File builders/python-3.12.2/_hashopenssl.c added (mode: 100644) (index 0000000..3806baf) |
|
1 |
|
/* Module that wraps all OpenSSL hash algorithms */ |
|
2 |
|
|
|
3 |
|
/* |
|
4 |
|
* Copyright (C) 2005-2010 Gregory P. Smith (greg@krypto.org) |
|
5 |
|
* Licensed to PSF under a Contributor Agreement. |
|
6 |
|
* |
|
7 |
|
* Derived from a skeleton of shamodule.c containing work performed by: |
|
8 |
|
* |
|
9 |
|
* Andrew Kuchling (amk@amk.ca) |
|
10 |
|
* Greg Stein (gstein@lyra.org) |
|
11 |
|
* |
|
12 |
|
*/ |
|
13 |
|
|
|
14 |
|
/* Don't warn about deprecated functions, */ |
|
15 |
|
#ifndef OPENSSL_API_COMPAT |
|
16 |
|
// 0x10101000L == 1.1.1, 30000 == 3.0.0 |
|
17 |
|
#define OPENSSL_API_COMPAT 0x10101000L |
|
18 |
|
#endif |
|
19 |
|
#define OPENSSL_NO_DEPRECATED 1 |
|
20 |
|
|
|
21 |
|
#ifndef Py_BUILD_CORE_BUILTIN |
|
22 |
|
# define Py_BUILD_CORE_MODULE 1 |
|
23 |
|
#endif |
|
24 |
|
|
|
25 |
|
#define PY_SSIZE_T_CLEAN |
|
26 |
|
|
|
27 |
|
#include "Python.h" |
|
28 |
|
#include "pycore_hashtable.h" |
|
29 |
|
#include "hashlib.h" |
|
30 |
|
#include "pycore_strhex.h" // _Py_strhex() |
|
31 |
|
|
|
32 |
|
/* EVP is the preferred interface to hashing in OpenSSL */ |
|
33 |
|
#include <openssl/evp.h> |
|
34 |
|
#include <openssl/hmac.h> |
|
35 |
|
#include <openssl/crypto.h> // FIPS_mode() |
|
36 |
|
/* We use the object interface to discover what hashes OpenSSL supports. */ |
|
37 |
|
#include <openssl/objects.h> |
|
38 |
|
#include <openssl/err.h> |
|
39 |
|
|
|
40 |
|
|
|
41 |
|
#ifndef OPENSSL_THREADS |
|
42 |
|
# error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL" |
|
43 |
|
#endif |
|
44 |
|
|
|
45 |
|
#define MUNCH_SIZE INT_MAX |
|
46 |
|
|
|
47 |
|
//#define PY_OPENSSL_HAS_SCRYPT 1 |
|
48 |
|
#undef PY_OPENSSL_HAS_SCRYPT |
|
49 |
|
#define PY_OPENSSL_HAS_SHA3 1 |
|
50 |
|
//#define PY_OPENSSL_HAS_SHAKE 1 |
|
51 |
|
#undef PY_OPENSSL_HAS_SHAKE |
|
52 |
|
//#define PY_OPENSSL_HAS_BLAKE2 1 |
|
53 |
|
#undef PY_OPENSSL_HAS_BLAKE2 |
|
54 |
|
|
|
55 |
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L |
|
56 |
|
#define PY_EVP_MD EVP_MD |
|
57 |
|
#define PY_EVP_MD_fetch(algorithm, properties) EVP_MD_fetch(NULL, algorithm, properties) |
|
58 |
|
#define PY_EVP_MD_up_ref(md) EVP_MD_up_ref(md) |
|
59 |
|
#define PY_EVP_MD_free(md) EVP_MD_free(md) |
|
60 |
|
#else |
|
61 |
|
#define PY_EVP_MD const EVP_MD |
|
62 |
|
#define PY_EVP_MD_fetch(algorithm, properties) EVP_get_digestbyname(algorithm) |
|
63 |
|
#define PY_EVP_MD_up_ref(md) do {} while(0) |
|
64 |
|
#define PY_EVP_MD_free(md) do {} while(0) |
|
65 |
|
#endif |
|
66 |
|
|
|
67 |
|
/* hash alias map and fast lookup |
|
68 |
|
* |
|
69 |
|
* Map between Python's preferred names and OpenSSL internal names. Maintain |
|
70 |
|
* cache of fetched EVP MD objects. The EVP_get_digestbyname() and |
|
71 |
|
* EVP_MD_fetch() API calls have a performance impact. |
|
72 |
|
* |
|
73 |
|
* The py_hashentry_t items are stored in a _Py_hashtable_t with py_name and |
|
74 |
|
* py_alias as keys. |
|
75 |
|
*/ |
|
76 |
|
|
|
77 |
|
enum Py_hash_type { |
|
78 |
|
Py_ht_evp, // usedforsecurity=True / default |
|
79 |
|
Py_ht_evp_nosecurity, // usedforsecurity=False |
|
80 |
|
Py_ht_mac, // HMAC |
|
81 |
|
Py_ht_pbkdf2, // PKBDF2 |
|
82 |
|
}; |
|
83 |
|
|
|
84 |
|
typedef struct { |
|
85 |
|
const char *py_name; |
|
86 |
|
const char *py_alias; |
|
87 |
|
const char *ossl_name; |
|
88 |
|
int ossl_nid; |
|
89 |
|
int refcnt; |
|
90 |
|
PY_EVP_MD *evp; |
|
91 |
|
PY_EVP_MD *evp_nosecurity; |
|
92 |
|
} py_hashentry_t; |
|
93 |
|
|
|
94 |
|
#define Py_hash_md5 "md5" |
|
95 |
|
#define Py_hash_sha1 "sha1" |
|
96 |
|
#define Py_hash_sha224 "sha224" |
|
97 |
|
#define Py_hash_sha256 "sha256" |
|
98 |
|
#define Py_hash_sha384 "sha384" |
|
99 |
|
#define Py_hash_sha512 "sha512" |
|
100 |
|
#define Py_hash_sha512_224 "sha512_224" |
|
101 |
|
#define Py_hash_sha512_256 "sha512_256" |
|
102 |
|
#define Py_hash_sha3_224 "sha3_224" |
|
103 |
|
#define Py_hash_sha3_256 "sha3_256" |
|
104 |
|
#define Py_hash_sha3_384 "sha3_384" |
|
105 |
|
#define Py_hash_sha3_512 "sha3_512" |
|
106 |
|
#define Py_hash_shake_128 "shake_128" |
|
107 |
|
#define Py_hash_shake_256 "shake_256" |
|
108 |
|
#define Py_hash_blake2s "blake2s" |
|
109 |
|
#define Py_hash_blake2b "blake2b" |
|
110 |
|
|
|
111 |
|
#define PY_HASH_ENTRY(py_name, py_alias, ossl_name, ossl_nid) \ |
|
112 |
|
{py_name, py_alias, ossl_name, ossl_nid, 0, NULL, NULL} |
|
113 |
|
|
|
114 |
|
static const py_hashentry_t py_hashes[] = { |
|
115 |
|
/* md5 */ |
|
116 |
|
PY_HASH_ENTRY(Py_hash_md5, "MD5", SN_md5, NID_md5), |
|
117 |
|
/* sha1 */ |
|
118 |
|
PY_HASH_ENTRY(Py_hash_sha1, "SHA1", SN_sha1, NID_sha1), |
|
119 |
|
/* sha2 family */ |
|
120 |
|
PY_HASH_ENTRY(Py_hash_sha224, "SHA224", SN_sha224, NID_sha224), |
|
121 |
|
PY_HASH_ENTRY(Py_hash_sha256, "SHA256", SN_sha256, NID_sha256), |
|
122 |
|
PY_HASH_ENTRY(Py_hash_sha384, "SHA384", SN_sha384, NID_sha384), |
|
123 |
|
PY_HASH_ENTRY(Py_hash_sha512, "SHA512", SN_sha512, NID_sha512), |
|
124 |
|
/* truncated sha2 */ |
|
125 |
|
PY_HASH_ENTRY(Py_hash_sha512_224, "SHA512_224", SN_sha512_224, NID_sha512_224), |
|
126 |
|
PY_HASH_ENTRY(Py_hash_sha512_256, "SHA512_256", SN_sha512_256, NID_sha512_256), |
|
127 |
|
/* sha3 */ |
|
128 |
|
PY_HASH_ENTRY(Py_hash_sha3_224, NULL, SN_sha3_224, NID_sha3_224), |
|
129 |
|
PY_HASH_ENTRY(Py_hash_sha3_256, NULL, SN_sha3_256, NID_sha3_256), |
|
130 |
|
PY_HASH_ENTRY(Py_hash_sha3_384, NULL, SN_sha3_384, NID_sha3_384), |
|
131 |
|
PY_HASH_ENTRY(Py_hash_sha3_512, NULL, SN_sha3_512, NID_sha3_512), |
|
132 |
|
/* sha3 shake */ |
|
133 |
|
//PY_HASH_ENTRY(Py_hash_shake_128, NULL, SN_shake128, NID_shake128), |
|
134 |
|
//PY_HASH_ENTRY(Py_hash_shake_256, NULL, SN_shake256, NID_shake256), |
|
135 |
|
/* blake2 digest */ |
|
136 |
|
//PY_HASH_ENTRY(Py_hash_blake2s, "blake2s256", SN_blake2s256, NID_blake2s256), |
|
137 |
|
//PY_HASH_ENTRY(Py_hash_blake2b, "blake2b512", SN_blake2b512, NID_blake2b512), |
|
138 |
|
PY_HASH_ENTRY(NULL, NULL, NULL, 0), |
|
139 |
|
}; |
|
140 |
|
|
|
141 |
|
static Py_uhash_t |
|
142 |
|
py_hashentry_t_hash_name(const void *key) { |
|
143 |
|
return _Py_HashBytes(key, strlen((const char *)key)); |
|
144 |
|
} |
|
145 |
|
|
|
146 |
|
static int |
|
147 |
|
py_hashentry_t_compare_name(const void *key1, const void *key2) { |
|
148 |
|
return strcmp((const char *)key1, (const char *)key2) == 0; |
|
149 |
|
} |
|
150 |
|
|
|
151 |
|
static void |
|
152 |
|
py_hashentry_t_destroy_value(void *entry) { |
|
153 |
|
py_hashentry_t *h = (py_hashentry_t *)entry; |
|
154 |
|
if (--(h->refcnt) == 0) { |
|
155 |
|
if (h->evp != NULL) { |
|
156 |
|
PY_EVP_MD_free(h->evp); |
|
157 |
|
h->evp = NULL; |
|
158 |
|
} |
|
159 |
|
if (h->evp_nosecurity != NULL) { |
|
160 |
|
PY_EVP_MD_free(h->evp_nosecurity); |
|
161 |
|
h->evp_nosecurity = NULL; |
|
162 |
|
} |
|
163 |
|
PyMem_Free(entry); |
|
164 |
|
} |
|
165 |
|
} |
|
166 |
|
|
|
167 |
|
static _Py_hashtable_t * |
|
168 |
|
py_hashentry_table_new(void) { |
|
169 |
|
_Py_hashtable_t *ht = _Py_hashtable_new_full( |
|
170 |
|
py_hashentry_t_hash_name, |
|
171 |
|
py_hashentry_t_compare_name, |
|
172 |
|
NULL, |
|
173 |
