gh-99108: Refactor _sha256 & _sha512 into _sha2. (#101924)

This merges their code. They're backed by the same single HACL* static library, having them be a single module simplifies maintenance.

This should unbreak the wasm enscripten builds that currently fail due to linking in --whole-archive mode and the HACL* library appearing twice.

Long unnoticed error fixed: _sha512.SHA384Type was doubly assigned and was actually SHA512Type. Nobody depends on those internal names.

Also rename LIBHACL_ make vars to LIBHACL_SHA2_ in preperation for other future HACL things.

Lib/hashlib.py

@@ -92,13 +92,13 @@ def __get_builtin_constructor(name):
             import _md5
             cache['MD5'] = cache['md5'] = _md5.md5
         elif name in {'SHA256', 'sha256', 'SHA224', 'sha224'}:
-            import _sha256
-            cache['SHA224'] = cache['sha224'] = _sha256.sha224
-            cache['SHA256'] = cache['sha256'] = _sha256.sha256
+            import _sha2
+            cache['SHA224'] = cache['sha224'] = _sha2.sha224
+            cache['SHA256'] = cache['sha256'] = _sha2.sha256
         elif name in {'SHA512', 'sha512', 'SHA384', 'sha384'}:
-            import _sha512
-            cache['SHA384'] = cache['sha384'] = _sha512.sha384
-            cache['SHA512'] = cache['sha512'] = _sha512.sha512
+            import _sha2
+            cache['SHA384'] = cache['sha384'] = _sha2.sha384
+            cache['SHA512'] = cache['sha512'] = _sha2.sha512
         elif name in {'blake2b', 'blake2s'}:
             import _blake2
             cache['blake2b'] = _blake2.blake2b

Lib/test/test_hashlib.py

@@ -1,6 +1,4 @@
-# Test hashlib module
-#
-# $Id$
+# Test the hashlib module.
 #
 #  Copyright (C) 2005-2010   Gregory P. Smith (greg@krypto.org)
 #  Licensed to PSF under a Contributor Agreement.
@@ -28,7 +26,6 @@
 from http.client import HTTPException
 
 
-# default builtin hash module
 default_builtin_hashes = {'md5', 'sha1', 'sha256', 'sha512', 'sha3', 'blake2'}
 # --with-builtin-hashlib-hashes override
 builtin_hashes = sysconfig.get_config_var("PY_BUILTIN_HASHLIB_HASHES")
@@ -66,6 +63,7 @@ def get_fips_mode():
 requires_blake2 = unittest.skipUnless(_blake2, 'requires _blake2')
 
 # bpo-46913: Don't test the _sha3 extension on a Python UBSAN build
+# TODO(gh-99108): Revisit this after _sha3 uses HACL*.
 SKIP_SHA3 = support.check_sanitizer(ub=True)
 requires_sha3 = unittest.skipUnless(not SKIP_SHA3, 'requires _sha3')
 
@@ -107,7 +105,7 @@ class HashLibTestCase(unittest.TestCase):
 
     shakes = {'shake_128', 'shake_256'}
 
-    # Issue #14693: fallback modules are always compiled under POSIX
+    # gh-58898: Fallback modules are always compiled under POSIX.
     _warn_on_extension_import = (os.name == 'posix' or support.Py_DEBUG)
 
     def _conditional_import_module(self, module_name):
@@ -116,7 +114,7 @@ def _conditional_import_module(self, module_name):
             return importlib.import_module(module_name)
         except ModuleNotFoundError as error:
             if self._warn_on_extension_import and module_name in builtin_hashes:
-                warnings.warn('Did a C extension fail to compile? %s' % error)
+                warnings.warn(f'Did a C extension fail to compile? {error}')
         return None
 
     def __init__(self, *args, **kwargs):
@@ -147,7 +145,7 @@ def _test_algorithm_via_hashlib_new(data=None, _alg=algorithm, **kwargs):
         _hashlib = self._conditional_import_module('_hashlib')
         self._hashlib = _hashlib
         if _hashlib:
-            # These two algorithms should always be present when this module
+            # These algorithms should always be present when this module
             # is compiled.  If not, something was compiled wrong.
             self.assertTrue(hasattr(_hashlib, 'openssl_md5'))
             self.assertTrue(hasattr(_hashlib, 'openssl_sha1'))
@@ -172,12 +170,10 @@ def add_builtin_constructor(name):
         _sha1 = self._conditional_import_module('_sha1')
         if _sha1:
             add_builtin_constructor('sha1')
-        _sha256 = self._conditional_import_module('_sha256')
-        if _sha256:
+        _sha2 = self._conditional_import_module('_sha2')
+        if _sha2:
             add_builtin_constructor('sha224')
             add_builtin_constructor('sha256')
-        _sha512 = self._conditional_import_module('_sha512')
-        if _sha512:
             add_builtin_constructor('sha384')
             add_builtin_constructor('sha512')
         if _blake2:
@@ -460,9 +456,9 @@ def check_blocksize_name(self, name, block_size=0, digest_size=0,
                 self.assertEqual(len(m.hexdigest()), 2*digest_size)
             self.assertEqual(m.name, name)
             # split for sha3_512 / _sha3.sha3 object
-            self.assertIn(name.split("_")[0], repr(m))
+            self.assertIn(name.split("_")[0], repr(m).lower())
 
-    def test_blocksize_name(self):
+    def test_blocksize_and_name(self):
         self.check_blocksize_name('md5', 64, 16)
         self.check_blocksize_name('sha1', 64, 20)
         self.check_blocksize_name('sha224', 64, 28)

Makefile.pre.in

@@ -207,7 +207,7 @@ ENSUREPIP=      @ENSUREPIP@
 # Internal static libraries
 LIBMPDEC_A= Modules/_decimal/libmpdec/libmpdec.a
 LIBEXPAT_A= Modules/expat/libexpat.a
-LIBHACL_A= Modules/_hacl/libHacl_Streaming_SHA2.a
+LIBHACL_SHA2_A= Modules/_hacl/libHacl_Streaming_SHA2.a
 
 # Module state, compiler flags and linker flags
 # Empty CFLAGS and LDFLAGS are omitted.
@@ -575,10 +575,10 @@ LIBEXPAT_HEADERS= \
 ##########################################################################
 # hashlib's HACL* library
 
-LIBHACL_OBJS= \
+LIBHACL_SHA2_OBJS= \
                 Modules/_hacl/Hacl_Streaming_SHA2.o
 
-LIBHACL_HEADERS= \
+LIBHACL_SHA2_HEADERS= \
                 Modules/_hacl/Hacl_Streaming_SHA2.h \
                 Modules/_hacl/include/krml/FStar_UInt128_Verified.h \
                 Modules/_hacl/include/krml/FStar_UInt_8_16_32_64.h \
@@ -912,12 +912,12 @@ $(LIBEXPAT_A): $(LIBEXPAT_OBJS)
 # Build HACL* static libraries for hashlib: libHacl_Streaming_SHA2.a
 LIBHACL_CFLAGS=-I$(srcdir)/Modules/_hacl/include -D_BSD_SOURCE -D_DEFAULT_SOURCE $(PY_STDMODULE_CFLAGS) $(CCSHARED)
 
-Modules/_hacl/Hacl_Streaming_SHA2.o: $(srcdir)/Modules/_hacl/Hacl_Streaming_SHA2.c $(LIBHACL_HEADERS)
+Modules/_hacl/Hacl_Streaming_SHA2.o: $(srcdir)/Modules/_hacl/Hacl_Streaming_SHA2.c $(LIBHACL_SHA2_HEADERS)
 	$(CC) -c $(LIBHACL_CFLAGS) -o $@ $(srcdir)/Modules/_hacl/Hacl_Streaming_SHA2.c
 
-$(LIBHACL_A): $(LIBHACL_OBJS)
+$(LIBHACL_SHA2_A): $(LIBHACL_SHA2_OBJS)
 	-rm -f $@
-	$(AR) $(ARFLAGS) $@ $(LIBHACL_OBJS)
+	$(AR) $(ARFLAGS) $@ $(LIBHACL_SHA2_OBJS)
 
 # create relative links from build/lib.platform/egg.so to Modules/egg.so
 # pybuilddir.txt is created too late. We cannot use it in Makefile
@@ -2635,9 +2635,8 @@ MODULE__HASHLIB_DEPS=$(srcdir)/Modules/hashlib.h
 MODULE__IO_DEPS=$(srcdir)/Modules/_io/_iomodule.h
 MODULE__MD5_DEPS=$(srcdir)/Modules/hashlib.h
 MODULE__SHA1_DEPS=$(srcdir)/Modules/hashlib.h
-MODULE__SHA256_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_HEADERS) $(LIBHACL_A)
+MODULE__SHA2_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_SHA2_HEADERS) $(LIBHACL_SHA2_A)
 MODULE__SHA3_DEPS=$(srcdir)/Modules/_sha3/sha3.c $(srcdir)/Modules/_sha3/sha3.h $(srcdir)/Modules/hashlib.h
-MODULE__SHA512_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_HEADERS) $(LIBHACL_A)
 MODULE__SOCKET_DEPS=$(srcdir)/Modules/socketmodule.h $(srcdir)/Modules/addrinfo.h $(srcdir)/Modules/getaddrinfo.c $(srcdir)/Modules/getnameinfo.c
 MODULE__SSL_DEPS=$(srcdir)/Modules/_ssl.h $(srcdir)/Modules/_ssl/cert.c $(srcdir)/Modules/_ssl/debughelpers.c $(srcdir)/Modules/_ssl/misc.c $(srcdir)/Modules/_ssl_data.h $(srcdir)/Modules/_ssl_data_111.h $(srcdir)/Modules/_ssl_data_300.h $(srcdir)/Modules/socketmodule.h
 MODULE__TESTCAPI_DEPS=$(srcdir)/Modules/_testcapi/testcapi_long.h $(srcdir)/Modules/_testcapi/parts.h

Misc/NEWS.d/next/Library/2023-02-15-01-54-06.gh-issue-99108.rjTSic.rst

@@ -0,0 +1,3 @@
+The built-in extension modules for :mod:`hashlib` SHA2 algorithms, used when
+OpenSSL does not provide them, now live in a single internal ``_sha2`` module
+instead of separate ``_sha256`` and ``_sha512`` modules.

Modules/Setup

@@ -165,8 +165,7 @@ PYTHONPATH=$(COREPYTHONPATH)
 #_blake2 _blake2/blake2module.c _blake2/blake2b_impl.c _blake2/blake2s_impl.c
 #_md5 md5module.c
 #_sha1 sha1module.c
-#_sha256 sha256module.c
-#_sha512 sha512module.c
+#_sha2 sha2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Streaming_SHA2.a
 #_sha3 _sha3/sha3module.c
 
 # text encodings and unicode

Modules/Setup.stdlib.in

@@ -79,8 +79,7 @@
 # hashing builtins, can be disabled with --without-builtin-hashlib-hashes
 @MODULE__MD5_TRUE@_md5 md5module.c
 @MODULE__SHA1_TRUE@_sha1 sha1module.c
-@MODULE__SHA256_TRUE@_sha256 sha256module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Streaming_SHA2.a
-@MODULE__SHA512_TRUE@_sha512 sha512module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Streaming_SHA2.a
+@MODULE__SHA2_TRUE@_sha2 sha2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Streaming_SHA2.a
 @MODULE__SHA3_TRUE@_sha3 _sha3/sha3module.c
 @MODULE__BLAKE2_TRUE@_blake2 _blake2/blake2module.c _blake2/blake2b_impl.c _blake2/blake2s_impl.c
 

