mirror of
https://github.com/python/cpython.git
synced 2024-11-24 10:24:35 +08:00
1fcc0efdaa
replacing hashlib primitives (for the non-OpenSSL case) with verified implementations from HACL*. This is the first PR in the series, and focuses specifically on SHA2-256 and SHA2-224. This PR imports Hacl_Streaming_SHA2 into the Python tree. This is the HACL* implementation of SHA2, which combines a core implementation of SHA2 along with a layer of buffer management that allows updating the digest with any number of bytes. This supersedes the previous implementation in the tree. @franziskuskiefer was kind enough to benchmark the changes: in addition to being verified (thus providing significant safety and security improvements), this implementation also provides a sizeable performance boost! ``` --------------------------------------------------------------- Benchmark Time CPU Iterations --------------------------------------------------------------- Sha2_256_Streaming 3163 ns 3160 ns 219353 // this PR LibTomCrypt_Sha2_256 5057 ns 5056 ns 136234 // library used by Python currently ``` The changes in this PR are as follows: - import the subset of HACL* that covers SHA2-256/224 into `Modules/_hacl` - rewire sha256module.c to use the HACL* implementation Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org> Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
186 lines
7.4 KiB
Makefile
186 lines
7.4 KiB
Makefile
# -*- makefile -*-
|
|
#
|
|
# This file is autogenerated from Modules/Setup.stdlib.in.
|
|
#
|
|
|
|
# The file is not used by default yet. For testing do:
|
|
#
|
|
# ln -sfr Modules/Setup.stdlib Modules/Setup.local
|
|
#
|
|
|
|
# * @MODULE_{NAME}_TRUE@ is removed when configure detects all build
|
|
# dependencies for a module. Otherwise the template variable is replaced
|
|
# by a comment "#" and the module is skipped.
|
|
# * Module lines without any compiler and linker flags automatically use
|
|
# $(MODULE_{NAME}_CFLAGS) and $(MODULE_{NAME}_LDFLAGS). These flags are
|
|
# generated by PY_STDLIB_MOD macro.
|
|
# * All source files automatically depend on $(PYTHON_HEADERS) and
|
|
# $(MODULE_{NAME}_DEPS).
|
|
#
|
|
# See Modules/Setup and Modules/makesetup
|
|
#
|
|
|
|
|
|
# Build modules statically or as shared extensions
|
|
# *shared* / *static*
|
|
*@MODULE_BUILDTYPE@*
|
|
|
|
|
|
############################################################################
|
|
# Modules that should always be present (POSIX and Windows):
|
|
@MODULE_ARRAY_TRUE@array arraymodule.c
|
|
@MODULE__ASYNCIO_TRUE@_asyncio _asynciomodule.c
|
|
@MODULE__BISECT_TRUE@_bisect _bisectmodule.c
|
|
@MODULE__CONTEXTVARS_TRUE@_contextvars _contextvarsmodule.c
|
|
@MODULE__CSV_TRUE@_csv _csv.c
|
|
@MODULE__HEAPQ_TRUE@_heapq _heapqmodule.c
|
|
@MODULE__JSON_TRUE@_json _json.c
|
|
@MODULE__LSPROF_TRUE@_lsprof _lsprof.c rotatingtree.c
|
|
@MODULE__OPCODE_TRUE@_opcode _opcode.c
|
|
@MODULE__PICKLE_TRUE@_pickle _pickle.c
|
|
@MODULE__QUEUE_TRUE@_queue _queuemodule.c
|
|
@MODULE__RANDOM_TRUE@_random _randommodule.c
|
|
@MODULE__STRUCT_TRUE@_struct _struct.c
|
|
@MODULE__TYPING_TRUE@_typing _typingmodule.c
|
|
@MODULE__XXSUBINTERPRETERS_TRUE@_xxsubinterpreters _xxsubinterpretersmodule.c
|
|
