Skip to content

Commit 76c7dd2

Browse files
committed
Merge branch 'main' into feat/hashlib/smart-exceptions-135234
2 parents a1066fe + aee45fd commit 76c7dd2

File tree

5 files changed

+21
-8
lines changed

5 files changed

+21
-8
lines changed

Doc/library/stdtypes.rst

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1018,7 +1018,7 @@ operations have the same priority as the corresponding numeric operations. [3]_
10181018
| ``s * n`` or | equivalent to adding *s* to | (2)(7) |
10191019
| ``n * s`` | itself *n* times | |
10201020
+--------------------------+--------------------------------+----------+
1021-
| ``s[i]`` | *i*\ th item of *s*, origin 0 | \(3) |
1021+
| ``s[i]`` | *i*\ th item of *s*, origin 0 | (3)(9) |
10221022
+--------------------------+--------------------------------+----------+
10231023
| ``s[i:j]`` | slice of *s* from *i* to *j* | (3)(4) |
10241024
+--------------------------+--------------------------------+----------+
@@ -1150,6 +1150,9 @@ Notes:
11501150
without copying any data and with the returned index being relative to
11511151
the start of the sequence rather than the start of the slice.
11521152

1153+
(9)
1154+
An :exc:`IndexError` is raised if *i* is outside the sequence range.
1155+
11531156

11541157
.. _typesseq-immutable:
11551158

Doc/library/uuid.rst

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -257,6 +257,10 @@ The :mod:`uuid` module defines the following functions:
257257
non-specified arguments are substituted for a pseudo-random integer of
258258
appropriate size.
259259

260+
By default, *a*, *b* and *c* are generated by a non-cryptographically
261+
secure pseudo-random number generator (CSPRNG). Use :func:`uuid4` when
262+
a UUID needs to be used in a security-sensitive context.
263+
260264
.. versionadded:: 3.14
261265

262266

Lib/uuid.py

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -656,18 +656,20 @@ def _windll_getnode():
656656

657657
def _random_getnode():
658658
"""Get a random node ID."""
659-
# RFC 4122, $4.1.6 says "For systems with no IEEE address, a randomly or
660-
# pseudo-randomly generated value may be used; see Section 4.5. The
661-
# multicast bit must be set in such addresses, in order that they will
662-
# never conflict with addresses obtained from network cards."
659+
# RFC 9562, §6.10-3 says that
660+
#
661+
# Implementations MAY elect to obtain a 48-bit cryptographic-quality
662+
# random number as per Section 6.9 to use as the Node ID. [...] [and]
663+
# implementations MUST set the least significant bit of the first octet
664+
# of the Node ID to 1. This bit is the unicast or multicast bit, which
665+
# will never be set in IEEE 802 addresses obtained from network cards.
663666
#
664667
# The "multicast bit" of a MAC address is defined to be "the least
665668
# significant bit of the first octet". This works out to be the 41st bit
666669
# counting from 1 being the least significant bit, or 1<<40.
667670
#
668671
# See https://en.wikipedia.org/w/index.php?title=MAC_address&oldid=1128764812#Universal_vs._local_(U/L_bit)
669-
import random
670-
return random.getrandbits(48) | (1 << 40)
672+
return int.from_bytes(os.urandom(6)) | (1 << 40)
671673

672674

673675
# _OS_GETTERS, when known, are targeted for a specific OS or platform.
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
:mod:`uuid`: when the MAC address cannot be determined, the 48-bit node
2+
ID is now generated with a cryptographically-secure pseudo-random number
3+
generator (CSPRNG) as per :rfc:`RFC 9562, §6.10.3 <9562#section-6.10-3>`.
4+
This affects :func:`~uuid.uuid1` and :func:`~uuid.uuid6`.

Modules/_hashopenssl.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -605,7 +605,7 @@ raise_unsupported_digestmod_error(PyObject *module, PyObject *digestmod)
605605
*
606606
* Parameters
607607
*
608-
* digestmod A digest name or a _hashlib.openssl_* function
608+
* digestmod A digest name or a _hashopenssl builtin function
609609
* py_ht The message digest purpose.
610610
*/
611611
static PY_EVP_MD *

0 commit comments

Comments
 (0)