Modules/clinic/sha256module.c.h

@@ -1,225 +0,0 @@
-/*[clinic input]
-preserve
-[clinic start generated code]*/
-
-#if defined(Py_BUILD_CORE) && !defined(Py_BUILD_CORE_MODULE)
-#  include "pycore_gc.h"            // PyGC_Head
-#  include "pycore_runtime.h"       // _Py_ID()
-#endif
-
-
-PyDoc_STRVAR(SHA256Type_copy__doc__,
-"copy($self, /)\n"
-"--\n"
-"\n"
-"Return a copy of the hash object.");
-
-#define SHA256TYPE_COPY_METHODDEF    \
-    {"copy", _PyCFunction_CAST(SHA256Type_copy), METH_METHOD|METH_FASTCALL|METH_KEYWORDS, SHA256Type_copy__doc__},
-
-static PyObject *
-SHA256Type_copy_impl(SHAobject *self, PyTypeObject *cls);
-
-static PyObject *
-SHA256Type_copy(SHAobject *self, PyTypeObject *cls, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
-{
-    if (nargs) {
-        PyErr_SetString(PyExc_TypeError, "copy() takes no arguments");
-        return NULL;
-    }
-    return SHA256Type_copy_impl(self, cls);
-}
-
-PyDoc_STRVAR(SHA256Type_digest__doc__,
-"digest($self, /)\n"
-"--\n"
-"\n"
-"Return the digest value as a bytes object.");
-
-#define SHA256TYPE_DIGEST_METHODDEF    \
-    {"digest", (PyCFunction)SHA256Type_digest, METH_NOARGS, SHA256Type_digest__doc__},
-
-static PyObject *
-SHA256Type_digest_impl(SHAobject *self);
-
-static PyObject *
-SHA256Type_digest(SHAobject *self, PyObject *Py_UNUSED(ignored))
-{
-    return SHA256Type_digest_impl(self);
-}
-
-PyDoc_STRVAR(SHA256Type_hexdigest__doc__,
-"hexdigest($self, /)\n"
-"--\n"
-"\n"
-"Return the digest value as a string of hexadecimal digits.");
-
-#define SHA256TYPE_HEXDIGEST_METHODDEF    \
-    {"hexdigest", (PyCFunction)SHA256Type_hexdigest, METH_NOARGS, SHA256Type_hexdigest__doc__},
-
-static PyObject *
-SHA256Type_hexdigest_impl(SHAobject *self);
-
-static PyObject *
-SHA256Type_hexdigest(SHAobject *self, PyObject *Py_UNUSED(ignored))
-{
-    return SHA256Type_hexdigest_impl(self);
-}
-
-PyDoc_STRVAR(SHA256Type_update__doc__,
-"update($self, obj, /)\n"
-"--\n"
-"\n"
-"Update this hash object\'s state with the provided string.");
-
-#define SHA256TYPE_UPDATE_METHODDEF    \
-    {"update", (PyCFunction)SHA256Type_update, METH_O, SHA256Type_update__doc__},
-
-PyDoc_STRVAR(_sha256_sha256__doc__,
-"sha256($module, /, string=b\'\', *, usedforsecurity=True)\n"
-"--\n"
-"\n"
-"Return a new SHA-256 hash object; optionally initialized with a string.");
-
-#define _SHA256_SHA256_METHODDEF    \
-    {"sha256", _PyCFunction_CAST(_sha256_sha256), METH_FASTCALL|METH_KEYWORDS, _sha256_sha256__doc__},
-
-static PyObject *
-_sha256_sha256_impl(PyObject *module, PyObject *string, int usedforsecurity);
-
-static PyObject *
-_sha256_sha256(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
-{
-    PyObject *return_value = NULL;
-    #if defined(Py_BUILD_CORE) && !defined(Py_BUILD_CORE_MODULE)
-
-    #define NUM_KEYWORDS 2
-    static struct {
-        PyGC_Head _this_is_not_used;
-        PyObject_VAR_HEAD
-        PyObject *ob_item[NUM_KEYWORDS];
-    } _kwtuple = {
-        .ob_base = PyVarObject_HEAD_INIT(&PyTuple_Type, NUM_KEYWORDS)
-        .ob_item = { &_Py_ID(string), &_Py_ID(usedforsecurity), },
-    };
-    #undef NUM_KEYWORDS
-    #define KWTUPLE (&_kwtuple.ob_base.ob_base)
-
-    #else  // !Py_BUILD_CORE
-    #  define KWTUPLE NULL
-    #endif  // !Py_BUILD_CORE
-
-    static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
-    static _PyArg_Parser _parser = {
-        .keywords = _keywords,
-        .fname = "sha256",
-        .kwtuple = KWTUPLE,
-    };
-    #undef KWTUPLE
-    PyObject *argsbuf[2];
-    Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
-    PyObject *string = NULL;
-    int usedforsecurity = 1;
-
-    args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
-    if (!args) {
-        goto exit;
-    }
-    if (!noptargs) {
-        goto skip_optional_pos;
-    }
-    if (args[0]) {
-        string = args[0];
-        if (!--noptargs) {
-            goto skip_optional_pos;
-        }
-    }
-skip_optional_pos:
-    if (!noptargs) {
-        goto skip_optional_kwonly;
-    }
-    usedforsecurity = PyObject_IsTrue(args[1]);
-    if (usedforsecurity < 0) {
-        goto exit;
-    }
-skip_optional_kwonly:
-    return_value = _sha256_sha256_impl(module, string, usedforsecurity);
-
-exit:
-    return return_value;
-}
-
-PyDoc_STRVAR(_sha256_sha224__doc__,
-"sha224($module, /, string=b\'\', *, usedforsecurity=True)\n"
-"--\n"
-"\n"
-"Return a new SHA-224 hash object; optionally initialized with a string.");
-
-#define _SHA256_SHA224_METHODDEF    \
-    {"sha224", _PyCFunction_CAST(_sha256_sha224), METH_FASTCALL|METH_KEYWORDS, _sha256_sha224__doc__},
-
-static PyObject *
-_sha256_sha224_impl(PyObject *module, PyObject *string, int usedforsecurity);
-
-static PyObject *
-_sha256_sha224(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
-{
-    PyObject *return_value = NULL;
-    #if defined(Py_BUILD_CORE) && !defined(Py_BUILD_CORE_MODULE)
-
-    #define NUM_KEYWORDS 2
-    static struct {
-        PyGC_Head _this_is_not_used;
-        PyObject_VAR_HEAD
-        PyObject *ob_item[NUM_KEYWORDS];
-    } _kwtuple = {
-        .ob_base = PyVarObject_HEAD_INIT(&PyTuple_Type, NUM_KEYWORDS)
-        .ob_item = { &_Py_ID(string), &_Py_ID(usedforsecurity), },
-    };
-    #undef NUM_KEYWORDS
-    #define KWTUPLE (&_kwtuple.ob_base.ob_base)
-
-    #else  // !Py_BUILD_CORE
-    #  define KWTUPLE NULL
-    #endif  // !Py_BUILD_CORE
-
-    static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
-    static _PyArg_Parser _parser = {
-        .keywords = _keywords,
-        .fname = "sha224",
-        .kwtuple = KWTUPLE,
-    };
-    #undef KWTUPLE
-    PyObject *argsbuf[2];
-    Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
-    PyObject *string = NULL;
-    int usedforsecurity = 1;
-
-    args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
-    if (!args) {
-        goto exit;
-    }
-    if (!noptargs) {
-        goto skip_optional_pos;
-    }
-    if (args[0]) {
-        string = args[0];
-        if (!--noptargs) {
-            goto skip_optional_pos;
-        }
-    }
-skip_optional_pos:
-    if (!noptargs) {
-        goto skip_optional_kwonly;
-    }
-    usedforsecurity = PyObject_IsTrue(args[1]);
-    if (usedforsecurity < 0) {
-        goto exit;
-    }
-skip_optional_kwonly:
-    return_value = _sha256_sha224_impl(module, string, usedforsecurity);
-
-exit:
-    return return_value;
-}
-/*[clinic end generated code: output=ae926f7ec85e7c97 input=a9049054013a1b77]*/

Modules/clinic/sha2module.c.h

@@ -0,0 +1,440 @@
+/*[clinic input]
+preserve
+[clinic start generated code]*/
+
+#if defined(Py_BUILD_CORE) && !defined(Py_BUILD_CORE_MODULE)
+#  include "pycore_gc.h"            // PyGC_Head
+#  include "pycore_runtime.h"       // _Py_ID()
+#endif
+
+
+PyDoc_STRVAR(SHA256Type_copy__doc__,
+"copy($self, /)\n"
+"--\n"
+"\n"
+"Return a copy of the hash object.");
+
+#define SHA256TYPE_COPY_METHODDEF    \
+    {"copy", _PyCFunction_CAST(SHA256Type_copy), METH_METHOD|METH_FASTCALL|METH_KEYWORDS, SHA256Type_copy__doc__},
+
+static PyObject *
+SHA256Type_copy_impl(SHA256object *self, PyTypeObject *cls);
+
+static PyObject *
+SHA256Type_copy(SHA256object *self, PyTypeObject *cls, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
+{
+    if (nargs) {
+        PyErr_SetString(PyExc_TypeError, "copy() takes no arguments");
+        return NULL;
+    }
+    return SHA256Type_copy_impl(self, cls);
+}
+
+PyDoc_STRVAR(SHA512Type_copy__doc__,
+"copy($self, /)\n"
+"--\n"
+"\n"
+"Return a copy of the hash object.");
+
+#define SHA512TYPE_COPY_METHODDEF    \
+    {"copy", _PyCFunction_CAST(SHA512Type_copy), METH_METHOD|METH_FASTCALL|METH_KEYWORDS, SHA512Type_copy__doc__},
+
+static PyObject *
+SHA512Type_copy_impl(SHA512object *self, PyTypeObject *cls);
+
+static PyObject *
+SHA512Type_copy(SHA512object *self, PyTypeObject *cls, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
+{
+    if (nargs) {
+        PyErr_SetString(PyExc_TypeError, "copy() takes no arguments");
+        return NULL;
+    }
+    return SHA512Type_copy_impl(self, cls);
+}
+
+PyDoc_STRVAR(SHA256Type_digest__doc__,
+"digest($self, /)\n"
+"--\n"
+"\n"
+"Return the digest value as a bytes object.");
+
+#define SHA256TYPE_DIGEST_METHODDEF    \
+    {"digest", (PyCFunction)SHA256Type_digest, METH_NOARGS, SHA256Type_digest__doc__},
+
+static PyObject *
+SHA256Type_digest_impl(SHA256object *self);
+
+static PyObject *
+SHA256Type_digest(SHA256object *self, PyObject *Py_UNUSED(ignored))
+{
+    return SHA256Type_digest_impl(self);
+}
+
+PyDoc_STRVAR(SHA512Type_digest__doc__,
+"digest($self, /)\n"
+"--\n"
+"\n"
+"Return the digest value as a bytes object.");
+
+#define SHA512TYPE_DIGEST_METHODDEF    \
+    {"digest", (PyCFunction)SHA512Type_digest, METH_NOARGS, SHA512Type_digest__doc__},
+
+static PyObject *
+SHA512Type_digest_impl(SHA512object *self);
+
+static PyObject *
+SHA512Type_digest(SHA512object *self, PyObject *Py_UNUSED(ignored))
+{
+    return SHA512Type_digest_impl(self);
+}
+
+PyDoc_STRVAR(SHA256Type_hexdigest__doc__,
+"hexdigest($self, /)\n"
+"--\n"
+"\n"
+"Return the digest value as a string of hexadecimal digits.");
+
+#define SHA256TYPE_HEXDIGEST_METHODDEF    \
+    {"hexdigest", (PyCFunction)SHA256Type_hexdigest, METH_NOARGS, SHA256Type_hexdigest__doc__},
+
+static PyObject *
+SHA256Type_hexdigest_impl(SHA256object *self);
+
+static PyObject *
+SHA256Type_hexdigest(SHA256object *self, PyObject *Py_UNUSED(ignored))
+{
+    return SHA256Type_hexdigest_impl(self);
+}
+
+PyDoc_STRVAR(SHA512Type_hexdigest__doc__,
+"hexdigest($self, /)\n"
+"--\n"
+"\n"
+"Return the digest value as a string of hexadecimal digits.");
+
+#define SHA512TYPE_HEXDIGEST_METHODDEF    \
+    {"hexdigest", (PyCFunction)SHA512Type_hexdigest, METH_NOARGS, SHA512Type_hexdigest__doc__},
+
+static PyObject *
+SHA512Type_hexdigest_impl(SHA512object *self);
+
+static PyObject *
+SHA512Type_hexdigest(SHA512object *self, PyObject *Py_UNUSED(ignored))
+{
+    return SHA512Type_hexdigest_impl(self);
+}
+
+PyDoc_STRVAR(SHA256Type_update__doc__,
+"update($self, obj, /)\n"
+"--\n"
+"\n"
+"Update this hash object\'s state with the provided string.");
+
+#define SHA256TYPE_UPDATE_METHODDEF    \
+    {"update", (PyCFunction)SHA256Type_update, METH_O, SHA256Type_update__doc__},
+
+PyDoc_STRVAR(SHA512Type_update__doc__,
+"update($self, obj, /)\n"
+"--\n"
+"\n"
+"Update this hash object\'s state with the provided string.");
+
+#define SHA512TYPE_UPDATE_METHODDEF    \
+    {"update", (PyCFunction)SHA512Type_update, METH_O, SHA512Type_update__doc__},
+
+PyDoc_STRVAR(_sha2_sha256__doc__,
+"sha256($module, /, string=b\'\', *, usedforsecurity=True)\n"
+"--\n"
+"\n"
+"Return a new SHA-256 hash object; optionally initialized with a string.");
+
+#define _SHA2_SHA256_METHODDEF    \
+    {"sha256", _PyCFunction_CAST(_sha2_sha256), METH_FASTCALL|METH_KEYWORDS, _sha2_sha256__doc__},
+
+static PyObject *
+_sha2_sha256_impl(PyObject *module, PyObject *string, int usedforsecurity);
+
+static PyObject *
+_sha2_sha256(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
+{
+    PyObject *return_value = NULL;
+    #if defined(Py_BUILD_CORE) && !defined(Py_BUILD_CORE_MODULE)
+
+    #define NUM_KEYWORDS 2
+    static struct {
+        PyGC_Head _this_is_not_used;
+        PyObject_VAR_HEAD
+        PyObject *ob_item[NUM_KEYWORDS];
+    } _kwtuple = {
+        .ob_base = PyVarObject_HEAD_INIT(&PyTuple_Type, NUM_KEYWORDS)
+        .ob_item = { &_Py_ID(string), &_Py_ID(usedforsecurity), },
+    };
+    #undef NUM_KEYWORDS
+    #define KWTUPLE (&_kwtuple.ob_base.ob_base)
+
+    #else  // !Py_BUILD_CORE
+    #  define KWTUPLE NULL
+    #endif  // !Py_BUILD_CORE
+
+    static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
+    static _PyArg_Parser _parser = {
+        .keywords = _keywords,
+        .fname = "sha256",
+        .kwtuple = KWTUPLE,
+    };
+    #undef KWTUPLE
+    PyObject *argsbuf[2];
+    Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
+    PyObject *string = NULL;
+    int usedforsecurity = 1;
+
+    args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
+    if (!args) {
+        goto exit;
+    }
+    if (!noptargs) {
+        goto skip_optional_pos;
+    }
+    if (args[0]) {
+        string = args[0];
+        if (!--noptargs) {
+            goto skip_optional_pos;
+        }
+    }
+skip_optional_pos:
+    if (!noptargs) {
+        goto skip_optional_kwonly;
+    }
+    usedforsecurity = PyObject_IsTrue(args[1]);
+    if (usedforsecurity < 0) {
+        goto exit;
+    }
+skip_optional_kwonly:
+    return_value = _sha2_sha256_impl(module, string, usedforsecurity);
+
+exit:
+    return return_value;
+}
+
+PyDoc_STRVAR(_sha2_sha224__doc__,
+"sha224($module, /, string=b\'\', *, usedforsecurity=True)\n"
+"--\n"
+"\n"
+"Return a new SHA-224 hash object; optionally initialized with a string.");
+
+#define _SHA2_SHA224_METHODDEF    \
+    {"sha224", _PyCFunction_CAST(_sha2_sha224), METH_FASTCALL|METH_KEYWORDS, _sha2_sha224__doc__},
+
+static PyObject *
+_sha2_sha224_impl(PyObject *module, PyObject *string, int usedforsecurity);
+
+static PyObject *
+_sha2_sha224(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
+{
+    PyObject *return_value = NULL;
+    #if defined(Py_BUILD_CORE) && !defined(Py_BUILD_CORE_MODULE)
+
+    #define NUM_KEYWORDS 2
+    static struct {
+        PyGC_Head _this_is_not_used;
+        PyObject_VAR_HEAD
+        PyObject *ob_item[NUM_KEYWORDS];
+    } _kwtuple = {
+        .ob_base = PyVarObject_HEAD_INIT(&PyTuple_Type, NUM_KEYWORDS)
+        .ob_item = { &_Py_ID(string), &_Py_ID(usedforsecurity), },
+    };
+    #undef NUM_KEYWORDS
+    #define KWTUPLE (&_kwtuple.ob_base.ob_base)
+
+    #else  // !Py_BUILD_CORE
+    #  define KWTUPLE NULL
+    #endif  // !Py_BUILD_CORE
+
+    static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
+    static _PyArg_Parser _parser = {
+        .keywords = _keywords,
+        .fname = "sha224",
+        .kwtuple = KWTUPLE,
+    };
+    #undef KWTUPLE
+    PyObject *argsbuf[2];
+    Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
+    PyObject *string = NULL;
+    int usedforsecurity = 1;
+
+    args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
+    if (!args) {
+        goto exit;
+    }
+    if (!noptargs) {
+        goto skip_optional_pos;
+    }
+    if (args[0]) {
+        string = args[0];
+        if (!--noptargs) {
+            goto skip_optional_pos;
+        }
+    }
+skip_optional_pos:
+    if (!noptargs) {
+        goto skip_optional_kwonly;
+    }
+    usedforsecurity = PyObject_IsTrue(args[1]);
+    if (usedforsecurity < 0) {
+        goto exit;
+    }
+skip_optional_kwonly:
+    return_value = _sha2_sha224_impl(module, string, usedforsecurity);
+
+exit:
+    return return_value;
+}
+
+PyDoc_STRVAR(_sha2_sha512__doc__,
+"sha512($module, /, string=b\'\', *, usedforsecurity=True)\n"
+"--\n"
+"\n"
+"Return a new SHA-512 hash object; optionally initialized with a string.");
+
+#define _SHA2_SHA512_METHODDEF    \
+    {"sha512", _PyCFunction_CAST(_sha2_sha512), METH_FASTCALL|METH_KEYWORDS, _sha2_sha512__doc__},
+
+static PyObject *
+_sha2_sha512_impl(PyObject *module, PyObject *string, int usedforsecurity);
+
+static PyObject *
+_sha2_sha512(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
+{
+    PyObject *return_value = NULL;
+    #if defined(Py_BUILD_CORE) && !defined(Py_BUILD_CORE_MODULE)
+
+    #define NUM_KEYWORDS 2
+    static struct {
+        PyGC_Head _this_is_not_used;
+        PyObject_VAR_HEAD
+        PyObject *ob_item[NUM_KEYWORDS];
+    } _kwtuple = {
+        .ob_base = PyVarObject_HEAD_INIT(&PyTuple_Type, NUM_KEYWORDS)
+        .ob_item = { &_Py_ID(string), &_Py_ID(usedforsecurity), },
+    };
+    #undef NUM_KEYWORDS
+    #define KWTUPLE (&_kwtuple.ob_base.ob_base)
+
+    #else  // !Py_BUILD_CORE
+    #  define KWTUPLE NULL
+    #endif  // !Py_BUILD_CORE
+
+    static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
+    static _PyArg_Parser _parser = {
+        .keywords = _keywords,
+        .fname = "sha512",
+        .kwtuple = KWTUPLE,
+    };
+    #undef KWTUPLE
+    PyObject *argsbuf[2];
+    Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
+    PyObject *string = NULL;
+    int usedforsecurity = 1;
+
+    args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
+    if (!args) {
+        goto exit;
+    }
+    if (!noptargs) {
+        goto skip_optional_pos;
+    }
+    if (args[0]) {
+        string = args[0];
+        if (!--noptargs) {
+            goto skip_optional_pos;
+        }
+    }
+skip_optional_pos:
+    if (!noptargs) {
+        goto skip_optional_kwonly;
+    }
+    usedforsecurity = PyObject_IsTrue(args[1]);
+    if (usedforsecurity < 0) {
+        goto exit;
+    }
+skip_optional_kwonly:
+    return_value = _sha2_sha512_impl(module, string, usedforsecurity);
+
+exit:
+    return return_value;
+}
+
+PyDoc_STRVAR(_sha2_sha384__doc__,
+"sha384($module, /, string=b\'\', *, usedforsecurity=True)\n"
+"--\n"
+"\n"
+"Return a new SHA-384 hash object; optionally initialized with a string.");
+
+#define _SHA2_SHA384_METHODDEF    \
+    {"sha384", _PyCFunction_CAST(_sha2_sha384), METH_FASTCALL|METH_KEYWORDS, _sha2_sha384__doc__},
+
+static PyObject *
+_sha2_sha384_impl(PyObject *module, PyObject *string, int usedforsecurity);
+
+static PyObject *
+_sha2_sha384(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
+{
+    PyObject *return_value = NULL;
+    #if defined(Py_BUILD_CORE) && !defined(Py_BUILD_CORE_MODULE)
+
+    #define NUM_KEYWORDS 2
+    static struct {
+        PyGC_Head _this_is_not_used;
+        PyObject_VAR_HEAD
+        PyObject *ob_item[NUM_KEYWORDS];
+    } _kwtuple = {
+        .ob_base = PyVarObject_HEAD_INIT(&PyTuple_Type, NUM_KEYWORDS)
+        .ob_item = { &_Py_ID(string), &_Py_ID(usedforsecurity), },
+    };
+    #undef NUM_KEYWORDS
+    #define KWTUPLE (&_kwtuple.ob_base.ob_base)
+
+    #else  // !Py_BUILD_CORE
+    #  define KWTUPLE NULL
+    #endif  // !Py_BUILD_CORE
+
+    static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
+    static _PyArg_Parser _parser = {
+        .keywords = _keywords,
+        .fname = "sha384",
+        .kwtuple = KWTUPLE,
+    };
+    #undef KWTUPLE
+    PyObject *argsbuf[2];
+    Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
+    PyObject *string = NULL;
+    int usedforsecurity = 1;
+
+    args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
+    if (!args) {
+        goto exit;
+    }
+    if (!noptargs) {
+        goto skip_optional_pos;
+    }
+    if (args[0]) {
+        string = args[0];
+        if (!--noptargs) {
+            goto skip_optional_pos;
+        }
+    }
+skip_optional_pos:
+    if (!noptargs) {
+        goto skip_optional_kwonly;
+    }
+    usedforsecurity = PyObject_IsTrue(args[1]);
+    if (usedforsecurity < 0) {
+        goto exit;
+    }
+skip_optional_kwonly:
+    return_value = _sha2_sha384_impl(module, string, usedforsecurity);
+
+exit:
+    return return_value;
+}
+/*[clinic end generated code: output=f81dacb48f3fee72 input=a9049054013a1b77]*/