|
py_hashentry_t_destroy_value, |
|
174 |
|
NULL |
|
175 |
|
); |
|
176 |
|
if (ht == NULL) { |
|
177 |
|
return NULL; |
|
178 |
|
} |
|
179 |
|
|
|
180 |
|
for (const py_hashentry_t *h = py_hashes; h->py_name != NULL; h++) { |
|
181 |
|
py_hashentry_t *entry = (py_hashentry_t *)PyMem_Malloc(sizeof(py_hashentry_t)); |
|
182 |
|
if (entry == NULL) { |
|
183 |
|
goto error; |
|
184 |
|
} |
|
185 |
|
memcpy(entry, h, sizeof(py_hashentry_t)); |
|
186 |
|
|
|
187 |
|
if (_Py_hashtable_set(ht, (const void*)entry->py_name, (void*)entry) < 0) { |
|
188 |
|
PyMem_Free(entry); |
|
189 |
|
goto error; |
|
190 |
|
} |
|
191 |
|
entry->refcnt = 1; |
|
192 |
|
|
|
193 |
|
if (h->py_alias != NULL) { |
|
194 |
|
if (_Py_hashtable_set(ht, (const void*)entry->py_alias, (void*)entry) < 0) { |
|
195 |
|
PyMem_Free(entry); |
|
196 |
|
goto error; |
|
197 |
|
} |
|
198 |
|
entry->refcnt++; |
|
199 |
|
} |
|
200 |
|
} |
|
201 |
|
|
|
202 |
|
return ht; |
|
203 |
|
error: |
|
204 |
|
_Py_hashtable_destroy(ht); |
|
205 |
|
return NULL; |
|
206 |
|
} |
|
207 |
|
|
|
208 |
|
/* Module state */ |
|
209 |
|
static PyModuleDef _hashlibmodule; |
|
210 |
|
|
|
211 |
|
typedef struct { |
|
212 |
|
PyTypeObject *EVPtype; |
|
213 |
|
PyTypeObject *HMACtype; |
|
214 |
|
#ifdef PY_OPENSSL_HAS_SHAKE |
|
215 |
|
PyTypeObject *EVPXOFtype; |
|
216 |
|
#endif |
|
217 |
|
PyObject *constructs; |
|
218 |
|
PyObject *unsupported_digestmod_error; |
|
219 |
|
_Py_hashtable_t *hashtable; |
|
220 |
|
} _hashlibstate; |
|
221 |
|
|
|
222 |
|
static inline _hashlibstate* |
|
223 |
|
get_hashlib_state(PyObject *module) |
|
224 |
|
{ |
|
225 |
|
void *state = PyModule_GetState(module); |
|
226 |
|
assert(state != NULL); |
|
227 |
|
return (_hashlibstate *)state; |
|
228 |
|
} |
|
229 |
|
|
|
230 |
|
typedef struct { |
|
231 |
|
PyObject_HEAD |
|
232 |
|
EVP_MD_CTX *ctx; /* OpenSSL message digest context */ |
|
233 |
|
// Prevents undefined behavior via multiple threads entering the C API. |
|
234 |
|
// The lock will be NULL before threaded access has been enabled. |
|
235 |
|
PyThread_type_lock lock; /* OpenSSL context lock */ |
|
236 |
|
} EVPobject; |
|
237 |
|
|
|
238 |
|
typedef struct { |
|
239 |
|
PyObject_HEAD |
|
240 |
|
HMAC_CTX *ctx; /* OpenSSL hmac context */ |
|
241 |
|
// Prevents undefined behavior via multiple threads entering the C API. |
|
242 |
|
// The lock will be NULL before threaded access has been enabled. |
|
243 |
|
PyThread_type_lock lock; /* HMAC context lock */ |
|
244 |
|
} HMACobject; |
|
245 |
|
|
|
246 |
|
#include "clinic/_hashopenssl.c.h" |
|
247 |
|
/*[clinic input] |
|
248 |
|
module _hashlib |
|
249 |
|
class _hashlib.HASH "EVPobject *" "((_hashlibstate *)PyModule_GetState(module))->EVPtype" |
|
250 |
|
class _hashlib.HASHXOF "EVPobject *" "((_hashlibstate *)PyModule_GetState(module))->EVPXOFtype" |
|
251 |
|
class _hashlib.HMAC "HMACobject *" "((_hashlibstate *)PyModule_GetState(module))->HMACtype" |
|
252 |
|
[clinic start generated code]*/ |
|
253 |
|
/*[clinic end generated code: output=da39a3ee5e6b4b0d input=7df1bcf6f75cb8ef]*/ |
|
254 |
|
|
|
255 |
|
|
|
256 |
|
/* LCOV_EXCL_START */ |
|
257 |
|
static PyObject * |
|
258 |
|
_setException(PyObject *exc, const char* altmsg, ...) |
|
259 |
|
{ |
|
260 |
|
unsigned long errcode = ERR_peek_last_error(); |
|
261 |
|
const char *lib, *func, *reason; |
|
262 |
|
va_list vargs; |
|
263 |
|
|
|
264 |
|
va_start(vargs, altmsg); |
|
265 |
|
if (!errcode) { |
|
266 |
|
if (altmsg == NULL) { |
|
267 |
|
PyErr_SetString(exc, "no reason supplied"); |
|
268 |
|
} else { |
|
269 |
|
PyErr_FormatV(exc, altmsg, vargs); |
|
270 |
|
} |
|
271 |
|
va_end(vargs); |
|
272 |
|
return NULL; |
|
273 |
|
} |
|
274 |
|
va_end(vargs); |
|
275 |
|
ERR_clear_error(); |
|
276 |
|
|
|
277 |
|
lib = ERR_lib_error_string(errcode); |
|
278 |
|
func = ERR_func_error_string(errcode); |
|
279 |
|
reason = ERR_reason_error_string(errcode); |
|
280 |
|
|
|
281 |
|
if (lib && func) { |
|
282 |
|
PyErr_Format(exc, "[%s: %s] %s", lib, func, reason); |
|
283 |
|
} |
|
284 |
|
else if (lib) { |
|
285 |
|
PyErr_Format(exc, "[%s] %s", lib, reason); |
|
286 |
|
} |
|
287 |
|
else { |
|
288 |
|
PyErr_SetString(exc, reason); |
|
289 |
|
} |
|
290 |
|
return NULL; |
|
291 |
|
} |
|
292 |
|
/* LCOV_EXCL_STOP */ |
|
293 |
|
|
|
294 |
|
static PyObject* |
|
295 |
|
py_digest_name(const EVP_MD *md) |
|
296 |
|
{ |
|
297 |
|
int nid = EVP_MD_nid(md); |
|
298 |
|
const char *name = NULL; |
|
299 |
|
const py_hashentry_t *h; |
|
300 |
|
|
|
301 |
|
for (h = py_hashes; h->py_name != NULL; h++) { |
|
302 |
|
if (h->ossl_nid == nid) { |
|
303 |
|
name = h->py_name; |
|
304 |
|
break; |
|
305 |
|
} |
|
306 |
|
} |
|
307 |
|
if (name == NULL) { |
|
308 |
|
/* Ignore aliased names and only use long, lowercase name. The aliases |
|
309 |
|
* pollute the list and OpenSSL appears to have its own definition of |
|
310 |
|
* alias as the resulting list still contains duplicate and alternate |
|
311 |
|
* names for several algorithms. |
|
312 |
|
*/ |
|
313 |
|
name = OBJ_nid2ln(nid); |
|
314 |
|
if (name == NULL) |
|
315 |
|
name = OBJ_nid2sn(nid); |
|
316 |
|
} |
|
317 |
|
|
|
318 |
|
return PyUnicode_FromString(name); |
|
319 |
|
} |
|
320 |
|
|
|
321 |
|
/* Get EVP_MD by HID and purpose */ |
|
322 |
|
static PY_EVP_MD* |
|
323 |
|
py_digest_by_name(PyObject *module, const char *name, enum Py_hash_type py_ht) |
|
324 |
|
{ |
|
325 |
|
PY_EVP_MD *digest = NULL; |
|
326 |
|
_hashlibstate *state = get_hashlib_state(module); |
|
327 |
|
py_hashentry_t *entry = (py_hashentry_t *)_Py_hashtable_get( |
|
328 |
|
state->hashtable, (const void*)name |
|
329 |
|
); |
|
330 |
|
|
|
331 |
|
if (entry != NULL) { |
|
332 |
|
switch (py_ht) { |
|
333 |
|
case Py_ht_evp: |
|
334 |
|
case Py_ht_mac: |
|
335 |
|
case Py_ht_pbkdf2: |
|
336 |
|
if (entry->evp == NULL) { |
|
337 |
|
entry->evp = PY_EVP_MD_fetch(entry->ossl_name, NULL); |
|
338 |
|
} |
|
339 |
|
digest = entry->evp; |
|
340 |
|
break; |
|
341 |
|
case Py_ht_evp_nosecurity: |
|
342 |
|
if (entry->evp_nosecurity == NULL) { |
|
343 |
|
entry->evp_nosecurity = PY_EVP_MD_fetch(entry->ossl_name, "-fips"); |
|
344 |
|
} |
|
345 |
|
digest = entry->evp_nosecurity; |
|
346 |
|
break; |
|
347 |
|
} |
|
348 |
|
if (digest != NULL) { |
|
349 |
|
PY_EVP_MD_up_ref(digest); |
|
350 |
|
} |
|
351 |
|
} else { |
|
352 |
|
// Fall back for looking up an unindexed OpenSSL specific name. |
|
353 |
|
switch (py_ht) { |
|
354 |
|
case Py_ht_evp: |
|
355 |
|
case Py_ht_mac: |
|
356 |
|
case Py_ht_pbkdf2: |
|
357 |
|
digest = PY_EVP_MD_fetch(name, NULL); |
|
358 |
|
break; |
|
359 |
|
case Py_ht_evp_nosecurity: |
|
360 |
|
digest = PY_EVP_MD_fetch(name, "-fips"); |
|
361 |
|
break; |
|
362 |
|
} |
|
363 |
|
} |
|
364 |
|
if (digest == NULL) { |
|
365 |
|
_setException(state->unsupported_digestmod_error, "unsupported hash type %s", name); |
|
366 |
|
return NULL; |
|
367 |
|
} |
|
368 |
|
return digest; |
|
369 |
|
} |
|
370 |
|
|
|
371 |
|
/* Get digest EVP from object |
|
372 |
|
* |
|
373 |
|
* * string |
|
374 |
|
* * _hashopenssl builtin function |
|
375 |
|
* |
|
376 |
|
* on error returns NULL with exception set. |
|
377 |
|
*/ |
|
378 |
|
