From 972ff330923bf3c9ac38544d488736fdfff41454 Mon Sep 17 00:00:00 2001 From: Eli Collins Date: Mon, 11 May 2020 13:44:46 -0400 Subject: passlib.handlers.digests: make create_hex_digest() required=True by default; set explicit required=False only for digests that go away due to FIPS (followup to rev 6ac4d1b31761 on issue 116) --- passlib/handlers/digests.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/passlib/handlers/digests.py b/passlib/handlers/digests.py index 5e0da48..982155c 100644 --- a/passlib/handlers/digests.py +++ b/passlib/handlers/digests.py @@ -53,7 +53,7 @@ class HexDigestHash(uh.StaticHandler): # eoc #=================================================================== -def create_hex_hash(digest, module=__name__, django_name=None, required=False): +def create_hex_hash(digest, module=__name__, django_name=None, required=True): """ create hex-encoded unsalted hasher for specified digest algorithm. @@ -87,9 +87,13 @@ It supports no optional or contextual keywords. # predefined handlers #============================================================================= -hex_md4 = create_hex_hash("md4") -hex_md5 = create_hex_hash("md5", django_name="unsalted_md5") -hex_sha1 = create_hex_hash("sha1") +# NOTE: some digests below are marked as "required=False", because these may not be present on +# FIPS systems (see issue 116). if missing, will return stub hasher that throws error +# if an attempt is made to actually use hash/verify with them. + +hex_md4 = create_hex_hash("md4", required=False) +hex_md5 = create_hex_hash("md5", django_name="unsalted_md5", required=False) +hex_sha1 = create_hex_hash("sha1", required=False) hex_sha256 = create_hex_hash("sha256") hex_sha512 = create_hex_hash("sha512") -- cgit v1.2.1