Modules/clinic/sha512module.c.h

@@ -1,225 +0,0 @@
-/*[clinic input]
-preserve
-[clinic start generated code]*/
-
-#if defined(Py_BUILD_CORE) && !defined(Py_BUILD_CORE_MODULE)
-#  include "pycore_gc.h"            // PyGC_Head
-#  include "pycore_runtime.h"       // _Py_ID()
-#endif
-
-
-PyDoc_STRVAR(SHA512Type_copy__doc__,
-"copy($self, /)\n"
-"--\n"
-"\n"
-"Return a copy of the hash object.");
-
-#define SHA512TYPE_COPY_METHODDEF    \
-    {"copy", _PyCFunction_CAST(SHA512Type_copy), METH_METHOD|METH_FASTCALL|METH_KEYWORDS, SHA512Type_copy__doc__},
-
-static PyObject *
-SHA512Type_copy_impl(SHAobject *self, PyTypeObject *cls);
-
-static PyObject *
-SHA512Type_copy(SHAobject *self, PyTypeObject *cls, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
-{
-    if (nargs) {
-        PyErr_SetString(PyExc_TypeError, "copy() takes no arguments");
-        return NULL;
-    }
-    return SHA512Type_copy_impl(self, cls);
-}
-
-PyDoc_STRVAR(SHA512Type_digest__doc__,
-"digest($self, /)\n"
-"--\n"
-"\n"
-"Return the digest value as a bytes object.");
-
-#define SHA512TYPE_DIGEST_METHODDEF    \
-    {"digest", (PyCFunction)SHA512Type_digest, METH_NOARGS, SHA512Type_digest__doc__},
-
-static PyObject *
-SHA512Type_digest_impl(SHAobject *self);
-
-static PyObject *
-SHA512Type_digest(SHAobject *self, PyObject *Py_UNUSED(ignored))
-{
-    return SHA512Type_digest_impl(self);
-}
-
-PyDoc_STRVAR(SHA512Type_hexdigest__doc__,
-"hexdigest($self, /)\n"
-"--\n"
-"\n"
-"Return the digest value as a string of hexadecimal digits.");
-
-#define SHA512TYPE_HEXDIGEST_METHODDEF    \
-    {"hexdigest", (PyCFunction)SHA512Type_hexdigest, METH_NOARGS, SHA512Type_hexdigest__doc__},
-
-static PyObject *
-SHA512Type_hexdigest_impl(SHAobject *self);
-
-static PyObject *
-SHA512Type_hexdigest(SHAobject *self, PyObject *Py_UNUSED(ignored))
-{
-    return SHA512Type_hexdigest_impl(self);
-}
-
-PyDoc_STRVAR(SHA512Type_update__doc__,
-"update($self, obj, /)\n"
-"--\n"
-"\n"
-"Update this hash object\'s state with the provided string.");
-
-#define SHA512TYPE_UPDATE_METHODDEF    \
-    {"update", (PyCFunction)SHA512Type_update, METH_O, SHA512Type_update__doc__},
-
-PyDoc_STRVAR(_sha512_sha512__doc__,
-"sha512($module, /, string=b\'\', *, usedforsecurity=True)\n"
-"--\n"
-"\n"
-"Return a new SHA-512 hash object; optionally initialized with a string.");
-
-#define _SHA512_SHA512_METHODDEF    \
-    {"sha512", _PyCFunction_CAST(_sha512_sha512), METH_FASTCALL|METH_KEYWORDS, _sha512_sha512__doc__},
-
-static PyObject *
-_sha512_sha512_impl(PyObject *module, PyObject *string, int usedforsecurity);
-
-static PyObject *
-_sha512_sha512(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
-{
-    PyObject *return_value = NULL;
-    #if defined(Py_BUILD_CORE) && !defined(Py_BUILD_CORE_MODULE)
-
-    #define NUM_KEYWORDS 2
-    static struct {
-        PyGC_Head _this_is_not_used;
-        PyObject_VAR_HEAD
-        PyObject *ob_item[NUM_KEYWORDS];
-    } _kwtuple = {
-        .ob_base = PyVarObject_HEAD_INIT(&PyTuple_Type, NUM_KEYWORDS)
-        .ob_item = { &_Py_ID(string), &_Py_ID(usedforsecurity), },
-    };
-    #undef NUM_KEYWORDS
-    #define KWTUPLE (&_kwtuple.ob_base.ob_base)
-
-    #else  // !Py_BUILD_CORE
-    #  define KWTUPLE NULL
-    #endif  // !Py_BUILD_CORE
-
-    static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
-    static _PyArg_Parser _parser = {
-        .keywords = _keywords,
-        .fname = "sha512",
-        .kwtuple = KWTUPLE,
-    };
-    #undef KWTUPLE
-    PyObject *argsbuf[2];
-    Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
-    PyObject *string = NULL;
-    int usedforsecurity = 1;
-
-    args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
-    if (!args) {
-        goto exit;
-    }
-    if (!noptargs) {
-        goto skip_optional_pos;
-    }
-    if (args[0]) {
-        string = args[0];
-        if (!--noptargs) {
-            goto skip_optional_pos;
-        }
-    }
-skip_optional_pos:
-    if (!noptargs) {
-        goto skip_optional_kwonly;
-    }
-    usedforsecurity = PyObject_IsTrue(args[1]);
-    if (usedforsecurity < 0) {
-        goto exit;
-    }
-skip_optional_kwonly:
-    return_value = _sha512_sha512_impl(module, string, usedforsecurity);
-
-exit:
-    return return_value;
-}
-
-PyDoc_STRVAR(_sha512_sha384__doc__,
-"sha384($module, /, string=b\'\', *, usedforsecurity=True)\n"
-"--\n"
-"\n"
-"Return a new SHA-384 hash object; optionally initialized with a string.");
-
-#define _SHA512_SHA384_METHODDEF    \
-    {"sha384", _PyCFunction_CAST(_sha512_sha384), METH_FASTCALL|METH_KEYWORDS, _sha512_sha384__doc__},
-
-static PyObject *
-_sha512_sha384_impl(PyObject *module, PyObject *string, int usedforsecurity);
-
-static PyObject *
-_sha512_sha384(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
-{
-    PyObject *return_value = NULL;
-    #if defined(Py_BUILD_CORE) && !defined(Py_BUILD_CORE_MODULE)
-
-    #define NUM_KEYWORDS 2
-    static struct {
-        PyGC_Head _this_is_not_used;
-        PyObject_VAR_HEAD
-        PyObject *ob_item[NUM_KEYWORDS];
-    } _kwtuple = {
-        .ob_base = PyVarObject_HEAD_INIT(&PyTuple_Type, NUM_KEYWORDS)
-        .ob_item = { &_Py_ID(string), &_Py_ID(usedforsecurity), },
-    };
-    #undef NUM_KEYWORDS
-    #define KWTUPLE (&_kwtuple.ob_base.ob_base)
-
-    #else  // !Py_BUILD_CORE
-    #  define KWTUPLE NULL
-    #endif  // !Py_BUILD_CORE
-
-    static const char * const _keywords[] = {"string", "usedforsecurity", NULL};
-    static _PyArg_Parser _parser = {
-        .keywords = _keywords,
-        .fname = "sha384",
-        .kwtuple = KWTUPLE,
-    };
-    #undef KWTUPLE
-    PyObject *argsbuf[2];
-    Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 0;
-    PyObject *string = NULL;
-    int usedforsecurity = 1;
-
-    args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 0, 1, 0, argsbuf);
-    if (!args) {
-        goto exit;
-    }
-    if (!noptargs) {
-        goto skip_optional_pos;
-    }
-    if (args[0]) {
-        string = args[0];
-        if (!--noptargs) {
-            goto skip_optional_pos;
-        }
-    }
-skip_optional_pos:
-    if (!noptargs) {
-        goto skip_optional_kwonly;
-    }
-    usedforsecurity = PyObject_IsTrue(args[1]);
-    if (usedforsecurity < 0) {
-        goto exit;
-    }
-skip_optional_kwonly:
-    return_value = _sha512_sha384_impl(module, string, usedforsecurity);
-
-exit:
-    return return_value;
-}
-/*[clinic end generated code: output=dd168f3f21097afe input=a9049054013a1b77]*/