static PY_EVP_MD* |
|
379 |
|
py_digest_by_digestmod(PyObject *module, PyObject *digestmod, enum Py_hash_type py_ht) { |
|
380 |
|
PY_EVP_MD* evp; |
|
381 |
|
PyObject *name_obj = NULL; |
|
382 |
|
const char *name; |
|
383 |
|
|
|
384 |
|
if (PyUnicode_Check(digestmod)) { |
|
385 |
|
name_obj = digestmod; |
|
386 |
|
} else { |
|
387 |
|
_hashlibstate *state = get_hashlib_state(module); |
|
388 |
|
// borrowed ref |
|
389 |
|
name_obj = PyDict_GetItemWithError(state->constructs, digestmod); |
|
390 |
|
} |
|
391 |
|
if (name_obj == NULL) { |
|
392 |
|
if (!PyErr_Occurred()) { |
|
393 |
|
_hashlibstate *state = get_hashlib_state(module); |
|
394 |
|
PyErr_Format( |
|
395 |
|
state->unsupported_digestmod_error, |
|
396 |
|
"Unsupported digestmod %R", digestmod); |
|
397 |
|
} |
|
398 |
|
return NULL; |
|
399 |
|
} |
|
400 |
|
|
|
401 |
|
name = PyUnicode_AsUTF8(name_obj); |
|
402 |
|
if (name == NULL) { |
|
403 |
|
return NULL; |
|
404 |
|
} |
|
405 |
|
|
|
406 |
|
evp = py_digest_by_name(module, name, py_ht); |
|
407 |
|
if (evp == NULL) { |
|
408 |
|
return NULL; |
|
409 |
|
} |
|
410 |
|
|
|
411 |
|
return evp; |
|
412 |
|
} |
|
413 |
|
|
|
414 |
|
static EVPobject * |
|
415 |
|
newEVPobject(PyTypeObject *type) |
|
416 |
|
{ |
|
417 |
|
EVPobject *retval = (EVPobject *)PyObject_New(EVPobject, type); |
|
418 |
|
if (retval == NULL) { |
|
419 |
|
return NULL; |
|
420 |
|
} |
|
421 |
|
|
|
422 |
|
retval->lock = NULL; |
|
423 |
|
|
|
424 |
|
retval->ctx = EVP_MD_CTX_new(); |
|
425 |
|
if (retval->ctx == NULL) { |
|
426 |
|
Py_DECREF(retval); |
|
427 |
|
PyErr_NoMemory(); |
|
428 |
|
return NULL; |
|
429 |
|
} |
|
430 |
|
|
|
431 |
|
return retval; |
|
432 |
|
} |
|
433 |
|
|
|
434 |
|
static int |
|
435 |
|
EVP_hash(EVPobject *self, const void *vp, Py_ssize_t len) |
|
436 |
|
{ |
|
437 |
|
unsigned int process; |
|
438 |
|
const unsigned char *cp = (const unsigned char *)vp; |
|
439 |
|
while (0 < len) { |
|
440 |
|
if (len > (Py_ssize_t)MUNCH_SIZE) |
|
441 |
|
process = MUNCH_SIZE; |
|
442 |
|
else |
|
443 |
|
process = Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int); |
|
444 |
|
if (!EVP_DigestUpdate(self->ctx, (const void*)cp, process)) { |
|
445 |
|
_setException(PyExc_ValueError, NULL); |
|
446 |
|
return -1; |
|
447 |
|
} |
|
448 |
|
len -= process; |
|
449 |
|
cp += process; |
|
450 |
|
} |
|
451 |
|
return 0; |
|
452 |
|
} |
|
453 |
|
|
|
454 |
|
/* Internal methods for a hash object */ |
|
455 |
|
|
|
456 |
|
static void |
|
457 |
|
EVP_dealloc(EVPobject *self) |
|
458 |
|
{ |
|
459 |
|
PyTypeObject *tp = Py_TYPE(self); |
|
460 |
|
if (self->lock != NULL) |
|
461 |
|
PyThread_free_lock(self->lock); |
|
462 |
|
EVP_MD_CTX_free(self->ctx); |
|
463 |
|
PyObject_Free(self); |
|
464 |
|
Py_DECREF(tp); |
|
465 |
|
} |
|
466 |
|
|
|
467 |
|
static int |
|
468 |
|
locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self) |
|
469 |
|
{ |
|
470 |
|
int result; |
|
471 |
|
ENTER_HASHLIB(self); |
|
472 |
|
result = EVP_MD_CTX_copy(new_ctx_p, self->ctx); |
|
473 |
|
LEAVE_HASHLIB(self); |
|
474 |
|
return result; |
|
475 |
|
} |
|
476 |
|
|
|
477 |
|
/* External methods for a hash object */ |
|
478 |
|
|
|
479 |
|
/*[clinic input] |
|
480 |
|
_hashlib.HASH.copy as EVP_copy |
|
481 |
|
|
|
482 |
|
Return a copy of the hash object. |
|
483 |
|
[clinic start generated code]*/ |
|
484 |
|
|
|
485 |
|
static PyObject * |
|
486 |
|
EVP_copy_impl(EVPobject *self) |
|
487 |
|
/*[clinic end generated code: output=b370c21cdb8ca0b4 input=31455b6a3e638069]*/ |
|
488 |
|
{ |
|
489 |
|
EVPobject *newobj; |
|
490 |
|
|
|
491 |
|
if ((newobj = newEVPobject(Py_TYPE(self))) == NULL) |
|
492 |
|
return NULL; |
|
493 |
|
|
|
494 |
|
if (!locked_EVP_MD_CTX_copy(newobj->ctx, self)) { |
|
495 |
|
Py_DECREF(newobj); |
|
496 |
|
return _setException(PyExc_ValueError, NULL); |
|
497 |
|
} |
|
498 |
|
return (PyObject *)newobj; |
|
499 |
|
} |
|
500 |
|
|
|
501 |
|
/*[clinic input] |
|
502 |
|
_hashlib.HASH.digest as EVP_digest |
|
503 |
|
|
|
504 |
|
Return the digest value as a bytes object. |
|
505 |
|
[clinic start generated code]*/ |
|
506 |
|
|
|
507 |
|
static PyObject * |
|
508 |
|
EVP_digest_impl(EVPobject *self) |
|
509 |
|
/*[clinic end generated code: output=0f6a3a0da46dc12d input=03561809a419bf00]*/ |
|
510 |
|
{ |
|
511 |
|
unsigned char digest[EVP_MAX_MD_SIZE]; |
|
512 |
|
EVP_MD_CTX *temp_ctx; |
|
513 |
|
PyObject *retval; |
|
514 |
|
unsigned int digest_size; |
|
515 |
|
|
|
516 |
|
temp_ctx = EVP_MD_CTX_new(); |
|
517 |
|
if (temp_ctx == NULL) { |
|
518 |
|
PyErr_NoMemory(); |
|
519 |
|
return NULL; |
|
520 |
|
} |
|
521 |
|
|
|
522 |
|
if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { |
|
523 |
|
return _setException(PyExc_ValueError, NULL); |
|
524 |
|
} |
|
525 |
|
digest_size = EVP_MD_CTX_size(temp_ctx); |
|
526 |
|
if (!EVP_DigestFinal(temp_ctx, digest, NULL)) { |
|
527 |
|
_setException(PyExc_ValueError, NULL); |
|
528 |
|
return NULL; |
|
529 |
|
} |
|
530 |
|
|
|
531 |
|
retval = PyBytes_FromStringAndSize((const char *)digest, digest_size); |
|
532 |
|
EVP_MD_CTX_free(temp_ctx); |
|
533 |
|
return retval; |
|
534 |
|
} |
|
535 |
|
|
|
536 |
|
/*[clinic input] |
|
537 |
|
_hashlib.HASH.hexdigest as EVP_hexdigest |
|
538 |
|
|
|
539 |
|
Return the digest value as a string of hexadecimal digits. |
|
540 |
|
[clinic start generated code]*/ |
|
541 |
|
|
|
542 |
|
static PyObject * |
|
543 |
|
EVP_hexdigest_impl(EVPobject *self) |
|
544 |
|
/*[clinic end generated code: output=18e6decbaf197296 input=aff9cf0e4c741a9a]*/ |
|
545 |
|
{ |
|
546 |
|
unsigned char digest[EVP_MAX_MD_SIZE]; |
|
547 |
|
EVP_MD_CTX *temp_ctx; |
|
548 |
|
unsigned int digest_size; |
|
549 |
|
|
|
550 |
|
temp_ctx = EVP_MD_CTX_new(); |
|
551 |
|
if (temp_ctx == NULL) { |
|
552 |
|
PyErr_NoMemory(); |
|
553 |
|
return NULL; |
|
554 |
|
} |
|
555 |
|
|
|
556 |
|
/* Get the raw (binary) digest value */ |
|
557 |
|
if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { |
|
558 |
|
return _setException(PyExc_ValueError, NULL); |
|
559 |
|
} |
|
560 |
|
digest_size = EVP_MD_CTX_size(temp_ctx); |
|
561 |
|
if (!EVP_DigestFinal(temp_ctx, digest, NULL)) { |
|
562 |
|
_setException(PyExc_ValueError, NULL); |
|
563 |
|
return NULL; |
|
564 |
|
} |
|
565 |
|
|
|
566 |
|
EVP_MD_CTX_free(temp_ctx); |
|
567 |
|
|
|
568 |
|
return _Py_strhex((const char *)digest, (Py_ssize_t)digest_size); |
|
569 |
|
} |
|
570 |
|
|
|
571 |
|
/*[clinic input] |
|
572 |
|
_hashlib.HASH.update as EVP_update |
|
573 |
|
|
|
574 |
|
obj: object |
|
575 |
|
/ |
|
576 |
|
|
|
577 |
|
Update this hash object's state with the provided string. |
|
578 |
|
[clinic start generated code]*/ |
|
579 |
|
|
|
580 |
|
static PyObject * |
|
581 |
|
EVP_update(EVPobject *self, PyObject *obj) |
|
582 |
|
/*[clinic end generated code: output=ec1d55ed2432e966 input=9b30ec848f015501]*/ |
|
583 |
|
{ |
|
584 |
|
int result; |
|
585 |
|
Py_buffer view; |
|
586 |
|
|
|
587 |
|
GET_BUFFER_VIEW_OR_ERROUT(obj, &view); |
|
588 |
|
|
|
589 |
|
if (self->lock == NULL && view.len >= HASHLIB_GIL_MINSIZE) { |
|
590 |
|
self->lock = PyThread_allocate_lock(); |
|
591 |
|
/* fail? lock = NULL and we fail over to non-threaded code. */ |
