The OpenSSL and HACL* implementations of HMAC single-shot
digest computation reject keys whose length exceeds `INT_MAX`
and `UINT32_MAX` respectively. The OpenSSL implementation
also rejects messages whose length exceed `INT_MAX`.
Using such keys in `hmac.digest` previously raised an `OverflowError`
which was propagated to the caller. This commit mitigates this case by
making `hmac.digest` fall back to HMAC's pure Python implementation
which accepts arbitrary large keys or messages.
This change only affects the top-level entrypoint `hmac.digest`, leaving
`_hashopenssl.hmac_digest` and `_hmac.compute_digest` untouched.
Previously, if OpenSSL was not present and built-in cryptographic extension modules
were disabled, requesting `hashlib.<name>` raised `AttributeError` and an ERROR log
message with the exception traceback is emitted when importing `hashlib`.
Now, the named constructor function will always be available but raises a `ValueError`
at runtime indicating that the algorithm is not supported. The log message has also
been reworded to be less verbose.
Previously, DocTest's lineno of functions and methods decorated with
functools.cache(), functools.lru_cache() and functools.cached_property()
was not properly returned (None was returned) because the
computation relied on inspect.isfunction() which does not consider the
decorated result as a function.
We now use the more generic inspect.isroutine(), as elsewhere
in doctest's logic.
Also, added a special case for functools.cached_property().
_testclinic.c mocks out PY_VERSION_HEX to 3.8 before including
_testclinic_depr.c.h to avoid the errors the preprocessor would
otherwise throw due to the deprecation feature it is testing.
Also partially revert 74e2acddf6:
this restores Modules/_testclinic.c to match the same file in the 3.14
branch.
Basic support for pyrepl in Emscripten. Limitations:
* requires JSPI
* no signal handling implemented
As followup work, it would be nice to implement a webworker variant
for when JSPI is not available and proper signal handling.
Because it requires JSPI, it doesn't work in Safari. Firefox requires
setting an experimental flag. All the Chromiums have full support since
May. Until we make it work without JSPI, let's keep the original web_example
around.
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
Co-authored-by: Éric <merwok@netwok.org>
An interesting hack, but more localized in scope than #135230.
This may be a breaking change if people intentionally keep the original class around
when using `@dataclass(slots=True)`, and then use `__dict__` or `__weakref__` on the
original class.
Co-authored-by: Alyssa Coghlan <ncoghlan@gmail.com>
* Revert "gh-84481: Make ZipFile.data_offset more robust (#132178)"
This reverts commit 6cd1d6c6b1.
* Revert "gh-84481: Add ZipFile.data_offset attribute (#132165)"
This reverts commit 0788948dcb.
---------
Co-authored-by: Gregory P. Smith <greg@krypto.org>
`_datetime` is a special module, because it's the only non-builtin C extension that contains static types. As such, it would initialize static types in the module's execution function, which can run concurrently. Since static type initialization is not thread-safe, this caused crashes. This fixes it by moving the initialization of `_datetime`'s static types to interpreter startup (where all other static types are initialized), which is already properly protected through other locks.
Make the setlogmask() function in the syslog module thread-safe. These changes are relevant for scenarios where the GIL is disabled or when using subinterpreters.
Fix the `test_generated_cases` to work with `-O` or `-OO` flags.
Previously, `test_generated_cases` was catching an `AssertionError` while `Tools/cases_generator/optimizer_generator.py` used an `assert` statement. This approach semantically incorrect, no one should trying to catch an `AssertionError`!
Now the `assert` statement has been replaced with an explicit `raise ValueError(...)` and the corresponding `self.assertRaisesRegex(AssertionError, ...)` has been updated to catch a `ValueError` instead.
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
Co-authored-by: Adam Turner <9087854+aa-turner@users.noreply.github.com>
gh-91349: Adjust default compression level to 6 (down from 9) in gzip and tarfile
It is the default level used by most compression tools and a
better tradeoff between speed and performance.
Co-authored-by: rmorotti <romain.morotti@man.com>
Co-authored-by: Pieter Eendebak <pieter.eendebak@gmail.com>
- Fix `hashlib_helper.block_algorithm` where the dummy functions were incorrectly defined.
- Rename `hashlib_helper.HashAPI` to `hashlib_helper.HashInfo` and add more helper methods.
- Simplify `hashlib_helper.requires_*()` functions.
- Rewrite some private helpers in `hashlib_helper`.
- Remove `find_{builtin,openssl}_hashdigest_constructor()` as they are no more needed and were
not meant to be public in the first place.
- Fix some tests in `test_hashlib` when FIPS mode is on.
This is useful for implementing proper `input()`. It requires the
JavaScript engine to support the wasm JSPI spec which is now stage 4.
It is supported on Chrome since version 137 and on Firefox and node
behind a flag.
We override the `__wasi_fd_read()` syscall with our own variant that
checks for a readAsync operation. If it has it, we use our own async
variant of `fd_read()`, otherwise we use the original `fd_read()`.
We also add a variant of `FS.createDevice()` called
`FS.createAsyncInputDevice()`.
Finally, if JSPI is available, we wrap the `main()` symbol with
`WebAssembly.promising()` so that we can stack switch from `fd_read()`.
If JSPI is not available, attempting to read from an AsyncInputDevice
will raise an `OSError`.
Explicitly pass an `optimizer` parameter to the calls of `ast.parse/compile`, because if it is not provided, the interpreter will use its internal state, which can be modified using the `-O` or `-OO` flags.
Co-authored-by: Kirill Podoprigora <kirill.bast9@mail.ru>
Make the pwd module functions getpwuid(), getpwnam(), and getpwall() thread-safe. These changes apply to scenarios where the GIL is disabled or in subinterpreter use cases.
Clears the umask used during a test of pydoc.apropos when testing on
Emscripten. This is to work around a known issue in Emscripten; but it's not
clear if the chmod call that is causing the problem is actually testing
anything of significance.