Modules/sha256module.c

@@ -1,465 +0,0 @@
-/* SHA256 module */
-
-/* This module provides an interface to NIST's SHA-256 and SHA-224 Algorithms */
-
-/* See below for information about the original code this module was
-   based upon. Additional work performed by:
-
-   Andrew Kuchling (amk@amk.ca)
-   Greg Stein (gstein@lyra.org)
-   Trevor Perrin (trevp@trevp.net)
-   Jonathan Protzenko (jonathan@protzenko.fr)
-
-   Copyright (C) 2005-2007   Gregory P. Smith (greg@krypto.org)
-   Licensed to PSF under a Contributor Agreement.
-
-*/
-
-/* SHA objects */
-#ifndef Py_BUILD_CORE_BUILTIN
-#  define Py_BUILD_CORE_MODULE 1
-#endif
-
-#include "Python.h"
-#include "pycore_bitutils.h"      // _Py_bswap32()
-#include "pycore_strhex.h"        // _Py_strhex()
-#include "structmember.h"         // PyMemberDef
-#include "hashlib.h"
-
-/*[clinic input]
-module _sha256
-class SHA256Type "SHAobject *" "&PyType_Type"
-[clinic start generated code]*/
-/*[clinic end generated code: output=da39a3ee5e6b4b0d input=71a39174d4f0a744]*/
-
-
-/* The SHA block size and maximum message digest sizes, in bytes */
-
-#define SHA_BLOCKSIZE    64
-#define SHA_DIGESTSIZE   32
-
-/* The SHA2-224 and SHA2-256 implementations defer to the HACL* verified
- * library. */
-
-#include "_hacl/Hacl_Streaming_SHA2.h"
-
-typedef struct {
-  PyObject_HEAD
-  // Even though one could conceivably perform run-type checks to tell apart a
-  // sha224_type from a sha256_type (and thus deduce the digest size), we must
-  // keep this field because it's exposed as a member field on the underlying
-  // python object.
-  // TODO: could we transform this into a getter and get rid of the redundant
-  // field?
-  int digestsize;
-  Hacl_Streaming_SHA2_state_sha2_256 *state;
-} SHAobject;
-
-#include "clinic/sha256module.c.h"
-
-/* We shall use run-time type information in the remainder of this module to
- * tell apart SHA2-224 and SHA2-256 */
-typedef struct {
-    PyTypeObject* sha224_type;
-    PyTypeObject* sha256_type;
-} _sha256_state;
-
-static inline _sha256_state*
-_sha256_get_state(PyObject *module)
-{
-    void *state = PyModule_GetState(module);
-    assert(state != NULL);
-    return (_sha256_state *)state;
-}
-
-static void SHAcopy(SHAobject *src, SHAobject *dest)
-{
-    dest->digestsize = src->digestsize;
-    dest->state = Hacl_Streaming_SHA2_copy_256(src->state);
-}
-
-static SHAobject *
-newSHA224object(_sha256_state *state)
-{
-    SHAobject *sha = (SHAobject *)PyObject_GC_New(SHAobject,
-                                                  state->sha224_type);
-    PyObject_GC_Track(sha);
-    return sha;
-}
-
-static SHAobject *
-newSHA256object(_sha256_state *state)
-{
-    SHAobject *sha = (SHAobject *)PyObject_GC_New(SHAobject,
-                                                  state->sha256_type);
-    PyObject_GC_Track(sha);
-    return sha;
-}
-
-/* Internal methods for a hash object */
-static int
-SHA_traverse(PyObject *ptr, visitproc visit, void *arg)
-{
-    Py_VISIT(Py_TYPE(ptr));
-    return 0;
-}
-
-static void
-SHA_dealloc(SHAobject *ptr)
-{
-    Hacl_Streaming_SHA2_free_256(ptr->state);
-    PyTypeObject *tp = Py_TYPE(ptr);
-    PyObject_GC_UnTrack(ptr);
-    PyObject_GC_Del(ptr);
-    Py_DECREF(tp);
-}
-
-/* HACL* takes a uint32_t for the length of its parameter, but Py_ssize_t can be
- * 64 bits. */
-static void update_256(Hacl_Streaming_SHA2_state_sha2_256 *state, uint8_t *buf, Py_ssize_t len) {
-  /* Note: we explicitly ignore the error code on the basis that it would take >
-   * 1 billion years to overflow the maximum admissible length for SHA2-256
-   * (namely, 2^61-1 bytes). */
-  while (len > UINT32_MAX) {
-    Hacl_Streaming_SHA2_update_256(state, buf, UINT32_MAX);
-    len -= UINT32_MAX;
-    buf += UINT32_MAX;
-  }
-  /* Cast to uint32_t is safe: upon exiting the loop, len <= UINT32_MAX, and
-   * therefore fits in a uint32_t */
-  Hacl_Streaming_SHA2_update_256(state, buf, (uint32_t) len);
-}
-
-
-/* External methods for a hash object */
-
-/*[clinic input]
-SHA256Type.copy
-
-    cls:defining_class
-
-Return a copy of the hash object.
-[clinic start generated code]*/
-
-static PyObject *
-SHA256Type_copy_impl(SHAobject *self, PyTypeObject *cls)
-/*[clinic end generated code: output=9273f92c382be12f input=3137146fcb88e212]*/
-{
-    SHAobject *newobj;
-    _sha256_state *state = PyType_GetModuleState(cls);
-    if (Py_IS_TYPE(self, state->sha256_type)) {
-        if ( (newobj = newSHA256object(state)) == NULL) {
-            return NULL;
-        }
-    } else {
-        if ( (newobj = newSHA224object(state))==NULL) {
-            return NULL;
-        }
-    }
-
-    SHAcopy(self, newobj);
-    return (PyObject *)newobj;
-}
-
-/*[clinic input]
-SHA256Type.digest
-
-Return the digest value as a bytes object.
-[clinic start generated code]*/
-
-static PyObject *
-SHA256Type_digest_impl(SHAobject *self)
-/*[clinic end generated code: output=46616a5e909fbc3d input=f1f4cfea5cbde35c]*/
-{
-    uint8_t digest[SHA_DIGESTSIZE];
-    // HACL performs copies under the hood so that self->state remains valid
-    // after this call.
-    Hacl_Streaming_SHA2_finish_256(self->state, digest);
-    return PyBytes_FromStringAndSize((const char *)digest, self->digestsize);
-}
-
-/*[clinic input]
-SHA256Type.hexdigest
-
-Return the digest value as a string of hexadecimal digits.
-[clinic start generated code]*/
-
-static PyObject *
-SHA256Type_hexdigest_impl(SHAobject *self)
-/*[clinic end generated code: output=725f8a7041ae97f3 input=0cc4c714693010d1]*/
-{
-    uint8_t digest[SHA_DIGESTSIZE];
-    Hacl_Streaming_SHA2_finish_256(self->state, digest);
-    return _Py_strhex((const char *)digest, self->digestsize);
-}
-
-/*[clinic input]
-SHA256Type.update
-
-    obj: object
-    /
-
-Update this hash object's state with the provided string.
-[clinic start generated code]*/
-
-static PyObject *
-SHA256Type_update(SHAobject *self, PyObject *obj)
-/*[clinic end generated code: output=0967fb2860c66af7 input=b2d449d5b30f0f5a]*/
-{
-    Py_buffer buf;
-
-    GET_BUFFER_VIEW_OR_ERROUT(obj, &buf);
-
-    update_256(self->state, buf.buf, buf.len);
-
-    PyBuffer_Release(&buf);
-    Py_RETURN_NONE;
-}
-
-static PyMethodDef SHA_methods[] = {
-    SHA256TYPE_COPY_METHODDEF
-    SHA256TYPE_DIGEST_METHODDEF
-    SHA256TYPE_HEXDIGEST_METHODDEF
-    SHA256TYPE_UPDATE_METHODDEF
-    {NULL,        NULL}         /* sentinel */
-};
-
-static PyObject *
-SHA256_get_block_size(PyObject *self, void *closure)
-{
-    return PyLong_FromLong(SHA_BLOCKSIZE);
-}
-
-static PyObject *
-SHA256_get_name(SHAobject *self, void *closure)
-{
-    if (self->digestsize == 28) {
-        return PyUnicode_FromStringAndSize("sha224", 6);
-    }
-    return PyUnicode_FromStringAndSize("sha256", 6);
-}
-
-static PyGetSetDef SHA_getseters[] = {
-    {"block_size",
-     (getter)SHA256_get_block_size, NULL,
-     NULL,
-     NULL},
-    {"name",
-     (getter)SHA256_get_name, NULL,
-     NULL,
-     NULL},
-    {NULL}  /* Sentinel */
-};
-
-static PyMemberDef SHA_members[] = {
-    {"digest_size", T_INT, offsetof(SHAobject, digestsize), READONLY, NULL},
-    {NULL}  /* Sentinel */
-};
-
-static PyType_Slot sha256_types_slots[] = {
-    {Py_tp_dealloc, SHA_dealloc},
-    {Py_tp_methods, SHA_methods},
-    {Py_tp_members, SHA_members},
-    {Py_tp_getset, SHA_getseters},
-    {Py_tp_traverse, SHA_traverse},
-    {0,0}
-};
-
-static PyType_Spec sha224_type_spec = {
-    .name = "_sha256.sha224",
-    .basicsize = sizeof(SHAobject),
-    .flags = (Py_TPFLAGS_DEFAULT | Py_TPFLAGS_DISALLOW_INSTANTIATION |
-              Py_TPFLAGS_IMMUTABLETYPE | Py_TPFLAGS_HAVE_GC),
-    .slots = sha256_types_slots
-};
-
-static PyType_Spec sha256_type_spec = {
-    .name = "_sha256.sha256",
-    .basicsize = sizeof(SHAobject),
-    .flags = (Py_TPFLAGS_DEFAULT | Py_TPFLAGS_DISALLOW_INSTANTIATION |
-              Py_TPFLAGS_IMMUTABLETYPE | Py_TPFLAGS_HAVE_GC),
-    .slots = sha256_types_slots
-};
-
-/* The single module-level function: new() */
-
-/*[clinic input]
-_sha256.sha256
-
-    string: object(c_default="NULL") = b''
-    *
-    usedforsecurity: bool = True
-
-Return a new SHA-256 hash object; optionally initialized with a string.
-[clinic start generated code]*/
-
-static PyObject *
-_sha256_sha256_impl(PyObject *module, PyObject *string, int usedforsecurity)
-/*[clinic end generated code: output=a1de327e8e1185cf input=9be86301aeb14ea5]*/
-{
-    Py_buffer buf;
-
-    if (string) {
-        GET_BUFFER_VIEW_OR_ERROUT(string, &buf);
-    }
-
-    _sha256_state *state = PyModule_GetState(module);
-
-    SHAobject *new;
-    if ((new = newSHA256object(state)) == NULL) {
-        if (string) {
-            PyBuffer_Release(&buf);
-        }
-        return NULL;
-    }
-
-    new->state = Hacl_Streaming_SHA2_create_in_256();
-    new->digestsize = 32;
-
-    if (PyErr_Occurred()) {
-        Py_DECREF(new);
-        if (string) {
-            PyBuffer_Release(&buf);
-        }
-        return NULL;
-    }
-    if (string) {
-        update_256(new->state, buf.buf, buf.len);
-        PyBuffer_Release(&buf);
-    }
-
-    return (PyObject *)new;
-}
-
-/*[clinic input]
-_sha256.sha224
-
-    string: object(c_default="NULL") = b''
-    *
-    usedforsecurity: bool = True
-
-Return a new SHA-224 hash object; optionally initialized with a string.
-[clinic start generated code]*/
-
-static PyObject *
-_sha256_sha224_impl(PyObject *module, PyObject *string, int usedforsecurity)
-/*[clinic end generated code: output=08be6b36569bc69c input=9fcfb46e460860ac]*/
-{
-    Py_buffer buf;
-    if (string) {
-        GET_BUFFER_VIEW_OR_ERROUT(string, &buf);
-    }
-
-    _sha256_state *state = PyModule_GetState(module);
-    SHAobject *new;
-    if ((new = newSHA224object(state)) == NULL) {
-        if (string) {
-            PyBuffer_Release(&buf);
-        }
-        return NULL;
-    }
-
-    new->state = Hacl_Streaming_SHA2_create_in_224();
-    new->digestsize = 28;
-
-    if (PyErr_Occurred()) {
-        Py_DECREF(new);
-        if (string) {
-            PyBuffer_Release(&buf);
-        }
-        return NULL;
-    }
-    if (string) {
-        update_256(new->state, buf.buf, buf.len);
-        PyBuffer_Release(&buf);
-    }
-
-    return (PyObject *)new;
-}
-
-
-/* List of functions exported by this module */
-
-static struct PyMethodDef SHA_functions[] = {
-    _SHA256_SHA256_METHODDEF
-    _SHA256_SHA224_METHODDEF
-    {NULL,      NULL}            /* Sentinel */
-};
-
-static int
-_sha256_traverse(PyObject *module, visitproc visit, void *arg)
-{
-    _sha256_state *state = _sha256_get_state(module);
-    Py_VISIT(state->sha224_type);
-    Py_VISIT(state->sha256_type);
-    return 0;
-}
-
-static int
-_sha256_clear(PyObject *module)
-{
-    _sha256_state *state = _sha256_get_state(module);
-    Py_CLEAR(state->sha224_type);
-    Py_CLEAR(state->sha256_type);
-    return 0;
-}
-
-static void
-_sha256_free(void *module)
-{
-    _sha256_clear((PyObject *)module);
-}
-
-static int sha256_exec(PyObject *module)
-{
-    _sha256_state *state = _sha256_get_state(module);
-
-    state->sha224_type = (PyTypeObject *)PyType_FromModuleAndSpec(
-        module, &sha224_type_spec, NULL);
-
-    if (state->sha224_type == NULL) {
-        return -1;
-    }
-
-    state->sha256_type = (PyTypeObject *)PyType_FromModuleAndSpec(
-        module, &sha256_type_spec, NULL);
-
-    if (state->sha256_type == NULL) {
-        return -1;
-    }
-
-    Py_INCREF((PyObject *)state->sha224_type);
-    if (PyModule_AddObject(module, "SHA224Type", (PyObject *)state->sha224_type) < 0) {
-        Py_DECREF((PyObject *)state->sha224_type);
-        return -1;
-    }
-    Py_INCREF((PyObject *)state->sha256_type);
-    if (PyModule_AddObject(module, "SHA256Type", (PyObject *)state->sha256_type) < 0) {
-        Py_DECREF((PyObject *)state->sha256_type);
-        return -1;
-    }
-    return 0;
-}
-
-static PyModuleDef_Slot _sha256_slots[] = {
-    {Py_mod_exec, sha256_exec},
-    {0, NULL}
-};
-
-static struct PyModuleDef _sha256module = {
-    PyModuleDef_HEAD_INIT,
-    .m_name = "_sha256",
-    .m_size = sizeof(_sha256_state),
-    .m_methods = SHA_functions,
-    .m_slots = _sha256_slots,
-    .m_traverse = _sha256_traverse,
-    .m_clear = _sha256_clear,
-    .m_free = _sha256_free
-};
-
-/* Initialize this module. */
-PyMODINIT_FUNC
-PyInit__sha256(void)
-{
-    return PyModuleDef_Init(&_sha256module);
-}