|
592 |
|
} |
|
593 |
|
|
|
594 |
|
if (self->lock != NULL) { |
|
595 |
|
Py_BEGIN_ALLOW_THREADS |
|
596 |
|
PyThread_acquire_lock(self->lock, 1); |
|
597 |
|
result = EVP_hash(self, view.buf, view.len); |
|
598 |
|
PyThread_release_lock(self->lock); |
|
599 |
|
Py_END_ALLOW_THREADS |
|
600 |
|
} else { |
|
601 |
|
result = EVP_hash(self, view.buf, view.len); |
|
602 |
|
} |
|
603 |
|
|
|
604 |
|
PyBuffer_Release(&view); |
|
605 |
|
|
|
606 |
|
if (result == -1) |
|
607 |
|
return NULL; |
|
608 |
|
Py_RETURN_NONE; |
|
609 |
|
} |
|
610 |
|
|
|
611 |
|
static PyMethodDef EVP_methods[] = { |
|
612 |
|
EVP_UPDATE_METHODDEF |
|
613 |
|
EVP_DIGEST_METHODDEF |
|
614 |
|
EVP_HEXDIGEST_METHODDEF |
|
615 |
|
EVP_COPY_METHODDEF |
|
616 |
|
{NULL, NULL} /* sentinel */ |
|
617 |
|
}; |
|
618 |
|
|
|
619 |
|
static PyObject * |
|
620 |
|
EVP_get_block_size(EVPobject *self, void *closure) |
|
621 |
|
{ |
|
622 |
|
long block_size; |
|
623 |
|
block_size = EVP_MD_CTX_block_size(self->ctx); |
|
624 |
|
return PyLong_FromLong(block_size); |
|
625 |
|
} |
|
626 |
|
|
|
627 |
|
static PyObject * |
|
628 |
|
EVP_get_digest_size(EVPobject *self, void *closure) |
|
629 |
|
{ |
|
630 |
|
long size; |
|
631 |
|
size = EVP_MD_CTX_size(self->ctx); |
|
632 |
|
return PyLong_FromLong(size); |
|
633 |
|
} |
|
634 |
|
|
|
635 |
|
static PyObject * |
|
636 |
|
EVP_get_name(EVPobject *self, void *closure) |
|
637 |
|
{ |
|
638 |
|
return py_digest_name(EVP_MD_CTX_md(self->ctx)); |
|
639 |
|
} |
|
640 |
|
|
|
641 |
|
static PyGetSetDef EVP_getseters[] = { |
|
642 |
|
{"digest_size", |
|
643 |
|
(getter)EVP_get_digest_size, NULL, |
|
644 |
|
NULL, |
|
645 |
|
NULL}, |
|
646 |
|
{"block_size", |
|
647 |
|
(getter)EVP_get_block_size, NULL, |
|
648 |
|
NULL, |
|
649 |
|
NULL}, |
|
650 |
|
{"name", |
|
651 |
|
(getter)EVP_get_name, NULL, |
|
652 |
|
NULL, |
|
653 |
|
PyDoc_STR("algorithm name.")}, |
|
654 |
|
{NULL} /* Sentinel */ |
|
655 |
|
}; |
|
656 |
|
|
|
657 |
|
|
|
658 |
|
static PyObject * |
|
659 |
|
EVP_repr(EVPobject *self) |
|
660 |
|
{ |
|
661 |
|
PyObject *name_obj, *repr; |
|
662 |
|
name_obj = py_digest_name(EVP_MD_CTX_md(self->ctx)); |
|
663 |
|
if (!name_obj) { |
|
664 |
|
return NULL; |
|
665 |
|
} |
|
666 |
|
repr = PyUnicode_FromFormat("<%U %s object @ %p>", |
|
667 |
|
name_obj, Py_TYPE(self)->tp_name, self); |
|
668 |
|
Py_DECREF(name_obj); |
|
669 |
|
return repr; |
|
670 |
|
} |
|
671 |
|
|
|
672 |
|
PyDoc_STRVAR(hashtype_doc, |
|
673 |
|
"HASH(name, string=b\'\')\n" |
|
674 |
|
"--\n" |
|
675 |
|
"\n" |
|
676 |
|
"A hash is an object used to calculate a checksum of a string of information.\n" |
|
677 |
|
"\n" |
|
678 |
|
"Methods:\n" |
|
679 |
|
"\n" |
|
680 |
|
"update() -- updates the current digest with an additional string\n" |
|
681 |
|
"digest() -- return the current digest value\n" |
|
682 |
|
"hexdigest() -- return the current digest as a string of hexadecimal digits\n" |
|
683 |
|
"copy() -- return a copy of the current hash object\n" |
|
684 |
|
"\n" |
|
685 |
|
"Attributes:\n" |
|
686 |
|
"\n" |
|
687 |
|
"name -- the hash algorithm being used by this object\n" |
|
688 |
|
"digest_size -- number of bytes in this hashes output"); |
|
689 |
|
|
|
690 |
|
static PyType_Slot EVPtype_slots[] = { |
|
691 |
|
{Py_tp_dealloc, EVP_dealloc}, |
|
692 |
|
{Py_tp_repr, EVP_repr}, |
|
693 |
|
{Py_tp_doc, (char *)hashtype_doc}, |
|
694 |
|
{Py_tp_methods, EVP_methods}, |
|
695 |
|
{Py_tp_getset, EVP_getseters}, |
|
696 |
|
{0, 0}, |
|
697 |
|
}; |
|
698 |
|
|
|
699 |
|
static PyType_Spec EVPtype_spec = { |
|
700 |
|
"_hashlib.HASH", /*tp_name*/ |
|
701 |
|
sizeof(EVPobject), /*tp_basicsize*/ |
|
702 |
|
0, /*tp_itemsize*/ |
|
703 |
|
Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE | Py_TPFLAGS_DISALLOW_INSTANTIATION | Py_TPFLAGS_IMMUTABLETYPE, |
|
704 |
|
EVPtype_slots |
|
705 |
|
}; |
|
706 |
|
|
|
707 |
|
#ifdef PY_OPENSSL_HAS_SHAKE |
|
708 |
|
|
|
709 |
|
/*[clinic input] |
|
710 |
|
_hashlib.HASHXOF.digest as EVPXOF_digest |
|
711 |
|
|
|
712 |
|
length: Py_ssize_t |
|
713 |
|
|
|
714 |
|
Return the digest value as a bytes object. |
|
715 |
|
[clinic start generated code]*/ |
|
716 |
|
|
|
717 |
|
static PyObject * |
|
718 |
|
EVPXOF_digest_impl(EVPobject *self, Py_ssize_t length) |
|
719 |
|
/*[clinic end generated code: output=ef9320c23280efad input=816a6537cea3d1db]*/ |
|
720 |
|
{ |
|
721 |
|
EVP_MD_CTX *temp_ctx; |
|
722 |
|
PyObject *retval = PyBytes_FromStringAndSize(NULL, length); |
|
723 |
|
|
|
724 |
|
if (retval == NULL) { |
|
725 |
|
return NULL; |
|
726 |
|
} |
|
727 |
|
|
|
728 |
|
temp_ctx = EVP_MD_CTX_new(); |
|
729 |
|
if (temp_ctx == NULL) { |
|
730 |
|
Py_DECREF(retval); |
|
731 |
|
PyErr_NoMemory(); |
|
732 |
|
return NULL; |
|
733 |
|
} |
|
734 |
|
|
|
735 |
|
if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { |
|
736 |
|
Py_DECREF(retval); |
|
737 |
|
EVP_MD_CTX_free(temp_ctx); |
|
738 |
|
return _setException(PyExc_ValueError, NULL); |
|
739 |
|
} |
|
740 |
|
if (!EVP_DigestFinalXOF(temp_ctx, |
|
741 |
|
(unsigned char*)PyBytes_AS_STRING(retval), |
|
742 |
|
length)) { |
|
743 |
|
Py_DECREF(retval); |
|
744 |
|
EVP_MD_CTX_free(temp_ctx); |
|
745 |
|
_setException(PyExc_ValueError, NULL); |
|
746 |
|
return NULL; |
|
747 |
|
} |
|
748 |
|
|
|
749 |
|
EVP_MD_CTX_free(temp_ctx); |
|
750 |
|
return retval; |
|
751 |
|
} |
|
752 |
|
|
|
753 |
|
/*[clinic input] |
|
754 |
|
_hashlib.HASHXOF.hexdigest as EVPXOF_hexdigest |
|
755 |
|
|
|
756 |
|
length: Py_ssize_t |
|
757 |
|
|
|
758 |
|
Return the digest value as a string of hexadecimal digits. |
|
759 |
|
[clinic start generated code]*/ |
|
760 |
|
|
|
761 |
|
static PyObject * |
|
762 |
|
EVPXOF_hexdigest_impl(EVPobject *self, Py_ssize_t length) |
|
763 |
|
/*[clinic end generated code: output=eb3e6ee7788bf5b2 input=5f9d6a8f269e34df]*/ |
|
764 |
|
{ |
|
765 |
|
unsigned char *digest; |
|
766 |
|
EVP_MD_CTX *temp_ctx; |
|
767 |
|
PyObject *retval; |
|
768 |
|
|
|
769 |
|
digest = (unsigned char*)PyMem_Malloc(length); |
|
770 |
|
if (digest == NULL) { |
|
771 |
|
PyErr_NoMemory(); |
|
772 |
|
return NULL; |
|
773 |
|
} |
|
774 |
|
|
|
775 |
|
temp_ctx = EVP_MD_CTX_new(); |
|
776 |
|
if (temp_ctx == NULL) { |
|
777 |
|
PyMem_Free(digest); |
|
778 |
|
PyErr_NoMemory(); |
|
779 |
|
return NULL; |
|
780 |
|
} |
|
781 |
|
|
|
782 |
|
/* Get the raw (binary) digest value */ |
|
783 |
|
if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { |
|
784 |
|
PyMem_Free(digest); |
|
785 |
|
EVP_MD_CTX_free(temp_ctx); |
|
786 |
|
return _setException(PyExc_ValueError, NULL); |
|
787 |
|
} |
|
788 |
|
if (!EVP_DigestFinalXOF(temp_ctx, digest, length)) { |
|
789 |
|
PyMem_Free(digest); |
|
790 |
|
EVP_MD_CTX_free(temp_ctx); |
|
791 |
|
_setException(PyExc_ValueError, NULL); |
|
792 |
|
return NULL; |
|
793 |
|
} |
|
794 |
|
|
|
795 |
|
EVP_MD_CTX_free(temp_ctx); |
|
796 |
|
|
|
797 |
|
retval = _Py_strhex((const char *)digest, length); |
|
798 |
|
PyMem_Free(digest); |
|
799 |
|
return retval; |
|
800 |
|
} |
|
801 |
|
|
|
802 |
|
static PyMethodDef EVPXOF_methods[] = { |
|
803 |
|
EVPXOF_DIGEST_METHODDEF |
|
804 |
|
EVPXOF_HEXDIGEST_METHODDEF |
|
805 |
|
{NULL, NULL} /* sentinel */ |
