Add support for getting and setting groups used for key agreement.
* `ssl.SSLSocket.group()` returns the name of the group used
for the key agreement of the current session establishment.
This feature requires Python to be built with OpenSSL 3.2 or later.
* `ssl.SSLContext.get_groups()` returns the list of names of groups
that are compatible with the TLS version of the current context.
This feature requires Python to be built with OpenSSL 3.5 or later.
* `ssl.SSLContext.set_groups()` sets the groups allowed for key agreement
for sockets created with this context. This feature is always supported.
Adjust `pathlib._os.vfspath()` so that it doesn't try `os.fsdecode()`. I
don't know that supporting `os.PathLike` arguments is a good idea, so
it's best to leave it out for now.
The OpenSSL and HACL* implementations of HMAC single-shot
digest computation reject keys whose length exceeds `INT_MAX`
and `UINT32_MAX` respectively. The OpenSSL implementation
also rejects messages whose length exceed `INT_MAX`.
Using such keys in `hmac.digest` previously raised an `OverflowError`
which was propagated to the caller. This commit mitigates this case by
making `hmac.digest` fall back to HMAC's pure Python implementation
which accepts arbitrary large keys or messages.
This change only affects the top-level entrypoint `hmac.digest`, leaving
`_hashopenssl.hmac_digest` and `_hmac.compute_digest` untouched.
Previously, if OpenSSL was not present and built-in cryptographic extension modules
were disabled, requesting `hashlib.<name>` raised `AttributeError` and an ERROR log
message with the exception traceback is emitted when importing `hashlib`.
Now, the named constructor function will always be available but raises a `ValueError`
at runtime indicating that the algorithm is not supported. The log message has also
been reworded to be less verbose.
Previously, DocTest's lineno of functions and methods decorated with
functools.cache(), functools.lru_cache() and functools.cached_property()
was not properly returned (None was returned) because the
computation relied on inspect.isfunction() which does not consider the
decorated result as a function.
We now use the more generic inspect.isroutine(), as elsewhere
in doctest's logic.
Also, added a special case for functools.cached_property().
_testclinic.c mocks out PY_VERSION_HEX to 3.8 before including
_testclinic_depr.c.h to avoid the errors the preprocessor would
otherwise throw due to the deprecation feature it is testing.
Also partially revert 74e2acddf6:
this restores Modules/_testclinic.c to match the same file in the 3.14
branch.
Basic support for pyrepl in Emscripten. Limitations:
* requires JSPI
* no signal handling implemented
As followup work, it would be nice to implement a webworker variant
for when JSPI is not available and proper signal handling.
Because it requires JSPI, it doesn't work in Safari. Firefox requires
setting an experimental flag. All the Chromiums have full support since
May. Until we make it work without JSPI, let's keep the original web_example
around.
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
Co-authored-by: Éric <merwok@netwok.org>
An interesting hack, but more localized in scope than #135230.
This may be a breaking change if people intentionally keep the original class around
when using `@dataclass(slots=True)`, and then use `__dict__` or `__weakref__` on the
original class.
Co-authored-by: Alyssa Coghlan <ncoghlan@gmail.com>
* Revert "gh-84481: Make ZipFile.data_offset more robust (#132178)"
This reverts commit 6cd1d6c6b1.
* Revert "gh-84481: Add ZipFile.data_offset attribute (#132165)"
This reverts commit 0788948dcb.
---------
Co-authored-by: Gregory P. Smith <greg@krypto.org>
`_datetime` is a special module, because it's the only non-builtin C extension that contains static types. As such, it would initialize static types in the module's execution function, which can run concurrently. Since static type initialization is not thread-safe, this caused crashes. This fixes it by moving the initialization of `_datetime`'s static types to interpreter startup (where all other static types are initialized), which is already properly protected through other locks.
Make the setlogmask() function in the syslog module thread-safe. These changes are relevant for scenarios where the GIL is disabled or when using subinterpreters.
Fix the `test_generated_cases` to work with `-O` or `-OO` flags.
Previously, `test_generated_cases` was catching an `AssertionError` while `Tools/cases_generator/optimizer_generator.py` used an `assert` statement. This approach semantically incorrect, no one should trying to catch an `AssertionError`!
Now the `assert` statement has been replaced with an explicit `raise ValueError(...)` and the corresponding `self.assertRaisesRegex(AssertionError, ...)` has been updated to catch a `ValueError` instead.
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
Co-authored-by: Adam Turner <9087854+aa-turner@users.noreply.github.com>
gh-91349: Adjust default compression level to 6 (down from 9) in gzip and tarfile
It is the default level used by most compression tools and a
better tradeoff between speed and performance.
Co-authored-by: rmorotti <romain.morotti@man.com>
Co-authored-by: Pieter Eendebak <pieter.eendebak@gmail.com>
- Fix `hashlib_helper.block_algorithm` where the dummy functions were incorrectly defined.
- Rename `hashlib_helper.HashAPI` to `hashlib_helper.HashInfo` and add more helper methods.
- Simplify `hashlib_helper.requires_*()` functions.
- Rewrite some private helpers in `hashlib_helper`.
- Remove `find_{builtin,openssl}_hashdigest_constructor()` as they are no more needed and were
not meant to be public in the first place.
- Fix some tests in `test_hashlib` when FIPS mode is on.