@MODULE__XXINTERPCHANNELS_TRUE@_xxinterpchannels _xxinterpchannelsmodule.c
|
|
@MODULE__ZONEINFO_TRUE@_zoneinfo _zoneinfo.c
|
|
|
|
# needs libm
|
|
@MODULE_AUDIOOP_TRUE@audioop audioop.c
|
|
@MODULE_MATH_TRUE@math mathmodule.c
|
|
@MODULE_CMATH_TRUE@cmath cmathmodule.c
|
|
@MODULE__STATISTICS_TRUE@_statistics _statisticsmodule.c
|
|
|
|
# needs libm and on some platforms librt
|
|
@MODULE__DATETIME_TRUE@_datetime _datetimemodule.c
|
|
|
|
# _decimal uses libmpdec
|
|
# either static libmpdec.a from Modules/_decimal/libmpdec or libmpdec.so
|
|
# with ./configure --with-system-libmpdec
|
|
@MODULE__DECIMAL_TRUE@_decimal _decimal/_decimal.c
|
|
|
|
# compression libs and binascii (optional CRC32 from zlib)
|
|
# bindings need -lbz2, -lz, or -llzma, respectively
|
|
@MODULE_BINASCII_TRUE@binascii binascii.c
|
|
@MODULE__BZ2_TRUE@_bz2 _bz2module.c
|
|
@MODULE__LZMA_TRUE@_lzma _lzmamodule.c
|
|
@MODULE_ZLIB_TRUE@zlib zlibmodule.c
|
|
|
|
# dbm/gdbm
|
|
# dbm needs either libndbm, libgdbm_compat, or libdb 5.x
|
|
@MODULE__DBM_TRUE@_dbm _dbmmodule.c
|
|
# gdbm module needs -lgdbm
|
|
@MODULE__GDBM_TRUE@_gdbm _gdbmmodule.c
|
|
|
|
# needs -lreadline or -ledit, sometimes termcap, termlib, or tinfo
|
|
@MODULE_READLINE_TRUE@readline readline.c
|
|
|
|
# hashing builtins, can be disabled with --without-builtin-hashlib-hashes
|
|
@MODULE__MD5_TRUE@_md5 md5module.c
|
|
@MODULE__SHA1_TRUE@_sha1 sha1module.c
|
|
@MODULE__SHA256_TRUE@_sha256 sha256module.c _hacl/Hacl_Streaming_SHA2.c
|
|
@MODULE__SHA512_TRUE@_sha512 sha512module.c
|
|
@MODULE__SHA3_TRUE@_sha3 _sha3/sha3module.c
|
|
@MODULE__BLAKE2_TRUE@_blake2 _blake2/blake2module.c _blake2/blake2b_impl.c _blake2/blake2s_impl.c
|
|
|
|
############################################################################
|
|
# XML and text
|
|
|
|
# pyexpat module uses libexpat
|
|
# either static libexpat.a from Modules/expat or libexpat.so with
|
|
# ./configure --with-system-expat
|
|
@MODULE_PYEXPAT_TRUE@pyexpat pyexpat.c
|
|
|
|
# _elementtree libexpat via CAPI hook in pyexpat.
|
|
@MODULE__ELEMENTTREE_TRUE@_elementtree _elementtree.c
|
|
|
|
@MODULE__CODECS_CN_TRUE@_codecs_cn cjkcodecs/_codecs_cn.c
|
|
@MODULE__CODECS_HK_TRUE@_codecs_hk cjkcodecs/_codecs_hk.c
|
|
@MODULE__CODECS_ISO2022_TRUE@_codecs_iso2022 cjkcodecs/_codecs_iso2022.c
|
|
@MODULE__CODECS_JP_TRUE@_codecs_jp cjkcodecs/_codecs_jp.c
|
|
@MODULE__CODECS_KR_TRUE@_codecs_kr cjkcodecs/_codecs_kr.c
|
|
@MODULE__CODECS_TW_TRUE@_codecs_tw cjkcodecs/_codecs_tw.c
|
|
@MODULE__MULTIBYTECODEC_TRUE@_multibytecodec cjkcodecs/multibytecodec.c
|
|
@MODULE_UNICODEDATA_TRUE@unicodedata unicodedata.c
|
|
|
|
############################################################################
|
|
# Modules with some UNIX dependencies
|
|
#
|
|
|
|
# needs -lcrypt on some systems
|
|
@MODULE__CRYPT_TRUE@_crypt _cryptmodule.c
|
|
@MODULE_FCNTL_TRUE@fcntl fcntlmodule.c
|
|
@MODULE_GRP_TRUE@grp grpmodule.c
|
|
@MODULE_MMAP_TRUE@mmap mmapmodule.c
|
|
# FreeBSD: nis/yp APIs are in libc
|
|
# Linux: glibc has deprecated SUN RPC, APIs are in libnsl and libtirpc (bpo-32521)
|
|
@MODULE_NIS_TRUE@nis nismodule.c
|
|
# needs sys/soundcard.h or linux/soundcard.h (Linux, FreeBSD)
|
|
@MODULE_OSSAUDIODEV_TRUE@ossaudiodev ossaudiodev.c