|
806 |
|
}; |
|
807 |
|
|
|
808 |
|
|
|
809 |
|
static PyObject * |
|
810 |
|
EVPXOF_get_digest_size(EVPobject *self, void *closure) |
|
811 |
|
{ |
|
812 |
|
return PyLong_FromLong(0); |
|
813 |
|
} |
|
814 |
|
|
|
815 |
|
static PyGetSetDef EVPXOF_getseters[] = { |
|
816 |
|
{"digest_size", |
|
817 |
|
(getter)EVPXOF_get_digest_size, NULL, |
|
818 |
|
NULL, |
|
819 |
|
NULL}, |
|
820 |
|
{NULL} /* Sentinel */ |
|
821 |
|
}; |
|
822 |
|
|
|
823 |
|
PyDoc_STRVAR(hashxoftype_doc, |
|
824 |
|
"HASHXOF(name, string=b\'\')\n" |
|
825 |
|
"--\n" |
|
826 |
|
"\n" |
|
827 |
|
"A hash is an object used to calculate a checksum of a string of information.\n" |
|
828 |
|
"\n" |
|
829 |
|
"Methods:\n" |
|
830 |
|
"\n" |
|
831 |
|
"update() -- updates the current digest with an additional string\n" |
|
832 |
|
"digest(length) -- return the current digest value\n" |
|
833 |
|
"hexdigest(length) -- return the current digest as a string of hexadecimal digits\n" |
|
834 |
|
"copy() -- return a copy of the current hash object\n" |
|
835 |
|
"\n" |
|
836 |
|
"Attributes:\n" |
|
837 |
|
"\n" |
|
838 |
|
"name -- the hash algorithm being used by this object\n" |
|
839 |
|
"digest_size -- number of bytes in this hashes output"); |
|
840 |
|
|
|
841 |
|
static PyType_Slot EVPXOFtype_slots[] = { |
|
842 |
|
{Py_tp_doc, (char *)hashxoftype_doc}, |
|
843 |
|
{Py_tp_methods, EVPXOF_methods}, |
|
844 |
|
{Py_tp_getset, EVPXOF_getseters}, |
|
845 |
|
{0, 0}, |
|
846 |
|
}; |
|
847 |
|
|
|
848 |
|
static PyType_Spec EVPXOFtype_spec = { |
|
849 |
|
"_hashlib.HASHXOF", /*tp_name*/ |
|
850 |
|
sizeof(EVPobject), /*tp_basicsize*/ |
|
851 |
|
0, /*tp_itemsize*/ |
|
852 |
|
Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE | Py_TPFLAGS_DISALLOW_INSTANTIATION | Py_TPFLAGS_IMMUTABLETYPE, |
|
853 |
|
EVPXOFtype_slots |
|
854 |
|
}; |
|
855 |
|
|
|
856 |
|
|
|
857 |
|
#endif |
|
858 |
|
|
|
859 |
|
static PyObject* |
|
860 |
|
py_evp_fromname(PyObject *module, const char *digestname, PyObject *data_obj, |
|
861 |
|
int usedforsecurity) |
|
862 |
|
{ |
|
863 |
|
Py_buffer view = { 0 }; |
|
864 |
|
PY_EVP_MD *digest = NULL; |
|
865 |
|
PyTypeObject *type; |
|
866 |
|
EVPobject *self = NULL; |
|
867 |
|
|
|
868 |
|
if (data_obj != NULL) { |
|
869 |
|
GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view); |
|
870 |
|
} |
|
871 |
|
|
|
872 |
|
digest = py_digest_by_name( |
|
873 |
|
module, digestname, usedforsecurity ? Py_ht_evp : Py_ht_evp_nosecurity |
|
874 |
|
); |
|
875 |
|
if (digest == NULL) { |
|
876 |
|
goto exit; |
|
877 |
|
} |
|
878 |
|
#ifdef PY_OPENSSL_HAS_SHAKE |
|
879 |
|
if ((EVP_MD_flags(digest) & EVP_MD_FLAG_XOF) == EVP_MD_FLAG_XOF) { |
|
880 |
|
type = get_hashlib_state(module)->EVPXOFtype; |
|
881 |
|
} else { |
|
882 |
|
type = get_hashlib_state(module)->EVPtype; |
|
883 |
|
} |
|
884 |
|
#else |
|
885 |
|
type = get_hashlib_state(module)->EVPtype; |
|
886 |
|
#endif |
|
887 |
|
|
|
888 |
|
self = newEVPobject(type); |
|
889 |
|
if (self == NULL) { |
|
890 |
|
goto exit; |
|
891 |
|
} |
|
892 |
|
|
|
893 |
|
#if defined(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) && OPENSSL_VERSION_NUMBER < 0x30000000L |
|
894 |
|
// In OpenSSL 1.1.1 the non FIPS allowed flag is context specific while |
|
895 |
|
// in 3.0.0 it is a different EVP_MD provider. |
|
896 |
|
if (!usedforsecurity) { |
|
897 |
|
EVP_MD_CTX_set_flags(self->ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); |
|
898 |
|
} |
|
899 |
|
#endif |
|
900 |
|
|
|
901 |
|
int result = EVP_DigestInit_ex(self->ctx, digest, NULL); |
|
902 |
|
if (!result) { |
|
903 |
|
_setException(PyExc_ValueError, NULL); |
|
904 |
|
Py_CLEAR(self); |
|
905 |
|
goto exit; |
|
906 |
|
} |
|
907 |
|
|
|
908 |
|
if (view.buf && view.len) { |
|
909 |
|
if (view.len >= HASHLIB_GIL_MINSIZE) { |
|
910 |
|
/* We do not initialize self->lock here as this is the constructor |
|
911 |
|
* where it is not yet possible to have concurrent access. */ |
|
912 |
|
Py_BEGIN_ALLOW_THREADS |
|
913 |
|
result = EVP_hash(self, view.buf, view.len); |
|
914 |
|
Py_END_ALLOW_THREADS |
|
915 |
|
} else { |
|
916 |
|
result = EVP_hash(self, view.buf, view.len); |
|
917 |
|
} |
|
918 |
|
if (result == -1) { |
|
919 |
|
Py_CLEAR(self); |
|
920 |
|
goto exit; |
|
921 |
|
} |
|
922 |
|
} |
|
923 |
|
|
|
924 |
|
exit: |
|
925 |
|
if (data_obj != NULL) { |
|
926 |
|
PyBuffer_Release(&view); |
|
927 |
|
} |
|
928 |
|
if (digest != NULL) { |
|
929 |
|
PY_EVP_MD_free(digest); |
|
930 |
|
} |
|
931 |
|
|
|
932 |
|
return (PyObject *)self; |
|
933 |
|
} |
|
934 |
|
|
|
935 |
|
|
|
936 |
|
/* The module-level function: new() */ |
|
937 |
|
|
|
938 |
|
/*[clinic input] |
|
939 |
|
_hashlib.new as EVP_new |
|
940 |
|
|
|
941 |
|
name as name_obj: object |
|
942 |
|
string as data_obj: object(c_default="NULL") = b'' |
|
943 |
|
* |
|
944 |
|
usedforsecurity: bool = True |
|
945 |
|
|
|
946 |
|
Return a new hash object using the named algorithm. |
|
947 |
|
|
|
948 |
|
An optional string argument may be provided and will be |
|
949 |
|
automatically hashed. |
|
950 |
|
|
|
951 |
|
The MD5 and SHA1 algorithms are always supported. |
|
952 |
|
[clinic start generated code]*/ |
|
953 |
|
|
|
954 |
|
static PyObject * |
|
955 |
|
EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj, |
|
956 |
|
int usedforsecurity) |
|
957 |
|
/*[clinic end generated code: output=ddd5053f92dffe90 input=c24554d0337be1b0]*/ |
|
958 |
|
{ |
|
959 |
|
char *name; |
|
960 |
|
if (!PyArg_Parse(name_obj, "s", &name)) { |
|
961 |
|
PyErr_SetString(PyExc_TypeError, "name must be a string"); |
|
962 |
|
return NULL; |
|
963 |
|
} |
|
964 |
|
return py_evp_fromname(module, name, data_obj, usedforsecurity); |
|
965 |
|
} |
|
966 |
|
|
|
967 |
|
|
|
968 |
|
/*[clinic input] |
|
969 |
|
_hashlib.openssl_md5 |
|
970 |
|
|
|
971 |
|
string as data_obj: object(py_default="b''") = NULL |
|
972 |
|
* |
|
973 |
|
usedforsecurity: bool = True |
|
974 |
|
|
|
975 |
|
Returns a md5 hash object; optionally initialized with a string |
|
976 |
|
|
|
977 |
|
[clinic start generated code]*/ |
|
978 |
|
|
|
979 |
|
static PyObject * |
|
980 |
|
_hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj, |
|
981 |
|
int usedforsecurity) |
|
982 |
|
/*[clinic end generated code: output=87b0186440a44f8c input=990e36d5e689b16e]*/ |
|
983 |
|
{ |
|
984 |
|
return py_evp_fromname(module, Py_hash_md5, data_obj, usedforsecurity); |
|
985 |
|
} |
|
986 |
|
|
|
987 |
|
|
|
988 |
|
/*[clinic input] |
|
989 |
|
_hashlib.openssl_sha1 |
|
990 |
|
|
|
991 |
|
string as data_obj: object(py_default="b''") = NULL |
|
992 |
|
* |
|
993 |
|
usedforsecurity: bool = True |
|
994 |
|
|
|
995 |
|
Returns a sha1 hash object; optionally initialized with a string |
|
996 |
|
|
|
997 |
|
[clinic start generated code]*/ |
|
998 |
|
|
|
999 |
|
static PyObject * |
|
1000 |
|
_hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj, |
|
1001 |
|
int usedforsecurity) |
|
1002 |
|
/*[clinic end generated code: output=6813024cf690670d input=948f2f4b6deabc10]*/ |
|
1003 |
|
{ |
|
1004 |
|
return py_evp_fromname(module, Py_hash_sha1, data_obj, usedforsecurity); |
|
1005 |
|
} |
|
1006 |
|
|
|
1007 |
|
|
|
1008 |
|
/*[clinic input] |