Modules/sha2module.c

@@ -0,0 +1,805 @@
+/* SHA2 module */
+
+/* This provides an interface to NIST's SHA2 224, 256, 384, & 512 Algorithms */
+
+/* See below for information about the original code this module was
+   based upon. Additional work performed by:
+
+   Andrew Kuchling (amk@amk.ca)
+   Greg Stein (gstein@lyra.org)
+   Trevor Perrin (trevp@trevp.net)
+   Jonathan Protzenko (jonathan@protzenko.fr)
+
+   Copyright (C) 2005-2007   Gregory P. Smith (greg@krypto.org)
+   Licensed to PSF under a Contributor Agreement.
+
+*/
+
+/* SHA objects */
+#ifndef Py_BUILD_CORE_BUILTIN
+#  define Py_BUILD_CORE_MODULE 1
+#endif
+
+#include "Python.h"
+#include "pycore_bitutils.h"      // _Py_bswap32()
+#include "pycore_moduleobject.h"  // _PyModule_GetState()
+#include "pycore_strhex.h"        // _Py_strhex()
+#include "structmember.h"         // PyMemberDef
+#include "hashlib.h"
+
+/*[clinic input]
+module _sha2
+class SHA256Type "SHA256object *" "&PyType_Type"
+class SHA512Type "SHA512object *" "&PyType_Type"
+[clinic start generated code]*/
+/*[clinic end generated code: output=da39a3ee5e6b4b0d input=b5315a7b611c9afc]*/
+
+
+/* The SHA block sizes and maximum message digest sizes, in bytes */
+
+#define SHA256_BLOCKSIZE   64
+#define SHA256_DIGESTSIZE  32
+#define SHA512_BLOCKSIZE   128
+#define SHA512_DIGESTSIZE  64
+
+/* Our SHA2 implementations defer to the HACL* verified library. */
+
+#include "_hacl/Hacl_Streaming_SHA2.h"
+
+// TODO: Get rid of int digestsize in favor of Hacl state info?
+
+typedef struct {
+    PyObject_HEAD
+    int digestsize;
+    Hacl_Streaming_SHA2_state_sha2_256 *state;
+} SHA256object;
+
+typedef struct {
+    PyObject_HEAD
+    int digestsize;
+    Hacl_Streaming_SHA2_state_sha2_512 *state;
+} SHA512object;
+
+#include "clinic/sha2module.c.h"
+
+/* We shall use run-time type information in the remainder of this module to
+ * tell apart SHA2-224 and SHA2-256 */
+typedef struct {
+    PyTypeObject* sha224_type;
+    PyTypeObject* sha256_type;
+    PyTypeObject* sha384_type;
+    PyTypeObject* sha512_type;
+} sha2_state;
+
+static inline sha2_state*
+sha2_get_state(PyObject *module)
+{
+    void *state = _PyModule_GetState(module);
+    assert(state != NULL);
+    return (sha2_state *)state;
+}
+
+static void SHA256copy(SHA256object *src, SHA256object *dest)
+{
+    dest->digestsize = src->digestsize;
+    dest->state = Hacl_Streaming_SHA2_copy_256(src->state);
+}
+
+static void SHA512copy(SHA512object *src, SHA512object *dest)
+{
+    dest->digestsize = src->digestsize;
+    dest->state = Hacl_Streaming_SHA2_copy_512(src->state);
+}
+
+static SHA256object *
+newSHA224object(sha2_state *state)
+{
+    SHA256object *sha = (SHA256object *)PyObject_GC_New(
+        SHA256object, state->sha224_type);
+    if (!sha) {
+        return NULL;
+    }
+    PyObject_GC_Track(sha);
+    return sha;
+}
+
+static SHA256object *
+newSHA256object(sha2_state *state)
+{
+    SHA256object *sha = (SHA256object *)PyObject_GC_New(
+        SHA256object, state->sha256_type);
+    if (!sha) {
+        return NULL;
+    }
+    PyObject_GC_Track(sha);
+    return sha;
+}
+
+static SHA512object *
+newSHA384object(sha2_state *state)
+{
+    SHA512object *sha = (SHA512object *)PyObject_GC_New(
+        SHA512object, state->sha384_type);
+    if (!sha) {
+        return NULL;
+    }
+    PyObject_GC_Track(sha);
+    return sha;
+}
+
+static SHA512object *
+newSHA512object(sha2_state *state)
+{
+    SHA512object *sha = (SHA512object *)PyObject_GC_New(
+        SHA512object, state->sha512_type);
+    if (!sha) {
+        return NULL;
+    }
+    PyObject_GC_Track(sha);
+    return sha;
+}
+
+/* Internal methods for our hash objects. */
+
+static int
+SHA2_traverse(PyObject *ptr, visitproc visit, void *arg)
+{
+    Py_VISIT(Py_TYPE(ptr));
+    return 0;
+}
+
+static void
+SHA256_dealloc(SHA256object *ptr)
+{
+    Hacl_Streaming_SHA2_free_256(ptr->state);
+    PyTypeObject *tp = Py_TYPE(ptr);
+    PyObject_GC_UnTrack(ptr);
+    PyObject_GC_Del(ptr);
+    Py_DECREF(tp);
+}
+
+static void
+SHA512_dealloc(SHA512object *ptr)
+{
+    Hacl_Streaming_SHA2_free_512(ptr->state);
+    PyTypeObject *tp = Py_TYPE(ptr);
+    PyObject_GC_UnTrack(ptr);
+    PyObject_GC_Del(ptr);
+    Py_DECREF(tp);
+}
+
+/* HACL* takes a uint32_t for the length of its parameter, but Py_ssize_t can be
+ * 64 bits so we loop in <4gig chunks when needed. */
+
+static void update_256(Hacl_Streaming_SHA2_state_sha2_256 *state, uint8_t *buf, Py_ssize_t len) {
+  /* Note: we explicitly ignore the error code on the basis that it would take >
+   * 1 billion years to overflow the maximum admissible length for SHA2-256
+   * (namely, 2^61-1 bytes). */
+#if PY_SSIZE_T_MAX > UINT32_MAX
+  while (len > UINT32_MAX) {
+    Hacl_Streaming_SHA2_update_256(state, buf, UINT32_MAX);
+    len -= UINT32_MAX;
+    buf += UINT32_MAX;
+  }
+#endif
+  /* Cast to uint32_t is safe: len <= UINT32_MAX at this point. */
+  Hacl_Streaming_SHA2_update_256(state, buf, (uint32_t) len);
+}
+
+static void update_512(Hacl_Streaming_SHA2_state_sha2_512 *state, uint8_t *buf, Py_ssize_t len) {
+  /* Note: we explicitly ignore the error code on the basis that it would take >
+   * 1 billion years to overflow the maximum admissible length for this API
+   * (namely, 2^64-1 bytes). */
+#if PY_SSIZE_T_MAX > UINT32_MAX
+  while (len > UINT32_MAX) {
+    Hacl_Streaming_SHA2_update_512(state, buf, UINT32_MAX);
+    len -= UINT32_MAX;
+    buf += UINT32_MAX;
+  }
+#endif
+  /* Cast to uint32_t is safe: len <= UINT32_MAX at this point. */
+  Hacl_Streaming_SHA2_update_512(state, buf, (uint32_t) len);
+}
+
+
+/* External methods for our hash objects */
+
+/*[clinic input]
+SHA256Type.copy
+
+    cls:defining_class
+
+Return a copy of the hash object.
+[clinic start generated code]*/
+
+static PyObject *
+SHA256Type_copy_impl(SHA256object *self, PyTypeObject *cls)
+/*[clinic end generated code: output=fabd515577805cd3 input=3137146fcb88e212]*/
+{
+    SHA256object *newobj;
+    sha2_state *state = PyType_GetModuleState(cls);
+    if (Py_IS_TYPE(self, state->sha256_type)) {
+        if ((newobj = newSHA256object(state)) == NULL) {
+            return NULL;
+        }
+    } else {
+        if ((newobj = newSHA224object(state)) == NULL) {
+            return NULL;
+        }
+    }
+
+    SHA256copy(self, newobj);
+    return (PyObject *)newobj;
+}
+
+/*[clinic input]
+SHA512Type.copy
+
+    cls: defining_class
+
+Return a copy of the hash object.
+[clinic start generated code]*/
+
+static PyObject *
+SHA512Type_copy_impl(SHA512object *self, PyTypeObject *cls)
+/*[clinic end generated code: output=66d2a8ef20de8302 input=f673a18f66527c90]*/
+{
+    SHA512object *newobj;
+    sha2_state *state = PyType_GetModuleState(cls);
+
+    if (Py_IS_TYPE((PyObject*)self, state->sha512_type)) {
+        if ((newobj = newSHA512object(state)) == NULL) {
+            return NULL;
+        }
+    }
+    else {
+        if ((newobj = newSHA384object(state)) == NULL) {
+            return NULL;
+        }
+    }
+
+    SHA512copy(self, newobj);
+    return (PyObject *)newobj;
+}
+
+/*[clinic input]
+SHA256Type.digest
+
+Return the digest value as a bytes object.
+[clinic start generated code]*/
+
+static PyObject *
+SHA256Type_digest_impl(SHA256object *self)
+/*[clinic end generated code: output=3a2e3997a98ee792 input=f1f4cfea5cbde35c]*/
+{
+    uint8_t digest[SHA256_DIGESTSIZE];
+    assert(self->digestsize <= SHA256_DIGESTSIZE);
+    // HACL* performs copies under the hood so that self->state remains valid
+    // after this call.
+    Hacl_Streaming_SHA2_finish_256(self->state, digest);
+    return PyBytes_FromStringAndSize((const char *)digest, self->digestsize);
+}
+
+/*[clinic input]
+SHA512Type.digest
+
+Return the digest value as a bytes object.
+[clinic start generated code]*/
+
+static PyObject *
+SHA512Type_digest_impl(SHA512object *self)
+/*[clinic end generated code: output=dd8c6320070458e0 input=f6470dd359071f4b]*/
+{
+    uint8_t digest[SHA512_DIGESTSIZE];
+    assert(self->digestsize <= SHA512_DIGESTSIZE);
+    // HACL* performs copies under the hood so that self->state remains valid
+    // after this call.
+    Hacl_Streaming_SHA2_finish_512(self->state, digest);
+    return PyBytes_FromStringAndSize((const char *)digest, self->digestsize);
+}
+
+/*[clinic input]
+SHA256Type.hexdigest
+
+Return the digest value as a string of hexadecimal digits.
+[clinic start generated code]*/
+
+static PyObject *
+SHA256Type_hexdigest_impl(SHA256object *self)
+/*[clinic end generated code: output=96cb68996a780ab3 input=0cc4c714693010d1]*/
+{
+    uint8_t digest[SHA256_DIGESTSIZE];
+    assert(self->digestsize <= SHA256_DIGESTSIZE);
+    Hacl_Streaming_SHA2_finish_256(self->state, digest);
+    return _Py_strhex((const char *)digest, self->digestsize);
+}
+
+/*[clinic input]
+SHA512Type.hexdigest
+
+Return the digest value as a string of hexadecimal digits.
+[clinic start generated code]*/
+
+static PyObject *
+SHA512Type_hexdigest_impl(SHA512object *self)
+/*[clinic end generated code: output=cbd6f844aba1fe7c input=498b877b25cbe0a2]*/
+{
+    uint8_t digest[SHA512_DIGESTSIZE];
+    assert(self->digestsize <= SHA512_DIGESTSIZE);
+    Hacl_Streaming_SHA2_finish_512(self->state, digest);
+    return _Py_strhex((const char *)digest, self->digestsize);
+}
+
+/*[clinic input]
+SHA256Type.update
+
+    obj: object
+    /
+
+Update this hash object's state with the provided string.
+[clinic start generated code]*/
+
+static PyObject *
+SHA256Type_update(SHA256object *self, PyObject *obj)
+/*[clinic end generated code: output=1b240f965ddbd8c6 input=b2d449d5b30f0f5a]*/
+{
+    Py_buffer buf;
+
+    GET_BUFFER_VIEW_OR_ERROUT(obj, &buf);
+
+    update_256(self->state, buf.buf, buf.len);
+
+    PyBuffer_Release(&buf);
+    Py_RETURN_NONE;
+}
+
+/*[clinic input]
+SHA512Type.update
+
+    obj: object
+    /
+
+Update this hash object's state with the provided string.
+[clinic start generated code]*/
+
+static PyObject *
+SHA512Type_update(SHA512object *self, PyObject *obj)
+/*[clinic end generated code: output=745f51057a985884 input=ded2b46656566283]*/
+{
+    Py_buffer buf;
+
+    GET_BUFFER_VIEW_OR_ERROUT(obj, &buf);
+
+    update_512(self->state, buf.buf, buf.len);
+
+    PyBuffer_Release(&buf);
+    Py_RETURN_NONE;
+}
+
+static PyMethodDef SHA256_methods[] = {
+    SHA256TYPE_COPY_METHODDEF
+    SHA256TYPE_DIGEST_METHODDEF
+    SHA256TYPE_HEXDIGEST_METHODDEF
+    SHA256TYPE_UPDATE_METHODDEF
+    {NULL,        NULL}         /* sentinel */
+};
+
+static PyMethodDef SHA512_methods[] = {
