1006+
/*[clinic end generated code: output=ad8a7793310d3f98 input=f42a2135df2a5e11]*/
1007+
{
1008+
int result = FIPS_mode();
1009+
if (result == 0) {
1010+
// "If the library was built without support of the FIPS Object Module,
1011+
// then the function will return 0 with an error code of
1012+
// CRYPTO_R_FIPS_MODE_NOT_SUPPORTED (0x0f06d065)."
1013+
// But 0 is also a valid result value.
1014+
1015+
unsigned long errcode = ERR_peek_last_error();
1016+
if (errcode) {
1017+
_setException(PyExc_ValueError);
1018+
return NULL;
1019+
}
1020+
}
1021+
return PyLong_FromLong(result);
1022+
}
1023+
1024+
9901025
/* List of functions exported by this module */
9911026

9921027
static struct PyMethodDef EVP_functions[] = {
@@ -996,6 +1031,7 @@ static struct PyMethodDef EVP_functions[] = {
9961031
pbkdf2_hmac__doc__},
9971032
#endif
9981033
_HASHLIB_SCRYPT_METHODDEF
1034+
_HASHLIB_GET_FIPS_MODE_METHODDEF
9991035
CONSTRUCTOR_METH_DEF(md5),
10001036
CONSTRUCTOR_METH_DEF(sha1),
10011037
CONSTRUCTOR_METH_DEF(sha224),
Collapse file

‎Modules/clinic/_hashopenssl.c.h‎

Copy file name to clipboardExpand all lines: Modules/clinic/_hashopenssl.c.h
+24-1Lines changed: 24 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.