|
1009 |
|
_hashlib.openssl_sha224 |
|
1010 |
|
|
|
1011 |
|
string as data_obj: object(py_default="b''") = NULL |
|
1012 |
|
* |
|
1013 |
|
usedforsecurity: bool = True |
|
1014 |
|
|
|
1015 |
|
Returns a sha224 hash object; optionally initialized with a string |
|
1016 |
|
|
|
1017 |
|
[clinic start generated code]*/ |
|
1018 |
|
|
|
1019 |
|
static PyObject * |
|
1020 |
|
_hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj, |
|
1021 |
|
int usedforsecurity) |
|
1022 |
|
/*[clinic end generated code: output=a2dfe7cc4eb14ebb input=f9272821fadca505]*/ |
|
1023 |
|
{ |
|
1024 |
|
return py_evp_fromname(module, Py_hash_sha224, data_obj, usedforsecurity); |
|
1025 |
|
} |
|
1026 |
|
|
|
1027 |
|
|
|
1028 |
|
/*[clinic input] |
|
1029 |
|
_hashlib.openssl_sha256 |
|
1030 |
|
|
|
1031 |
|
string as data_obj: object(py_default="b''") = NULL |
|
1032 |
|
* |
|
1033 |
|
usedforsecurity: bool = True |
|
1034 |
|
|
|
1035 |
|
Returns a sha256 hash object; optionally initialized with a string |
|
1036 |
|
|
|
1037 |
|
[clinic start generated code]*/ |
|
1038 |
|
|
|
1039 |
|
static PyObject * |
|
1040 |
|
_hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj, |
|
1041 |
|
int usedforsecurity) |
|
1042 |
|
/*[clinic end generated code: output=1f874a34870f0a68 input=549fad9d2930d4c5]*/ |
|
1043 |
|
{ |
|
1044 |
|
return py_evp_fromname(module, Py_hash_sha256, data_obj, usedforsecurity); |
|
1045 |
|
} |
|
1046 |
|
|
|
1047 |
|
|
|
1048 |
|
/*[clinic input] |
|
1049 |
|
_hashlib.openssl_sha384 |
|
1050 |
|
|
|
1051 |
|
string as data_obj: object(py_default="b''") = NULL |
|
1052 |
|
* |
|
1053 |
|
usedforsecurity: bool = True |
|
1054 |
|
|
|
1055 |
|
Returns a sha384 hash object; optionally initialized with a string |
|
1056 |
|
|
|
1057 |
|
[clinic start generated code]*/ |
|
1058 |
|
|
|
1059 |
|
static PyObject * |
|
1060 |
|
_hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj, |
|
1061 |
|
int usedforsecurity) |
|
1062 |
|
/*[clinic end generated code: output=58529eff9ca457b2 input=48601a6e3bf14ad7]*/ |
|
1063 |
|
{ |
|
1064 |
|
return py_evp_fromname(module, Py_hash_sha384, data_obj, usedforsecurity); |
|
1065 |
|
} |
|
1066 |
|
|
|
1067 |
|
|
|
1068 |
|
/*[clinic input] |
|
1069 |
|
_hashlib.openssl_sha512 |
|
1070 |
|
|
|
1071 |
|
string as data_obj: object(py_default="b''") = NULL |
|
1072 |
|
* |
|
1073 |
|
usedforsecurity: bool = True |
|
1074 |
|
|
|
1075 |
|
Returns a sha512 hash object; optionally initialized with a string |
|
1076 |
|
|
|
1077 |
|
[clinic start generated code]*/ |
|
1078 |
|
|
|
1079 |
|
static PyObject * |
|
1080 |
|
_hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj, |
|
1081 |
|
int usedforsecurity) |
|
1082 |
|
/*[clinic end generated code: output=2c744c9e4a40d5f6 input=c5c46a2a817aa98f]*/ |
|
1083 |
|
{ |
|
1084 |
|
return py_evp_fromname(module, Py_hash_sha512, data_obj, usedforsecurity); |
|
1085 |
|
} |
|
1086 |
|
|
|
1087 |
|
|
|
1088 |
|
#ifdef PY_OPENSSL_HAS_SHA3 |
|
1089 |
|
|
|
1090 |
|
/*[clinic input] |
|
1091 |
|
_hashlib.openssl_sha3_224 |
|
1092 |
|
|
|
1093 |
|
string as data_obj: object(py_default="b''") = NULL |
|
1094 |
|
* |
|
1095 |
|
usedforsecurity: bool = True |
|
1096 |
|
|
|
1097 |
|
Returns a sha3-224 hash object; optionally initialized with a string |
|
1098 |
|
|
|
1099 |
|
[clinic start generated code]*/ |
|
1100 |
|
|
|
1101 |
|
static PyObject * |
|
1102 |
|
_hashlib_openssl_sha3_224_impl(PyObject *module, PyObject *data_obj, |
|
1103 |
|
int usedforsecurity) |
|
1104 |
|
/*[clinic end generated code: output=144641c1d144b974 input=e3a01b2888916157]*/ |
|
1105 |
|
{ |
|
1106 |
|
return py_evp_fromname(module, Py_hash_sha3_224, data_obj, usedforsecurity); |
|
1107 |
|
} |
|
1108 |
|
|
|
1109 |
|
/*[clinic input] |
|
1110 |
|
_hashlib.openssl_sha3_256 |
|
1111 |
|
|
|
1112 |
|
string as data_obj: object(py_default="b''") = NULL |
|
1113 |
|
* |
|
1114 |
|
usedforsecurity: bool = True |
|
1115 |
|
|
|
1116 |
|
Returns a sha3-256 hash object; optionally initialized with a string |
|
1117 |
|
|
|
1118 |
|
[clinic start generated code]*/ |
|
1119 |
|
|
|
1120 |
|
static PyObject * |
|
1121 |
|
_hashlib_openssl_sha3_256_impl(PyObject *module, PyObject *data_obj, |
|
1122 |
|
int usedforsecurity) |
|
1123 |
|
/*[clinic end generated code: output=c61f1ab772d06668 input=e2908126c1b6deed]*/ |
|
1124 |
|
{ |
|
1125 |
|
return py_evp_fromname(module, Py_hash_sha3_256, data_obj , usedforsecurity); |
|
1126 |
|
} |
|
1127 |
|
|
|
1128 |
|
/*[clinic input] |
|
1129 |
|
_hashlib.openssl_sha3_384 |
|
1130 |
|
|
|
1131 |
|
string as data_obj: object(py_default="b''") = NULL |
|
1132 |
|
* |
|
1133 |
|
usedforsecurity: bool = True |
|
1134 |
|
|
|
1135 |
|
Returns a sha3-384 hash object; optionally initialized with a string |
|
1136 |
|
|
|
1137 |
|
[clinic start generated code]*/ |
|
1138 |
|
|
|
1139 |
|
static PyObject * |
|
1140 |
|
_hashlib_openssl_sha3_384_impl(PyObject *module, PyObject *data_obj, |
|
1141 |
|
int usedforsecurity) |
|
1142 |
|
/*[clinic end generated code: output=f68e4846858cf0ee input=ec0edf5c792f8252]*/ |
|
1143 |
|
{ |
|
1144 |
|
return py_evp_fromname(module, Py_hash_sha3_384, data_obj , usedforsecurity); |
|
1145 |
|
} |
|
1146 |
|
|
|
1147 |
|
/*[clinic input] |
|
1148 |
|
_hashlib.openssl_sha3_512 |
|
1149 |
|
|
|
1150 |
|
string as data_obj: object(py_default="b''") = NULL |
|
1151 |
|
* |
|
1152 |
|
usedforsecurity: bool = True |
|
1153 |
|
|
|
1154 |
|
Returns a sha3-512 hash object; optionally initialized with a string |
|
1155 |
|
|
|
1156 |
|
[clinic start generated code]*/ |
|
1157 |
|
|
|
1158 |
|
static PyObject * |
|
1159 |
|
_hashlib_openssl_sha3_512_impl(PyObject *module, PyObject *data_obj, |
|
1160 |
|
int usedforsecurity) |
|
1161 |
|
/*[clinic end generated code: output=2eede478c159354a input=64e2cc0c094d56f4]*/ |
|
1162 |
|
{ |
|
1163 |
|
return py_evp_fromname(module, Py_hash_sha3_512, data_obj , usedforsecurity); |
|
1164 |
|
} |
|
1165 |
|
#endif /* PY_OPENSSL_HAS_SHA3 */ |
|
1166 |
|
|
|
1167 |
|
#ifdef PY_OPENSSL_HAS_SHAKE |
|
1168 |
|
/*[clinic input] |
|
1169 |
|
_hashlib.openssl_shake_128 |
|
1170 |
|
|
|
1171 |
|
string as data_obj: object(py_default="b''") = NULL |
|
1172 |
|
* |
|
1173 |
|
usedforsecurity: bool = True |
|
1174 |
|
|
|
1175 |
|
Returns a shake-128 variable hash object; optionally initialized with a string |
|
1176 |
|
|
|
1177 |
|
[clinic start generated code]*/ |
|
1178 |
|
|
|
1179 |
|
static PyObject * |
|
1180 |
|
_hashlib_openssl_shake_128_impl(PyObject *module, PyObject *data_obj, |
|
1181 |
|
int usedforsecurity) |
|
1182 |
|
/*[clinic end generated code: output=bc49cdd8ada1fa97 input=6c9d67440eb33ec8]*/ |
|
1183 |
|
{ |
|
1184 |
|
return py_evp_fromname(module, Py_hash_shake_128, data_obj , usedforsecurity); |
|
1185 |
|
} |
|
1186 |
|
|
|
1187 |
|
/*[clinic input] |
|
1188 |
|
_hashlib.openssl_shake_256 |
|
1189 |
|
|
|
1190 |
|
string as data_obj: object(py_default="b''") = NULL |
|
1191 |
|
* |
|
1192 |
|
usedforsecurity: bool = True |
|
1193 |
|
|
|
1194 |
|
Returns a shake-256 variable hash object; optionally initialized with a string |
|
1195 |
|
|
|
1196 |
|
[clinic start generated code]*/ |
|
1197 |
|