+    SHA512TYPE_COPY_METHODDEF
+    SHA512TYPE_DIGEST_METHODDEF
+    SHA512TYPE_HEXDIGEST_METHODDEF
+    SHA512TYPE_UPDATE_METHODDEF
+    {NULL,        NULL}         /* sentinel */
+};
+
+static PyObject *
+SHA256_get_block_size(PyObject *self, void *closure)
+{
+    return PyLong_FromLong(SHA256_BLOCKSIZE);
+}
+
+static PyObject *
+SHA512_get_block_size(PyObject *self, void *closure)
+{
+    return PyLong_FromLong(SHA512_BLOCKSIZE);
+}
+
+static PyObject *
+SHA256_get_digest_size(SHA256object *self, void *closure)
+{
+    return PyLong_FromLong(self->digestsize);
+}
+
+static PyObject *
+SHA512_get_digest_size(SHA512object *self, void *closure)
+{
+    return PyLong_FromLong(self->digestsize);
+}
+
+static PyObject *
+SHA256_get_name(SHA256object *self, void *closure)
+{
+    if (self->digestsize == 28) {
+        return PyUnicode_FromStringAndSize("sha224", 6);
+    }
+    return PyUnicode_FromStringAndSize("sha256", 6);
+}
+
+static PyObject *
+SHA512_get_name(SHA512object *self, void *closure)
+{
+    if (self->digestsize == 64) {
+        return PyUnicode_FromStringAndSize("sha512", 6);
+    }
+    return PyUnicode_FromStringAndSize("sha384", 6);
+}
+
+static PyGetSetDef SHA256_getseters[] = {
+    {"block_size",
+     (getter)SHA256_get_block_size, NULL,
+     NULL,
+     NULL},
+    {"name",
+     (getter)SHA256_get_name, NULL,
+     NULL,
+     NULL},
+    {"digest_size",
+     (getter)SHA256_get_digest_size, NULL,
+     NULL,
+     NULL},
+    {NULL}  /* Sentinel */
+};
+
+static PyGetSetDef SHA512_getseters[] = {
+    {"block_size",
+     (getter)SHA512_get_block_size, NULL,
+     NULL,
+     NULL},
+    {"name",
+     (getter)SHA512_get_name, NULL,
+     NULL,
+     NULL},
+    {"digest_size",
+     (getter)SHA512_get_digest_size, NULL,
+     NULL,
+     NULL},
+    {NULL}  /* Sentinel */
+};
+
+static PyType_Slot sha256_types_slots[] = {
+    {Py_tp_dealloc, SHA256_dealloc},
+    {Py_tp_methods, SHA256_methods},
+    {Py_tp_getset, SHA256_getseters},
+    {Py_tp_traverse, SHA2_traverse},
+    {0,0}
+};
+
+static PyType_Slot sha512_type_slots[] = {
+    {Py_tp_dealloc, SHA512_dealloc},
+    {Py_tp_methods, SHA512_methods},
+    {Py_tp_getset, SHA512_getseters},
+    {Py_tp_traverse, SHA2_traverse},
+    {0,0}
+};
+
+// Using PyType_GetModuleState() on these types is safe since they
+// cannot be subclassed: they don't have the Py_TPFLAGS_BASETYPE flag.
+static PyType_Spec sha224_type_spec = {
+    .name = "_sha2.SHA224Type",
+    .basicsize = sizeof(SHA256object),
+    .flags = (Py_TPFLAGS_DEFAULT | Py_TPFLAGS_DISALLOW_INSTANTIATION |
+              Py_TPFLAGS_IMMUTABLETYPE | Py_TPFLAGS_HAVE_GC),
+    .slots = sha256_types_slots
+};
+
+static PyType_Spec sha256_type_spec = {
+    .name = "_sha2.SHA256Type",
+    .basicsize = sizeof(SHA256object),
+    .flags = (Py_TPFLAGS_DEFAULT | Py_TPFLAGS_DISALLOW_INSTANTIATION |
+              Py_TPFLAGS_IMMUTABLETYPE | Py_TPFLAGS_HAVE_GC),
+    .slots = sha256_types_slots
+};
+
+static PyType_Spec sha384_type_spec = {
+    .name = "_sha2.SHA384Type",
+    .basicsize =  sizeof(SHA512object),
+    .flags = (Py_TPFLAGS_DEFAULT | Py_TPFLAGS_DISALLOW_INSTANTIATION |
+              Py_TPFLAGS_IMMUTABLETYPE | Py_TPFLAGS_HAVE_GC),
+    .slots = sha512_type_slots
+};
+
+static PyType_Spec sha512_type_spec = {
+    .name = "_sha2.SHA512Type",
+    .basicsize =  sizeof(SHA512object),
+    .flags = (Py_TPFLAGS_DEFAULT | Py_TPFLAGS_DISALLOW_INSTANTIATION |
+              Py_TPFLAGS_IMMUTABLETYPE | Py_TPFLAGS_HAVE_GC),
+    .slots = sha512_type_slots
+};
+
+/* The module-level constructors. */
+
+/*[clinic input]
+_sha2.sha256
+
+    string: object(c_default="NULL") = b''
+    *
+    usedforsecurity: bool = True
+
+Return a new SHA-256 hash object; optionally initialized with a string.
+[clinic start generated code]*/
+
+static PyObject *
+_sha2_sha256_impl(PyObject *module, PyObject *string, int usedforsecurity)
+/*[clinic end generated code: output=243c9dd289931f87 input=6249da1de607280a]*/
+{
+    Py_buffer buf;
+
+    if (string) {
+        GET_BUFFER_VIEW_OR_ERROUT(string, &buf);
+    }
+
+    sha2_state *state = sha2_get_state(module);
+
+    SHA256object *new;
+    if ((new = newSHA256object(state)) == NULL) {
+        if (string) {
+            PyBuffer_Release(&buf);
+        }
+        return NULL;
+    }
+
+    new->state = Hacl_Streaming_SHA2_create_in_256();
+    new->digestsize = 32;
+
+    if (PyErr_Occurred()) {
+        Py_DECREF(new);
+        if (string) {
+            PyBuffer_Release(&buf);
+        }
+        return NULL;
+    }
+    if (string) {
+        update_256(new->state, buf.buf, buf.len);
+        PyBuffer_Release(&buf);
+    }
+
+    return (PyObject *)new;
+}
+
+/*[clinic input]
+_sha2.sha224
+
+    string: object(c_default="NULL") = b''
+    *
+    usedforsecurity: bool = True
+
+Return a new SHA-224 hash object; optionally initialized with a string.
+[clinic start generated code]*/
+
+static PyObject *
+_sha2_sha224_impl(PyObject *module, PyObject *string, int usedforsecurity)
+/*[clinic end generated code: output=68191f232e4a3843 input=c42bcba47fd7d2b7]*/
+{
+    Py_buffer buf;
+    if (string) {
+        GET_BUFFER_VIEW_OR_ERROUT(string, &buf);
+    }
+
+    sha2_state *state = sha2_get_state(module);
+    SHA256object *new;
+    if ((new = newSHA224object(state)) == NULL) {
+        if (string) {
+            PyBuffer_Release(&buf);
+        }
+        return NULL;
+    }
+
+    new->state = Hacl_Streaming_SHA2_create_in_224();
+    new->digestsize = 28;
+
+    if (PyErr_Occurred()) {
+        Py_DECREF(new);
+        if (string) {
+            PyBuffer_Release(&buf);
+        }
+        return NULL;
+    }
+    if (string) {
+        update_256(new->state, buf.buf, buf.len);
+        PyBuffer_Release(&buf);
+    }
+
+    return (PyObject *)new;
+}
+
+/*[clinic input]
+_sha2.sha512
+
+    string: object(c_default="NULL") = b''
+    *
+    usedforsecurity: bool = True
+
+Return a new SHA-512 hash object; optionally initialized with a string.
+[clinic start generated code]*/
+
+static PyObject *
+_sha2_sha512_impl(PyObject *module, PyObject *string, int usedforsecurity)
+/*[clinic end generated code: output=d55c8996eca214d7 input=0576ae2a6ebfad25]*/
+{
+    SHA512object *new;
+    Py_buffer buf;
+
+    sha2_state *state = sha2_get_state(module);
+
+    if (string)
+        GET_BUFFER_VIEW_OR_ERROUT(string, &buf);
+
+    if ((new = newSHA512object(state)) == NULL) {
+        if (string)
+            PyBuffer_Release(&buf);
+        return NULL;
+    }
+
+    new->state = Hacl_Streaming_SHA2_create_in_512();
+    new->digestsize = 64;
+
+    if (PyErr_Occurred()) {
+        Py_DECREF(new);
+        if (string)
+            PyBuffer_Release(&buf);
+        return NULL;
+    }
+    if (string) {
+        update_512(new->state, buf.buf, buf.len);
+        PyBuffer_Release(&buf);
+    }
+
+    return (PyObject *)new;
+}
+
+/*[clinic input]
+_sha2.sha384
+
+    string: object(c_default="NULL") = b''
+    *
+    usedforsecurity: bool = True
+
+Return a new SHA-384 hash object; optionally initialized with a string.
+[clinic start generated code]*/
+
+static PyObject *
+_sha2_sha384_impl(PyObject *module, PyObject *string, int usedforsecurity)
+/*[clinic end generated code: output=b29a0d81d51d1368 input=4e9199d8de0d2f9b]*/
+{
+    SHA512object *new;
+    Py_buffer buf;
+
+    sha2_state *state = sha2_get_state(module);
+
+    if (string)
+        GET_BUFFER_VIEW_OR_ERROUT(string, &buf);
+
+    if ((new = newSHA384object(state)) == NULL) {
+        if (string)
+            PyBuffer_Release(&buf);
+        return NULL;
+    }
+
+    new->state = Hacl_Streaming_SHA2_create_in_384();
+    new->digestsize = 48;
+
+    if (PyErr_Occurred()) {
+        Py_DECREF(new);
+        if (string)
+            PyBuffer_Release(&buf);
+        return NULL;
+    }
+    if (string) {
+        update_512(new->state, buf.buf, buf.len);
+        PyBuffer_Release(&buf);
+    }
+
+    return (PyObject *)new;
+}
+
+/* List of functions exported by this module */
+
+static struct PyMethodDef SHA2_functions[] = {
+    _SHA2_SHA256_METHODDEF
+    _SHA2_SHA224_METHODDEF
+    _SHA2_SHA512_METHODDEF
+    _SHA2_SHA384_METHODDEF
+    {NULL,      NULL}            /* Sentinel */
+};
+
+static int
+_sha2_traverse(PyObject *module, visitproc visit, void *arg)
+{
+    sha2_state *state = sha2_get_state(module);
+    Py_VISIT(state->sha224_type);
+    Py_VISIT(state->sha256_type);
+    Py_VISIT(state->sha384_type);
+    Py_VISIT(state->sha512_type);
+    return 0;
+}
+
+static int
+_sha2_clear(PyObject *module)
+{
+    sha2_state *state = sha2_get_state(module);
+    Py_CLEAR(state->sha224_type);
+    Py_CLEAR(state->sha256_type);
+    Py_CLEAR(state->sha384_type);
+    Py_CLEAR(state->sha512_type);
+    return 0;
+}
+
+static void
+_sha2_free(void *module)
+{
+    _sha2_clear((PyObject *)module);
+}
+
+/* Initialize this module. */
+static int sha2_exec(PyObject *module)
+{
+    sha2_state *state = sha2_get_state(module);
+
+    state->sha224_type = (PyTypeObject *)PyType_FromModuleAndSpec(
+        module, &sha224_type_spec, NULL);
+    if (state->sha224_type == NULL) {
+        return -1;
+    }
+    state->sha256_type = (PyTypeObject *)PyType_FromModuleAndSpec(
+        module, &sha256_type_spec, NULL);
+    if (state->sha256_type == NULL) {
+        return -1;
+    }
+    state->sha384_type = (PyTypeObject *)PyType_FromModuleAndSpec(
+        module, &sha384_type_spec, NULL);
+    if (state->sha384_type == NULL) {
+        return -1;
+    }
+    state->sha512_type = (PyTypeObject *)PyType_FromModuleAndSpec(
+        module, &sha512_type_spec, NULL);
+    if (state->sha512_type == NULL) {
+        return -1;
+    }
+
+    if (PyModule_AddType(module, state->sha224_type) < 0) {
+        return -1;
+    }
+    if (PyModule_AddType(module, state->sha256_type) < 0) {
+        return -1;
+    }
+    if (PyModule_AddType(module, state->sha384_type) < 0) {
+        return -1;
+    }
+    if (PyModule_AddType(module, state->sha512_type) < 0) {
+        return -1;
+    }
+
+    return 0;
+}
+
+static PyModuleDef_Slot _sha2_slots[] = {
+    {Py_mod_exec, sha2_exec},
+    {0, NULL}
+};
+
+static struct PyModuleDef _sha2module = {
+    PyModuleDef_HEAD_INIT,
+    .m_name = "_sha2",
+    .m_size = sizeof(sha2_state),
+    .m_methods = SHA2_functions,
+    .m_slots = _sha2_slots,
+    .m_traverse = _sha2_traverse,
+    .m_clear = _sha2_clear,
+    .m_free = _sha2_free
+};
+
+PyMODINIT_FUNC
+PyInit__sha2(void)
+{
+    return PyModuleDef_Init(&_sha2module);
+}

