gh-134531: use EVP_MAC API for _hashlib.HMAC
#135235
Conversation
|
!buildbot FIPS |
|
🤖 New build scheduled with the buildbot fleet by @picnixz for commit c444180 🤖 Results will be shown at: https://buildbot.python.org/all/#/grid?branch=refs%2Fpull%2F135235%2Fmerge The command will test the builders whose names match following regular expression: The builders matched are:
|
There was a problem hiding this comment.
Overall, there is also something I wanted to investigate, namely "is it faster to use SN_* names or LN_* names for OpenSSL" and whether it's better to cache the NID (as it's only used in __repr__ or .name) or directly cache a const char *.
I'll need more experiments for this one but this also applies to the existing code where we work with EVP_MD objects instead of caching their properties.
…shlib/evp-mac-134531
…/evp-mac-134531 # Conflicts: # Modules/_hashopenssl.c
|
@gpshead Want to have a look at this one before I merge it (say by the end of the week) |
|
!buildbot FIPS only |
|
🤖 New build scheduled with the buildbot fleet by @picnixz for commit b1f44a8 🤖 Results will be shown at: https://buildbot.python.org/all/#/grid?branch=refs%2Fpull%2F135235%2Fmerge The command will test the builders whose names match following regular expression: The builders matched are:
|
|
This PR is actually still too big. I'll break down changes again. |
e8b4692 to
b3b4a6a
Compare
|
Each time I stare at this PR I'm not happy because the naming of the hashlib functions is sometimes really confusing. I really want to reorder this file but at the same time it would be painful because reviewing moving pieces is not easy. I will first draft something where we have a clear naming convention, so that one can distinguish helpers needed for Python and helpers wrapping OpenSSL functions only without any care for Python (except for setting exceptions). |
Just a draft PR for the CI. I'll split the PR tomorrow. Some parts are part of #135234.
This is based on top of #135250 and #135254 so it's a bit messy.