|
|
1198 |
|
static PyObject * |
|
1199 |
|
_hashlib_openssl_shake_256_impl(PyObject *module, PyObject *data_obj, |
|
1200 |
|
int usedforsecurity) |
|
1201 |
|
/*[clinic end generated code: output=358d213be8852df7 input=479cbe9fefd4a9f8]*/ |
|
1202 |
|
{ |
|
1203 |
|
return py_evp_fromname(module, Py_hash_shake_256, data_obj , usedforsecurity); |
|
1204 |
|
} |
|
1205 |
|
#endif /* PY_OPENSSL_HAS_SHAKE */ |
|
1206 |
|
|
|
1207 |
|
/*[clinic input] |
|
1208 |
|
_hashlib.pbkdf2_hmac as pbkdf2_hmac |
|
1209 |
|
|
|
1210 |
|
hash_name: str |
|
1211 |
|
password: Py_buffer |
|
1212 |
|
salt: Py_buffer |
|
1213 |
|
iterations: long |
|
1214 |
|
dklen as dklen_obj: object = None |
|
1215 |
|
|
|
1216 |
|
Password based key derivation function 2 (PKCS #5 v2.0) with HMAC as pseudorandom function. |
|
1217 |
|
[clinic start generated code]*/ |
|
1218 |
|
|
|
1219 |
|
static PyObject * |
|
1220 |
|
pbkdf2_hmac_impl(PyObject *module, const char *hash_name, |
|
1221 |
|
Py_buffer *password, Py_buffer *salt, long iterations, |
|
1222 |
|
PyObject *dklen_obj) |
|
1223 |
|
/*[clinic end generated code: output=144b76005416599b input=ed3ab0d2d28b5d5c]*/ |
|
1224 |
|
{ |
|
1225 |
|
PyObject *key_obj = NULL; |
|
1226 |
|
char *key; |
|
1227 |
|
long dklen; |
|
1228 |
|
int retval; |
|
1229 |
|
|
|
1230 |
|
PY_EVP_MD *digest = py_digest_by_name(module, hash_name, Py_ht_pbkdf2); |
|
1231 |
|
if (digest == NULL) { |
|
1232 |
|
goto end; |
|
1233 |
|
} |
|
1234 |
|
|
|
1235 |
|
if (password->len > INT_MAX) { |
|
1236 |
|
PyErr_SetString(PyExc_OverflowError, |
|
1237 |
|
"password is too long."); |
|
1238 |
|
goto end; |
|
1239 |
|
} |
|
1240 |
|
|
|
1241 |
|
if (salt->len > INT_MAX) { |
|
1242 |
|
PyErr_SetString(PyExc_OverflowError, |
|
1243 |
|
"salt is too long."); |
|
1244 |
|
goto end; |
|
1245 |
|
} |
|
1246 |
|
|
|
1247 |
|
if (iterations < 1) { |
|
1248 |
|
PyErr_SetString(PyExc_ValueError, |
|
1249 |
|
"iteration value must be greater than 0."); |
|
1250 |
|
goto end; |
|
1251 |
|
} |
|
1252 |
|
if (iterations > INT_MAX) { |
|
1253 |
|
PyErr_SetString(PyExc_OverflowError, |
|
1254 |
|
"iteration value is too great."); |
|
1255 |
|
goto end; |
|
1256 |
|
} |
|
1257 |
|
|
|
1258 |
|
if (dklen_obj == Py_None) { |
|
1259 |
|
dklen = EVP_MD_size(digest); |
|
1260 |
|
} else { |
|
1261 |
|
dklen = PyLong_AsLong(dklen_obj); |
|
1262 |
|
if ((dklen == -1) && PyErr_Occurred()) { |
|
1263 |
|
goto end; |
|
1264 |
|
} |
|
1265 |
|
} |
|
1266 |
|
if (dklen < 1) { |
|
1267 |
|
PyErr_SetString(PyExc_ValueError, |
|
1268 |
|
"key length must be greater than 0."); |
|
1269 |
|
goto end; |
|
1270 |
|
} |
|
1271 |
|
if (dklen > INT_MAX) { |
|
1272 |
|
/* INT_MAX is always smaller than dkLen max (2^32 - 1) * hLen */ |
|
1273 |
|
PyErr_SetString(PyExc_OverflowError, |
|
1274 |
|
"key length is too great."); |
|
1275 |
|
goto end; |
|
1276 |
|
} |
|
1277 |
|
|
|
1278 |
|
key_obj = PyBytes_FromStringAndSize(NULL, dklen); |
|
1279 |
|
if (key_obj == NULL) { |
|
1280 |
|
goto end; |
|
1281 |
|
} |
|
1282 |
|
key = PyBytes_AS_STRING(key_obj); |
|
1283 |
|
|
|
1284 |
|
Py_BEGIN_ALLOW_THREADS |
|
1285 |
|
retval = PKCS5_PBKDF2_HMAC((char*)password->buf, (int)password->len, |
|
1286 |
|
(unsigned char *)salt->buf, (int)salt->len, |
|
1287 |
|
iterations, digest, dklen, |
|
1288 |
|
(unsigned char *)key); |
|
1289 |
|
Py_END_ALLOW_THREADS |
|
1290 |
|
|
|
1291 |
|
if (!retval) { |
|
1292 |
|
Py_CLEAR(key_obj); |
|
1293 |
|
_setException(PyExc_ValueError, NULL); |
|
1294 |
|
goto end; |
|
1295 |
|
} |
|
1296 |
|
|
|
1297 |
|
end: |
|
1298 |
|
if (digest != NULL) { |
|
1299 |
|
PY_EVP_MD_free(digest); |
|
1300 |
|
} |
|
1301 |
|
return key_obj; |
|
1302 |
|
} |
|
1303 |
|
|
|
1304 |
|
#ifdef PY_OPENSSL_HAS_SCRYPT |
|
1305 |
|
|
|
1306 |
|
/* XXX: Parameters salt, n, r and p should be required keyword-only parameters. |
|
1307 |
|
They are optional in the Argument Clinic declaration only due to a |
|
1308 |
|
limitation of PyArg_ParseTupleAndKeywords. */ |
|
1309 |
|
|
|
1310 |
|
/*[clinic input] |
|
1311 |
|
_hashlib.scrypt |
|
1312 |
|
|
|
1313 |
|
password: Py_buffer |
|
1314 |
|
* |
|
1315 |
|
salt: Py_buffer = None |
|
1316 |
|
n as n_obj: object(subclass_of='&PyLong_Type') = None |
|
1317 |
|
r as r_obj: object(subclass_of='&PyLong_Type') = None |
|
1318 |
|
p as p_obj: object(subclass_of='&PyLong_Type') = None |
|
1319 |
|
maxmem: long = 0 |
|
1320 |
|
dklen: long = 64 |
|
1321 |
|
|
|
1322 |
|
|
|
1323 |
|
scrypt password-based key derivation function. |
|
1324 |
|
[clinic start generated code]*/ |
|
1325 |
|
|
|
1326 |
|
static PyObject * |
|
1327 |
|
_hashlib_scrypt_impl(PyObject *module, Py_buffer *password, Py_buffer *salt, |
|
1328 |
|
PyObject *n_obj, PyObject *r_obj, PyObject *p_obj, |
|
1329 |
|
long maxmem, long dklen) |
|
1330 |
|
/*[clinic end generated code: output=14849e2aa2b7b46c input=48a7d63bf3f75c42]*/ |
|
1331 |
|
{ |
|
1332 |
|
PyObject *key_obj = NULL; |
|
1333 |
|
char *key; |
|
1334 |
|
int retval; |
|
1335 |
|
unsigned long n, r, p; |
|
1336 |
|
|
|
1337 |
|
if (password->len > INT_MAX) { |
|
1338 |
|
PyErr_SetString(PyExc_OverflowError, |
|
1339 |
|
"password is too long."); |
|
1340 |
|
return NULL; |
|
1341 |
|
} |
|
1342 |
|
|
|
1343 |
|
if (salt->buf == NULL) { |
|
1344 |
|
PyErr_SetString(PyExc_TypeError, |
|
1345 |
|
"salt is required"); |
|
1346 |
|
return NULL; |
|
1347 |
|
} |
|
1348 |
|
if (salt->len > INT_MAX) { |
|
1349 |
|
PyErr_SetString(PyExc_OverflowError, |
|
1350 |
|
"salt is too long."); |
|
1351 |
|
return NULL; |
|
1352 |
|
} |
|
1353 |
|
|
|
1354 |
|
n = PyLong_AsUnsignedLong(n_obj); |
|
1355 |
|
if (n == (unsigned long) -1 && PyErr_Occurred()) { |
|
1356 |
|
PyErr_SetString(PyExc_TypeError, |
|
1357 |
|
"n is required and must be an unsigned int"); |
|
1358 |
|
return NULL; |
|
1359 |
|
} |
|
1360 |
|
if (n < 2 || n & (n - 1)) { |
|
1361 |
|
PyErr_SetString(PyExc_ValueError, |
|
1362 |
|
"n must be a power of 2."); |
|
1363 |
|
return NULL; |
|
1364 |
|
} |
|
1365 |
|
|
|
1366 |
|
r = PyLong_AsUnsignedLong(r_obj); |
|
1367 |
|
if (r == (unsigned long) -1 && PyErr_Occurred()) { |
|
1368 |
|
PyErr_SetString(PyExc_TypeError, |
|
1369 |
|
"r is required and must be an unsigned int"); |
|
1370 |
|
return NULL; |
|
1371 |
|
} |
|
1372 |
|
|
|
1373 |
|
p = PyLong_AsUnsignedLong(p_obj); |
|
1374 |
|
if (p == (unsigned long) -1 && PyErr_Occurred()) { |
|
1375 |
|
PyErr_SetString(PyExc_TypeError, |
|
1376 |
|
"p is required and must be an unsigned int"); |
|
1377 |
|
return NULL; |
|
1378 |
|
} |
|
1379 |
|
|
|
1380 |
|
if (maxmem < 0 || maxmem > INT_MAX) { |
|
1381 |
|
/* OpenSSL 1.1.0 restricts maxmem to 32 MiB. It may change in the |
|
1382 |
|
future. The maxmem constant is private to OpenSSL. */ |
|
1383 |
|
PyErr_Format(PyExc_ValueError, |
|
1384 |
|
"maxmem must be positive and smaller than %d", |
|
1385 |
|
INT_MAX); |
|
1386 |
|
return NULL; |
|
1387 |
|
} |
|
1388 |
|
|
|
1389 |
|
if (dklen < 1 || dklen > INT_MAX) { |
|
1390 |
|
PyErr_Format(PyExc_ValueError, |
|
1391 |
|
"dklen must be greater than 0 and smaller than %d", |
|
1392 |
|
INT_MAX); |
|
1393 |
|
return NULL; |
|
1394 |
|
} |
|
1395 |
|
|
|
1396 |
|
/* let OpenSSL validate the rest */ |