|
|
@MODULE__POSIXSUBPROCESS_TRUE@_posixsubprocess _posixsubprocess.c
|
|
@MODULE_RESOURCE_TRUE@resource resource.c
|
|
@MODULE_SELECT_TRUE@select selectmodule.c
|
|
@MODULE__SOCKET_TRUE@_socket socketmodule.c
|
|
# AIX has shadow passwords, but does not provide getspent API
|
|
@MODULE_SPWD_TRUE@spwd spwdmodule.c
|
|
@MODULE_SYSLOG_TRUE@syslog syslogmodule.c
|
|
@MODULE_TERMIOS_TRUE@termios termios.c
|
|
|
|
# multiprocessing
|
|
@MODULE__POSIXSHMEM_TRUE@_posixshmem _multiprocessing/posixshmem.c
|
|
@MODULE__MULTIPROCESSING_TRUE@_multiprocessing _multiprocessing/multiprocessing.c _multiprocessing/semaphore.c
|
|
|
|
|
|
############################################################################
|
|
# Modules with third party dependencies
|
|
#
|
|
|
|
# needs -lffi and -ldl
|
|
@MODULE__CTYPES_TRUE@_ctypes _ctypes/_ctypes.c _ctypes/callbacks.c _ctypes/callproc.c _ctypes/stgdict.c _ctypes/cfield.c @MODULE__CTYPES_MALLOC_CLOSURE@
|
|
|
|
# needs -lncurses[w], sometimes -ltermcap/tinfo
|
|
@MODULE__CURSES_TRUE@_curses _cursesmodule.c
|
|
# needs -lncurses[w] and -lpanel[w]
|
|
@MODULE__CURSES_PANEL_TRUE@_curses_panel _curses_panel.c
|
|
|
|
@MODULE__SQLITE3_TRUE@_sqlite3 _sqlite/blob.c _sqlite/connection.c _sqlite/cursor.c _sqlite/microprotocols.c _sqlite/module.c _sqlite/prepare_protocol.c _sqlite/row.c _sqlite/statement.c _sqlite/util.c
|
|
|
|
# needs -lssl and -lcrypt
|
|
@MODULE__SSL_TRUE@_ssl _ssl.c
|
|
# needs -lcrypt
|
|
@MODULE__HASHLIB_TRUE@_hashlib _hashopenssl.c
|
|
|
|
# Linux: -luuid, BSD/AIX: libc's uuid_create()
|
|
@MODULE__UUID_TRUE@_uuid _uuidmodule.c
|
|
|
|
@MODULE__TKINTER_TRUE@_tkinter _tkinter.c tkappinit.c
|
|
|
|
############################################################################
|
|
# macOS specific modules
|
|
|
|
# _scproxy needs SystemConfiguration and CoreFoundation framework
|
|
@MODULE__SCPROXY_TRUE@_scproxy _scproxy.c
|
|
|
|
|
|
############################################################################
|
|
# Test modules
|
|
|
|
@MODULE_XXSUBTYPE_TRUE@xxsubtype xxsubtype.c
|
|
@MODULE__XXTESTFUZZ_TRUE@_xxtestfuzz _xxtestfuzz/_xxtestfuzz.c _xxtestfuzz/fuzzer.c
|
|
@MODULE__TESTBUFFER_TRUE@_testbuffer _testbuffer.c
|
|
@MODULE__TESTINTERNALCAPI_TRUE@_testinternalcapi _testinternalcapi.c
|
|
@MODULE__TESTCAPI_TRUE@_testcapi _testcapimodule.c _testcapi/vectorcall.c _testcapi/vectorcall_limited.c _testcapi/heaptype.c _testcapi/unicode.c _testcapi/getargs.c _testcapi/pytime.c _testcapi/datetime.c _testcapi/docstring.c _testcapi/mem.c _testcapi/watchers.c _testcapi/long.c _testcapi/float.c _testcapi/structmember.c
|
|
@MODULE__TESTCLINIC_TRUE@_testclinic _testclinic.c
|
|
|
|
# Some testing modules MUST be built as shared libraries.
|
|
*shared*
|
|
@MODULE__TESTIMPORTMULTIPLE_TRUE@_testimportmultiple _testimportmultiple.c
|
|
@MODULE__TESTMULTIPHASE_TRUE@_testmultiphase _testmultiphase.c
|
|
@MODULE__TESTMULTIPHASE_TRUE@_testsinglephase _testsinglephase.c
|
|
@MODULE__CTYPES_TEST_TRUE@_ctypes_test _ctypes/_ctypes_test.c
|
|
|
|
# Limited API template modules; must be built as shared modules.
|
|
@MODULE_XXLIMITED_TRUE@xxlimited xxlimited.c
|
|
@MODULE_XXLIMITED_35_TRUE@xxlimited_35 xxlimited_35.c
|