Modules/sha512module.c

@@ -1,456 +0,0 @@
-/* SHA512 module */
-
-/* This module provides an interface to NIST's SHA-512 and SHA-384 Algorithms */
-
-/* See below for information about the original code this module was
-   based upon. Additional work performed by:
-
-   Andrew Kuchling (amk@amk.ca)
-   Greg Stein (gstein@lyra.org)
-   Trevor Perrin (trevp@trevp.net)
-   Jonathan Protzenko (jonathan@protzenko.fr)
-
-   Copyright (C) 2005-2007   Gregory P. Smith (greg@krypto.org)
-   Licensed to PSF under a Contributor Agreement.
-
-*/
-
-/* SHA objects */
-#ifndef Py_BUILD_CORE_BUILTIN
-#  define Py_BUILD_CORE_MODULE 1
-#endif
-
-#include "Python.h"
-#include "pycore_bitutils.h"      // _Py_bswap64()
-#include "pycore_strhex.h"        // _Py_strhex()
-#include "structmember.h"         // PyMemberDef
-#include "hashlib.h"
-
-/*[clinic input]
-module _sha512
-class SHA512Type "SHAobject *" "&PyType_Type"
-[clinic start generated code]*/
-/*[clinic end generated code: output=da39a3ee5e6b4b0d input=81a3ccde92bcfe8d]*/
-
-
-/* The SHA block size and message digest sizes, in bytes */
-
-#define SHA_BLOCKSIZE   128
-#define SHA_DIGESTSIZE  64
-
-/* The SHA2-384 and SHA2-512 implementations defer to the HACL* verified
- * library. */
-
-#include "_hacl/Hacl_Streaming_SHA2.h"
-
-typedef struct {
-    PyObject_HEAD
-    int digestsize;
-    Hacl_Streaming_SHA2_state_sha2_512 *state;
-} SHAobject;
-
-#include "clinic/sha512module.c.h"
-
-
-static void SHAcopy(SHAobject *src, SHAobject *dest)
-{
-    dest->digestsize = src->digestsize;
-    dest->state = Hacl_Streaming_SHA2_copy_512(src->state);
-}
-
-typedef struct {
-    PyTypeObject* sha384_type;
-    PyTypeObject* sha512_type;
-} SHA512State;
-
-static inline SHA512State*
-sha512_get_state(PyObject *module)
-{
-    void *state = PyModule_GetState(module);
-    assert(state != NULL);
-    return (SHA512State *)state;
-}
-
-static SHAobject *
-newSHA384object(SHA512State *st)
-{
-    SHAobject *sha = (SHAobject *)PyObject_GC_New(SHAobject, st->sha384_type);
-    PyObject_GC_Track(sha);
-    return sha;
-}
-
-static SHAobject *
-newSHA512object(SHA512State *st)
-{
-    SHAobject *sha = (SHAobject *)PyObject_GC_New(SHAobject, st->sha512_type);
-    PyObject_GC_Track(sha);
-    return sha;
-}
-
-/* Internal methods for a hash object */
-static int
-SHA_traverse(PyObject *ptr, visitproc visit, void *arg)
-{
-    Py_VISIT(Py_TYPE(ptr));
-    return 0;
-}
-
-static void
-SHA512_dealloc(SHAobject *ptr)
-{
-    Hacl_Streaming_SHA2_free_512(ptr->state);
-    PyTypeObject *tp = Py_TYPE(ptr);
-    PyObject_GC_UnTrack(ptr);
-    PyObject_GC_Del(ptr);
-    Py_DECREF(tp);
-}
-
-/* HACL* takes a uint32_t for the length of its parameter, but Py_ssize_t can be
- * 64 bits. */
-static void update_512(Hacl_Streaming_SHA2_state_sha2_512 *state, uint8_t *buf, Py_ssize_t len) {
-  /* Note: we explicitly ignore the error code on the basis that it would take >
-   * 1 billion years to overflow the maximum admissible length for this API
-   * (namely, 2^64-1 bytes). */
-  while (len > UINT32_MAX) {
-    Hacl_Streaming_SHA2_update_512(state, buf, UINT32_MAX);
-    len -= UINT32_MAX;
-    buf += UINT32_MAX;
-  }
-  /* Cast to uint32_t is safe: upon exiting the loop, len <= UINT32_MAX, and
-   * therefore fits in a uint32_t */
-  Hacl_Streaming_SHA2_update_512(state, buf, (uint32_t) len);
-}
-
-
-/* External methods for a hash object */
-
-/*[clinic input]
-SHA512Type.copy
-
-    cls: defining_class
-
-Return a copy of the hash object.
-[clinic start generated code]*/
-
-static PyObject *
-SHA512Type_copy_impl(SHAobject *self, PyTypeObject *cls)
-/*[clinic end generated code: output=85ea5b47837a08e6 input=f673a18f66527c90]*/
-{
-    SHAobject *newobj;
-    SHA512State *st = PyType_GetModuleState(cls);
-
-    if (Py_IS_TYPE((PyObject*)self, st->sha512_type)) {
-        if ( (newobj = newSHA512object(st))==NULL) {
-            return NULL;
-        }
-    }
-    else {
-        if ( (newobj = newSHA384object(st))==NULL) {
-            return NULL;
-        }
-    }
-
-    SHAcopy(self, newobj);
-    return (PyObject *)newobj;
-}
-
-/*[clinic input]
-SHA512Type.digest
-
-Return the digest value as a bytes object.
-[clinic start generated code]*/
-
-static PyObject *
-SHA512Type_digest_impl(SHAobject *self)
-/*[clinic end generated code: output=1080bbeeef7dde1b input=f6470dd359071f4b]*/
-{
-    uint8_t digest[SHA_DIGESTSIZE];
-    // HACL performs copies under the hood so that self->state remains valid
-    // after this call.
-    Hacl_Streaming_SHA2_finish_512(self->state, digest);
-    return PyBytes_FromStringAndSize((const char *)digest, self->digestsize);
-}
-
-/*[clinic input]
-SHA512Type.hexdigest
-
-Return the digest value as a string of hexadecimal digits.
-[clinic start generated code]*/
-
-static PyObject *
-SHA512Type_hexdigest_impl(SHAobject *self)
-/*[clinic end generated code: output=7373305b8601e18b input=498b877b25cbe0a2]*/
-{
-    uint8_t digest[SHA_DIGESTSIZE];
-    Hacl_Streaming_SHA2_finish_512(self->state, digest);
-    return _Py_strhex((const char *)digest, self->digestsize);
-}
-
-/*[clinic input]
-SHA512Type.update
-
-    obj: object
-    /
-
-Update this hash object's state with the provided string.
-[clinic start generated code]*/
-
-static PyObject *
-SHA512Type_update(SHAobject *self, PyObject *obj)
-/*[clinic end generated code: output=1cf333e73995a79e input=ded2b46656566283]*/
-{
-    Py_buffer buf;
-
-    GET_BUFFER_VIEW_OR_ERROUT(obj, &buf);
-
-    update_512(self->state, buf.buf, buf.len);
-
-    PyBuffer_Release(&buf);
-    Py_RETURN_NONE;
-}
-
-static PyMethodDef SHA_methods[] = {
-    SHA512TYPE_COPY_METHODDEF
-    SHA512TYPE_DIGEST_METHODDEF
-    SHA512TYPE_HEXDIGEST_METHODDEF
-    SHA512TYPE_UPDATE_METHODDEF
-    {NULL,        NULL}         /* sentinel */
-};
-
-static PyObject *
-SHA512_get_block_size(PyObject *self, void *closure)
-{
-    return PyLong_FromLong(SHA_BLOCKSIZE);
-}
-
-static PyObject *
-SHA512_get_name(PyObject *self, void *closure)
-{
-    if (((SHAobject *)self)->digestsize == 64)
-        return PyUnicode_FromStringAndSize("sha512", 6);
-    else
-        return PyUnicode_FromStringAndSize("sha384", 6);
-}
-
-static PyGetSetDef SHA_getseters[] = {
-    {"block_size",
-     (getter)SHA512_get_block_size, NULL,
-     NULL,
-     NULL},
-    {"name",
-     (getter)SHA512_get_name, NULL,
-     NULL,
-     NULL},
-    {NULL}  /* Sentinel */
-};
-
-static PyMemberDef SHA_members[] = {
-    {"digest_size", T_INT, offsetof(SHAobject, digestsize), READONLY, NULL},
-    {NULL}  /* Sentinel */
-};
-
-static PyType_Slot sha512_sha384_type_slots[] = {
-    {Py_tp_dealloc, SHA512_dealloc},
-    {Py_tp_methods, SHA_methods},
-    {Py_tp_members, SHA_members},
-    {Py_tp_getset, SHA_getseters},
-    {Py_tp_traverse, SHA_traverse},
-    {0,0}
-};
-
-static PyType_Spec sha512_sha384_type_spec = {
-    .name = "_sha512.sha384",
-    .basicsize =  sizeof(SHAobject),
-    .flags = (Py_TPFLAGS_DEFAULT | Py_TPFLAGS_DISALLOW_INSTANTIATION |
-              Py_TPFLAGS_IMMUTABLETYPE | Py_TPFLAGS_HAVE_GC),
-    .slots = sha512_sha384_type_slots
-};
-
-// Using PyType_GetModuleState() on this type is safe since
-// it cannot be subclassed: it does not have the Py_TPFLAGS_BASETYPE flag.
-static PyType_Spec sha512_sha512_type_spec = {
-    .name = "_sha512.sha512",
-    .basicsize =  sizeof(SHAobject),
-    .flags = (Py_TPFLAGS_DEFAULT | Py_TPFLAGS_DISALLOW_INSTANTIATION |
-              Py_TPFLAGS_IMMUTABLETYPE | Py_TPFLAGS_HAVE_GC),
-    .slots = sha512_sha384_type_slots
-};
-
-/* The single module-level function: new() */
-
-/*[clinic input]
-_sha512.sha512
-
-    string: object(c_default="NULL") = b''
-    *
-    usedforsecurity: bool = True
-
-Return a new SHA-512 hash object; optionally initialized with a string.
-[clinic start generated code]*/
-
-static PyObject *
-_sha512_sha512_impl(PyObject *module, PyObject *string, int usedforsecurity)
-/*[clinic end generated code: output=a8d9e5f9e6a0831c input=23b4daebc2ebb9c9]*/
-{
-    SHAobject *new;
-    Py_buffer buf;
-
-    SHA512State *st = sha512_get_state(module);
-
-    if (string)
-        GET_BUFFER_VIEW_OR_ERROUT(string, &buf);
-
-    if ((new = newSHA512object(st)) == NULL) {
-        if (string)
-            PyBuffer_Release(&buf);
-        return NULL;
-    }
-
-    new->state = Hacl_Streaming_SHA2_create_in_512();
-    new->digestsize = 64;
-
-    if (PyErr_Occurred()) {
-        Py_DECREF(new);
-        if (string)
-            PyBuffer_Release(&buf);
-        return NULL;
-    }
-    if (string) {
-        update_512(new->state, buf.buf, buf.len);
-        PyBuffer_Release(&buf);
-    }
-
-    return (PyObject *)new;
-}
-
-/*[clinic input]
-_sha512.sha384
-
-    string: object(c_default="NULL") = b''
-    *
-    usedforsecurity: bool = True
-
-Return a new SHA-384 hash object; optionally initialized with a string.
-[clinic start generated code]*/
-
-static PyObject *
-_sha512_sha384_impl(PyObject *module, PyObject *string, int usedforsecurity)
-/*[clinic end generated code: output=da7d594a08027ac3 input=59ef72f039a6b431]*/
-{
-    SHAobject *new;
-    Py_buffer buf;
-
-    SHA512State *st = sha512_get_state(module);
-
-    if (string)
-        GET_BUFFER_VIEW_OR_ERROUT(string, &buf);
-
-    if ((new = newSHA384object(st)) == NULL) {
-        if (string)
-            PyBuffer_Release(&buf);
-        return NULL;
-    }
-
-    new->state = Hacl_Streaming_SHA2_create_in_384();
-    new->digestsize = 48;
-
-    if (PyErr_Occurred()) {
-        Py_DECREF(new);
-        if (string)
-            PyBuffer_Release(&buf);
-        return NULL;
-    }
-    if (string) {
-        update_512(new->state, buf.buf, buf.len);
-        PyBuffer_Release(&buf);
-    }
-
-    return (PyObject *)new;
-}
-
-
-/* List of functions exported by this module */
-
-static struct PyMethodDef SHA_functions[] = {
-    _SHA512_SHA512_METHODDEF
-    _SHA512_SHA384_METHODDEF
-    {NULL,      NULL}            /* Sentinel */
-};
-
-static int
-_sha512_traverse(PyObject *module, visitproc visit, void *arg)
-{
-    SHA512State *state = sha512_get_state(module);
-    Py_VISIT(state->sha384_type);
-    Py_VISIT(state->sha512_type);
-    return 0;
-}
-
-static int
-_sha512_clear(PyObject *module)
-{
-    SHA512State *state = sha512_get_state(module);
-    Py_CLEAR(state->sha384_type);
-    Py_CLEAR(state->sha512_type);
-    return 0;
-}
-
-static void
-_sha512_free(void *module)
-{
-    _sha512_clear((PyObject *)module);
-}
-
-
-/* Initialize this module. */
-static int
-_sha512_exec(PyObject *m)
-{
-    SHA512State* st = sha512_get_state(m);
-
-    st->sha384_type = (PyTypeObject *)PyType_FromModuleAndSpec(
-        m, &sha512_sha384_type_spec, NULL);
-
-    st->sha512_type = (PyTypeObject *)PyType_FromModuleAndSpec(
-        m, &sha512_sha512_type_spec, NULL);
-
-    if (st->sha384_type == NULL || st->sha512_type == NULL) {
-        return -1;
-    }
-
-    Py_INCREF(st->sha384_type);
-    if (PyModule_AddObject(m, "SHA384Type", (PyObject *)st->sha384_type) < 0) {
-        Py_DECREF(st->sha384_type);
-        return -1;
-    }
-
-    Py_INCREF(st->sha512_type);
-    if (PyModule_AddObject(m, "SHA384Type", (PyObject *)st->sha512_type) < 0) {
-        Py_DECREF(st->sha512_type);
-        return -1;
-    }
-
-    return 0;
-}
-
-static PyModuleDef_Slot _sha512_slots[] = {
-    {Py_mod_exec, _sha512_exec},
-    {0, NULL}
-};
-
-static struct PyModuleDef _sha512module = {
-        PyModuleDef_HEAD_INIT,
-        .m_name = "_sha512",
-        .m_size = sizeof(SHA512State),
-        .m_methods = SHA_functions,
-        .m_slots = _sha512_slots,
-        .m_traverse = _sha512_traverse,
-        .m_clear = _sha512_clear,
-        .m_free = _sha512_free
-};
-
-PyMODINIT_FUNC
-PyInit__sha512(void)
-{
-    return PyModuleDef_Init(&_sha512module);
-}

