Skip to content

gh-134531: cleanup _hashopenssl.c to support EVP_MAC #134626

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 17 commits into from
May 26, 2025
Merged

gh-134531: cleanup _hashopenssl.c to support EVP_MAC #134626

merged 17 commits into from
May 26, 2025

Conversation

picnixz
Copy link
Member

@picnixz picnixz commented May 24, 2025
edited by bedevere-app bot
Loading

Previously, we used EVP to denote anything related to hash functions. We didn't need to distinguish between EVP_MD and EVP_MAC. However, we will need to distinguish them and honestly, I always wanted to refactor this module.

So, I decided to rewrite many function names. The logic is as follows:

  • use _hashlib_HASH_* for HASH methods (previously EVPobject)
  • use _hashlib_HASHXOF_* for SHAKE methods (previously EVPXOF)
  • only use EVP in function names when we're actually dealing with OpenSSL itself. It's confusing otherwise. On CPython's side, we're only wrapping an EVP_MD object, but we're not an EVP_MD object IMO. We are a HASH or a HASHXOF object since we export them as such.

Note that we can backport this to 3.14, and, ideally, to 3.13 as well because if I were to fix a bug in 3.15, then we'll likely have conflicts if I were to backport the fix to 3.13.

@picnixz picnixz requested a review from gpshead as a code owner May 24, 2025 10:41
@bedevere-app bedevere-app bot mentioned this pull request May 24, 2025
Open
@picnixz picnixz added the 🔨 test-with-buildbots Test PR w/ buildbots; report in status section label May 24, 2025
@bedevere-bot
Copy link

🤖 New build scheduled with the buildbot fleet by @picnixz for commit 63bc38c 🤖

Results will be shown at:

https://buildbot.python.org/all/#/grid?branch=refs%2Fpull%2F134626%2Fmerge

If you want to schedule another build, you need to add the 🔨 test-with-buildbots label again.

@bedevere-bot bedevere-bot removed the 🔨 test-with-buildbots Test PR w/ buildbots; report in status section label May 24, 2025
@gpshead gpshead added needs backport to 3.13 bugs and security fixes needs backport to 3.14 bugs and security fixes labels May 25, 2025
@gpshead gpshead removed the skip news label May 25, 2025
@gpshead
Copy link
Member

gpshead commented May 25, 2025

I suggest adding a small news entry regardless, as this will land in a release branch it is nice to indicate to people reading the changelog where a name cleanup refactoring was done to the internals.

@picnixz
Copy link
Member Author

picnixz commented May 25, 2025

I suggest adding a small news entry regardless, as this will land in a release branch it is nice to indicate to people reading the changelog where a name cleanup refactoring was done to the internals.

Sure, I'll write a NEWS entry tomorrow and will merge this.

@picnixz
Copy link
Member Author

picnixz commented May 26, 2025
edited
Loading

Note: failures are related to GH. And if the backport fails to 3.13 due to conflicts, I'll ignore it as well (this liokely means I would anyway need to work harder :'))

@picnixz picnixz enabled auto-merge (squash) May 26, 2025 10:12
@picnixz picnixz merged commit cb8045e into python:main May 26, 2025
39 checks passed
@miss-islington-app
Copy link

Thanks @picnixz for the PR 🌮🎉.. I'm working now to backport this PR to: 3.13, 3.14.
🐍🍒⛏🤖

@picnixz picnixz deleted the feat/hmac/prepare-for-openssl-3x-134531 branch May 26, 2025 10:12
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request May 26, 2025
@picnixz @miss-islington
pythongh-134531: cleanup _hashopenssl.c to support EVP_MAC (pytho…
d107c02 
…nGH-134626)

Rename components related to `_hashlib.{HASH,HASHXOF}` objects.

- The `EVPobject` structure is renamed `HASHobject`.
- Non-clinic `HASH` methods are now prefixed by `_hashlib_HASH_*`.
  A similar change is made for non-clinic `HASHXOF` methods.
- Functions extracting information from `EVP_MD` objects and functions
  constructing `EVP_MD` objects now include `openssl_evp_md` in their name.

This change allows us to avoid future ambiguities between the `EVP_MD`
and the `EVP_MAC` APIs (currently, we only use `EVP_MD` for hash functions
and rely on the legacy interface for HMAC instead of using `EVP_MAC`).
(cherry picked from commit cb8045e)

Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
@miss-islington-app
Copy link

Sorry, @picnixz, I could not cleanly backport this to 3.13 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker cb8045e86c4fadfd847d614193f2b38ec03933b8 3.13

@bedevere-app
Copy link

bedevere-app bot commented May 26, 2025

GH-134703 is a backport of this pull request to the 3.14 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.14 bugs and security fixes label May 26, 2025
@picnixz
Copy link
Member Author

picnixz commented May 26, 2025

Ok let's have a look at the conflicts.

@picnixz
Copy link
Member Author

picnixz commented May 26, 2025

Ok, forget it, the conflicts are too hard to fix because of UBSan failures that were fixed and clinic that was fixed differently.

@picnixz picnixz removed the needs backport to 3.13 bugs and security fixes label May 26, 2025
picnixz added a commit that referenced this pull request Jun 8, 2025
@picnixz
gh-134531: fix _hashlib clinic directive post GH-134626 (#135249)
4372011
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gpshead gpshead gpshead approved these changes

Assignees

@picnixz picnixz

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@picnixz @bedevere-bot @gpshead