PC/config.c

@@ -20,8 +20,7 @@ extern PyObject* PyInit_nt(void);
 extern PyObject* PyInit__operator(void);
 extern PyObject* PyInit__signal(void);
 extern PyObject* PyInit__sha1(void);
-extern PyObject* PyInit__sha256(void);
-extern PyObject* PyInit__sha512(void);
+extern PyObject* PyInit__sha2(void);
 extern PyObject* PyInit__sha3(void);
 extern PyObject* PyInit__statistics(void);
 extern PyObject* PyInit__typing(void);
@@ -98,8 +97,7 @@ struct _inittab _PyImport_Inittab[] = {
     {"_signal", PyInit__signal},
     {"_md5", PyInit__md5},
     {"_sha1", PyInit__sha1},
-    {"_sha256", PyInit__sha256},
-    {"_sha512", PyInit__sha512},
+    {"_sha2", PyInit__sha2},
     {"_sha3", PyInit__sha3},
     {"_blake2", PyInit__blake2},
     {"time", PyInit_time},

PCbuild/pythoncore.vcxproj

@@ -408,8 +408,7 @@
     <ClCompile Include="..\Modules\rotatingtree.c" />
     <ClCompile Include="..\Modules\sha1module.c" />
     <ClCompile Include="..\Modules\_hacl\Hacl_Streaming_SHA2.c" />
-    <ClCompile Include="..\Modules\sha256module.c" />
-    <ClCompile Include="..\Modules\sha512module.c" />
+    <ClCompile Include="..\Modules\sha2module.c" />
     <ClCompile Include="..\Modules\signalmodule.c" />
     <ClCompile Include="..\Modules\_statisticsmodule.c" />
     <ClCompile Include="..\Modules\symtablemodule.c" />

PCbuild/pythoncore.vcxproj.filters

@@ -869,10 +869,7 @@
     <ClCompile Include="..\Modules\_hacl\Hacl_Streaming_SHA2.c">
       <Filter>Modules</Filter>
     </ClCompile>
-    <ClCompile Include="..\Modules\sha256module.c">
-      <Filter>Modules</Filter>
-    </ClCompile>
-    <ClCompile Include="..\Modules\sha512module.c">
+    <ClCompile Include="..\Modules\sha2module.c">
       <Filter>Modules</Filter>
     </ClCompile>
     <ClCompile Include="..\Modules\signalmodule.c">

Python/stdlib_module_names.h

@@ -63,9 +63,8 @@ static const char* _Py_stdlib_module_names[] = {
 "_random",
 "_scproxy",
 "_sha1",
-"_sha256",
+"_sha2",
 "_sha3",
-"_sha512",
 "_signal",
 "_sitebuiltins",
 "_socket",

configure

@@ -686,10 +686,8 @@ MODULE__BLAKE2_FALSE
 MODULE__BLAKE2_TRUE
 MODULE__SHA3_FALSE
 MODULE__SHA3_TRUE
-MODULE__SHA512_FALSE
-MODULE__SHA512_TRUE
-MODULE__SHA256_FALSE
-MODULE__SHA256_TRUE
+MODULE__SHA2_FALSE
+MODULE__SHA2_TRUE
 MODULE__SHA1_FALSE
 MODULE__SHA1_TRUE
 MODULE__MD5_FALSE
@@ -1891,9 +1889,9 @@ Optional Packages:
                           leave OpenSSL's defaults untouched, STRING: use a
                           custom string, python and STRING also set TLS 1.2 as
                           minimum TLS version
-  --with-builtin-hashlib-hashes=md5,sha1,sha256,sha512,sha3,blake2
-                          builtin hash modules, md5, sha1, sha256, sha512,
-                          sha3 (with shake), blake2
+  --with-builtin-hashlib-hashes=md5,sha1,sha2,sha3,blake2
+                          builtin hash modules, md5, sha1, sha2, sha3 (with
+                          shake), blake2
 
 Some influential environment variables:
   PKG_CONFIG  path to pkg-config utility
@@ -25346,7 +25344,7 @@ fi
 
 
 # builtin hash modules
-default_hashlib_hashes="md5,sha1,sha256,sha512,sha3,blake2"
+default_hashlib_hashes="md5,sha1,sha2,sha3,blake2"
 
 $as_echo "#define PY_BUILTIN_HASHLIB_HASHES /**/" >>confdefs.h
 
@@ -25386,10 +25384,8 @@ for builtin_hash in $with_builtin_hashlib_hashes; do
     with_builtin_md5=yes ;; #(
   sha1) :
     with_builtin_sha1=yes ;; #(
-  sha256) :
-    with_builtin_sha256=yes ;; #(
-  sha512) :
-    with_builtin_sha512=yes ;; #(
+  sha2) :
+    with_builtin_sha2=yes ;; #(
   sha3) :
     with_builtin_sha3=yes ;; #(
   blake2) :
@@ -26898,72 +26894,38 @@ fi
 $as_echo "$py_cv_module__sha1" >&6; }
 
 
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdlib extension module _sha256" >&5
-$as_echo_n "checking for stdlib extension module _sha256... " >&6; }
-        if test "$py_cv_module__sha256" != "n/a"; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdlib extension module _sha2" >&5
+$as_echo_n "checking for stdlib extension module _sha2... " >&6; }
+        if test "$py_cv_module__sha2" != "n/a"; then :
 
-    if test "$with_builtin_sha256" = yes; then :
+    if test "$with_builtin_sha2" = yes; then :
   if true; then :
-  py_cv_module__sha256=yes
+  py_cv_module__sha2=yes
 else
-  py_cv_module__sha256=missing
+  py_cv_module__sha2=missing
 fi
 else
-  py_cv_module__sha256=disabled
+  py_cv_module__sha2=disabled
 fi
 
 fi
-  as_fn_append MODULE_BLOCK "MODULE__SHA256_STATE=$py_cv_module__sha256$as_nl"
-  if test "x$py_cv_module__sha256" = xyes; then :
+  as_fn_append MODULE_BLOCK "MODULE__SHA2_STATE=$py_cv_module__sha2$as_nl"
+  if test "x$py_cv_module__sha2" = xyes; then :
 
-    as_fn_append MODULE_BLOCK "MODULE__SHA256_CFLAGS=-I\$(srcdir)/Modules/_hacl/include -I\$(srcdir)/Modules/_hacl/internal -D_BSD_SOURCE -D_DEFAULT_SOURCE$as_nl"
+    as_fn_append MODULE_BLOCK "MODULE__SHA2_CFLAGS=-I\$(srcdir)/Modules/_hacl/include -I\$(srcdir)/Modules/_hacl/internal -D_BSD_SOURCE -D_DEFAULT_SOURCE$as_nl"
 
 
 fi
-   if test "$py_cv_module__sha256" = yes; then
-  MODULE__SHA256_TRUE=
-  MODULE__SHA256_FALSE='#'
+   if test "$py_cv_module__sha2" = yes; then
+  MODULE__SHA2_TRUE=
+  MODULE__SHA2_FALSE='#'
 else
-  MODULE__SHA256_TRUE='#'
-  MODULE__SHA256_FALSE=
+  MODULE__SHA2_TRUE='#'
+  MODULE__SHA2_FALSE=
 fi
 
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $py_cv_module__sha256" >&5
-$as_echo "$py_cv_module__sha256" >&6; }
-
-
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdlib extension module _sha512" >&5
-$as_echo_n "checking for stdlib extension module _sha512... " >&6; }
-        if test "$py_cv_module__sha512" != "n/a"; then :
-
-    if test "$with_builtin_sha512" = yes; then :
-  if true; then :
-  py_cv_module__sha512=yes
-else
-  py_cv_module__sha512=missing
-fi
-else
-  py_cv_module__sha512=disabled
-fi
-
-fi
-  as_fn_append MODULE_BLOCK "MODULE__SHA512_STATE=$py_cv_module__sha512$as_nl"
-  if test "x$py_cv_module__sha512" = xyes; then :
-
-    as_fn_append MODULE_BLOCK "MODULE__SHA512_CFLAGS=-I\$(srcdir)/Modules/_hacl/include -I\$(srcdir)/Modules/_hacl/internal -D_BSD_SOURCE -D_DEFAULT_SOURCE$as_nl"
-
-
-fi
-   if test "$py_cv_module__sha512" = yes; then
-  MODULE__SHA512_TRUE=
-  MODULE__SHA512_FALSE='#'
-else
-  MODULE__SHA512_TRUE='#'
-  MODULE__SHA512_FALSE=
-fi
-
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $py_cv_module__sha512" >&5
-$as_echo "$py_cv_module__sha512" >&6; }
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $py_cv_module__sha2" >&5
+$as_echo "$py_cv_module__sha2" >&6; }
 
 
   { $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdlib extension module _sha3" >&5
@@ -28337,12 +28299,8 @@ if test -z "${MODULE__SHA1_TRUE}" && test -z "${MODULE__SHA1_FALSE}"; then
   as_fn_error $? "conditional \"MODULE__SHA1\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
-if test -z "${MODULE__SHA256_TRUE}" && test -z "${MODULE__SHA256_FALSE}"; then
-  as_fn_error $? "conditional \"MODULE__SHA256\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${MODULE__SHA512_TRUE}" && test -z "${MODULE__SHA512_FALSE}"; then
-  as_fn_error $? "conditional \"MODULE__SHA512\" was never defined.
+if test -z "${MODULE__SHA2_TRUE}" && test -z "${MODULE__SHA2_FALSE}"; then
+  as_fn_error $? "conditional \"MODULE__SHA2\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
 if test -z "${MODULE__SHA3_TRUE}" && test -z "${MODULE__SHA3_FALSE}"; then

configure.ac

@@ -6928,14 +6928,14 @@ AC_DEFINE(PY_SSL_DEFAULT_CIPHERS, 1)
 ])
 
 # builtin hash modules
-default_hashlib_hashes="md5,sha1,sha256,sha512,sha3,blake2"
+default_hashlib_hashes="md5,sha1,sha2,sha3,blake2"
 AC_DEFINE([PY_BUILTIN_HASHLIB_HASHES], [], [enabled builtin hash modules]
 )
 AC_MSG_CHECKING(for --with-builtin-hashlib-hashes)
 AC_ARG_WITH(builtin-hashlib-hashes,
-            AS_HELP_STRING([--with-builtin-hashlib-hashes=md5,sha1,sha256,sha512,sha3,blake2],
+            AS_HELP_STRING([--with-builtin-hashlib-hashes=md5,sha1,sha2,sha3,blake2],
                            [builtin hash modules,
-                            md5, sha1, sha256, sha512, sha3 (with shake), blake2]),
+                            md5, sha1, sha2, sha3 (with shake), blake2]),
 [
   AS_CASE([$with_builtin_hashlib_hashes],
     [yes], [with_builtin_hashlib_hashes=$default_hashlib_hashes],
@@ -6952,8 +6952,7 @@ for builtin_hash in $with_builtin_hashlib_hashes; do
     AS_CASE($builtin_hash,
       [md5], [with_builtin_md5=yes],
       [sha1], [with_builtin_sha1=yes],
-      [sha256], [with_builtin_sha256=yes],
-      [sha512], [with_builtin_sha512=yes],
+      [sha2], [with_builtin_sha2=yes],
       [sha3], [with_builtin_sha3=yes],
       [blake2], [with_builtin_blake2=yes]
     )
@@ -7197,11 +7196,8 @@ dnl By default we always compile these even when OpenSSL is available
 dnl (issue #14693). The modules are small.
 PY_STDLIB_MOD([_md5], [test "$with_builtin_md5" = yes])
 PY_STDLIB_MOD([_sha1], [test "$with_builtin_sha1" = yes])
-PY_STDLIB_MOD([_sha256],
-  [test "$with_builtin_sha256" = yes], [],
-  [-I\$(srcdir)/Modules/_hacl/include -I\$(srcdir)/Modules/_hacl/internal -D_BSD_SOURCE -D_DEFAULT_SOURCE])
-PY_STDLIB_MOD([_sha512],
-  [test "$with_builtin_sha512" = yes], [],
+PY_STDLIB_MOD([_sha2],
+  [test "$with_builtin_sha2" = yes], [],
   [-I\$(srcdir)/Modules/_hacl/include -I\$(srcdir)/Modules/_hacl/internal -D_BSD_SOURCE -D_DEFAULT_SOURCE])
 PY_STDLIB_MOD([_sha3], [test "$with_builtin_sha3" = yes])
 PY_STDLIB_MOD([_blake2],