|
1397 |
|
retval = EVP_PBE_scrypt(NULL, 0, NULL, 0, n, r, p, maxmem, NULL, 0); |
|
1398 |
|
if (!retval) { |
|
1399 |
|
_setException(PyExc_ValueError, "Invalid parameter combination for n, r, p, maxmem."); |
|
1400 |
|
return NULL; |
|
1401 |
|
} |
|
1402 |
|
|
|
1403 |
|
key_obj = PyBytes_FromStringAndSize(NULL, dklen); |
|
1404 |
|
if (key_obj == NULL) { |
|
1405 |
|
return NULL; |
|
1406 |
|
} |
|
1407 |
|
key = PyBytes_AS_STRING(key_obj); |
|
1408 |
|
|
|
1409 |
|
Py_BEGIN_ALLOW_THREADS |
|
1410 |
|
retval = EVP_PBE_scrypt( |
|
1411 |
|
(const char*)password->buf, (size_t)password->len, |
|
1412 |
|
(const unsigned char *)salt->buf, (size_t)salt->len, |
|
1413 |
|
n, r, p, maxmem, |
|
1414 |
|
(unsigned char *)key, (size_t)dklen |
|
1415 |
|
); |
|
1416 |
|
Py_END_ALLOW_THREADS |
|
1417 |
|
|
|
1418 |
|
if (!retval) { |
|
1419 |
|
Py_CLEAR(key_obj); |
|
1420 |
|
_setException(PyExc_ValueError, NULL); |
|
1421 |
|
return NULL; |
|
1422 |
|
} |
|
1423 |
|
return key_obj; |
|
1424 |
|
} |
|
1425 |
|
#endif /* PY_OPENSSL_HAS_SCRYPT */ |
|
1426 |
|
|
|
1427 |
|
/* Fast HMAC for hmac.digest() |
|
1428 |
|
*/ |
|
1429 |
|
|
|
1430 |
|
/*[clinic input] |
|
1431 |
|
_hashlib.hmac_digest as _hashlib_hmac_singleshot |
|
1432 |
|
|
|
1433 |
|
key: Py_buffer |
|
1434 |
|
msg: Py_buffer |
|
1435 |
|
digest: object |
|
1436 |
|
|
|
1437 |
|
Single-shot HMAC. |
|
1438 |
|
[clinic start generated code]*/ |
|
1439 |
|
|
|
1440 |
|
static PyObject * |
|
1441 |
|
_hashlib_hmac_singleshot_impl(PyObject *module, Py_buffer *key, |
|
1442 |
|
Py_buffer *msg, PyObject *digest) |
|
1443 |
|
/*[clinic end generated code: output=82f19965d12706ac input=0a0790cc3db45c2e]*/ |
|
1444 |
|
{ |
|
1445 |
|
unsigned char md[EVP_MAX_MD_SIZE] = {0}; |
|
1446 |
|
unsigned int md_len = 0; |
|
1447 |
|
unsigned char *result; |
|
1448 |
|
PY_EVP_MD *evp; |
|
1449 |
|
|
|
1450 |
|
if (key->len > INT_MAX) { |
|
1451 |
|
PyErr_SetString(PyExc_OverflowError, |
|
1452 |
|
"key is too long."); |
|
1453 |
|
return NULL; |
|
1454 |
|
} |
|
1455 |
|
if (msg->len > INT_MAX) { |
|
1456 |
|
PyErr_SetString(PyExc_OverflowError, |
|
1457 |
|
"msg is too long."); |
|
1458 |
|
return NULL; |
|
1459 |
|
} |
|
1460 |
|
|
|
1461 |
|
evp = py_digest_by_digestmod(module, digest, Py_ht_mac); |
|
1462 |
|
if (evp == NULL) { |
|
1463 |
|
return NULL; |
|
1464 |
|
} |
|
1465 |
|
|
|
1466 |
|
Py_BEGIN_ALLOW_THREADS |
|
1467 |
|
result = HMAC( |
|
1468 |
|
evp, |
|
1469 |
|
(const void*)key->buf, (int)key->len, |
|
1470 |
|
(const unsigned char*)msg->buf, (int)msg->len, |
|
1471 |
|
md, &md_len |
|
1472 |
|
); |
|
1473 |
|
Py_END_ALLOW_THREADS |
|
1474 |
|
PY_EVP_MD_free(evp); |
|
1475 |
|
|
|
1476 |
|
if (result == NULL) { |
|
1477 |
|
_setException(PyExc_ValueError, NULL); |
|
1478 |
|
return NULL; |
|
1479 |
|
} |
|
1480 |
|
return PyBytes_FromStringAndSize((const char*)md, md_len); |
|
1481 |
|
} |
|
1482 |
|
|
|
1483 |
|
/* OpenSSL-based HMAC implementation |
|
1484 |
|
*/ |
|
1485 |
|
|
|
1486 |
|
static int _hmac_update(HMACobject*, PyObject*); |
|
1487 |
|
|
|
1488 |
|
/*[clinic input] |
|
1489 |
|
_hashlib.hmac_new |
|
1490 |
|
|
|
1491 |
|
key: Py_buffer |
|
1492 |
|
msg as msg_obj: object(c_default="NULL") = b'' |
|
1493 |
|
digestmod: object(c_default="NULL") = None |
|
1494 |
|
|
|
1495 |
|
Return a new hmac object. |
|
1496 |
|
[clinic start generated code]*/ |
|
1497 |
|
|
|
1498 |
|
static PyObject * |
|
1499 |
|
_hashlib_hmac_new_impl(PyObject *module, Py_buffer *key, PyObject *msg_obj, |
|
1500 |
|
PyObject *digestmod) |
|
1501 |
|
/*[clinic end generated code: output=c20d9e4d9ed6d219 input=5f4071dcc7f34362]*/ |
|
1502 |
|
{ |
|
1503 |
|
PyTypeObject *type = get_hashlib_state(module)->HMACtype; |
|
1504 |
|
PY_EVP_MD *digest; |
|
1505 |
|
HMAC_CTX *ctx = NULL; |
|
1506 |
|
HMACobject *self = NULL; |
|
1507 |
|
int r; |
|
1508 |
|
|
|
1509 |
|
if (key->len > INT_MAX) { |
|
1510 |
|
PyErr_SetString(PyExc_OverflowError, |
|
1511 |
|
"key is too long."); |
|
1512 |
|
return NULL; |
|
1513 |
|
} |
|
1514 |
|
|
|
1515 |
|
if (digestmod == NULL) { |
|
1516 |
|
PyErr_SetString( |
|
1517 |
|
PyExc_TypeError, "Missing required parameter 'digestmod'."); |
|
1518 |
|
return NULL; |
|
1519 |
|
} |
|
1520 |
|
|
|
1521 |
|
digest = py_digest_by_digestmod(module, digestmod, Py_ht_mac); |
|
1522 |
|
if (digest == NULL) { |
|
1523 |
|
return NULL; |
|
1524 |
|
} |
|
1525 |
|
|
|
1526 |
|
ctx = HMAC_CTX_new(); |
|
1527 |
|
if (ctx == NULL) { |
|
1528 |
|
_setException(PyExc_ValueError, NULL); |
|
1529 |
|
goto error; |
|
1530 |
|
} |
|
1531 |
|
|
|
1532 |
|
r = HMAC_Init_ex( |
|
1533 |
|
ctx, |
|
1534 |
|
(const char*)key->buf, |
|
1535 |
|
(int)key->len, |
|
1536 |
|
digest, |
|
1537 |
|
NULL /*impl*/); |
|
1538 |
|
PY_EVP_MD_free(digest); |
|
1539 |
|
if (r == 0) { |
|
1540 |
|
_setException(PyExc_ValueError, NULL); |
|
1541 |
|
goto error; |
|
1542 |
|
} |
|
1543 |
|
|
|
1544 |
|
self = (HMACobject *)PyObject_New(HMACobject, type); |
|
1545 |
|
if (self == NULL) { |
|
1546 |
|
goto error; |
|
1547 |
|
} |
|
1548 |
|
|
|
1549 |
|
self->ctx = ctx; |
|
1550 |
|
self->lock = NULL; |
|
1551 |
|
|
|
1552 |
|
if ((msg_obj != NULL) && (msg_obj != Py_None)) { |
|
1553 |
|
if (!_hmac_update(self, msg_obj)) |
|
1554 |
|
goto error; |
|
1555 |
|
} |
|
1556 |
|
|
|
1557 |
|
return (PyObject*)self; |
|
1558 |
|
|
|
1559 |
|
error: |
|
1560 |
|
if (ctx) HMAC_CTX_free(ctx); |
|
1561 |
|
if (self) PyObject_Free(self); |
|
1562 |
|
return NULL; |
|
1563 |
|
} |
|
1564 |
|
|
|
1565 |
|
/* helper functions */ |
|
1566 |
|
static int |
|
1567 |
|
locked_HMAC_CTX_copy(HMAC_CTX *new_ctx_p, HMACobject *self) |
|
1568 |
|
{ |
|
1569 |
|
int result; |
|
1570 |
|
ENTER_HASHLIB(self); |
|
1571 |
|
result = HMAC_CTX_copy(new_ctx_p, self->ctx); |
|
1572 |
|
LEAVE_HASHLIB(self); |
|
1573 |
|
return result; |
|
1574 |
|
} |
|
1575 |
|
|
|
1576 |
|
static unsigned int |
|
1577 |
|
_hmac_digest_size(HMACobject *self) |
|
1578 |
|
{ |
|
1579 |
|
unsigned int digest_size = EVP_MD_size(HMAC_CTX_get_md(self->ctx)); |
|
1580 |
|
assert(digest_size <= EVP_MAX_MD_SIZE); |
|
1581 |
|
return digest_size; |
|
1582 |
|
} |
|
1583 |
|
|
|
1584 |
|
static int |
|
1585 |
|
_hmac_update(HMACobject *self, PyObject *obj) |
|
1586 |
|
{ |
|
1587 |
|
int r; |
|
1588 |
|
Py_buffer view = {0}; |
|
1589 |
|
|
|
1590 |
|
GET_BUFFER_VIEW_OR_ERROR(obj, &view, return 0); |
|
1591 |
|
|
|
1592 |
|
if (self->lock == NULL && view.len >= HASHLIB_GIL_MINSIZE) { |
|
1593 |
|
self->lock = PyThread_allocate_lock(); |
|
1594 |
|
/* fail? lock = NULL and we fail over to non-threaded code. */ |
|
1595 |
|
} |
|
1596 |
|
|
|
1597 |
|
if (self->lock != NULL) { |
|
1598 |
|
Py_BEGIN_ALLOW_THREADS |
|
1599 |
|
PyThread_acquire_lock(self->lock, 1); |
|
1600 |
|
r = HMAC_Update(self->ctx, (const unsigned char*)view.buf, view.len); |
|
1601 |
|
PyThread_release_lock(self->lock); |
|
1602 |
|
Py_END_ALLOW_THREADS |
|
1603 |
|
} else { |
|
1604 |
|
r = HMAC_Update(self->ctx, (const unsigned char*)view.buf, view.len); |
|
1605 |
|
} |
|
1606 |
|
|
|
1607 |
|
PyBuffer_Release(&view); |
|
1608 |
|
|
|
1609 |
|
if (r == 0) { |
|
1610 |
|
_setException(PyExc_ValueError, NULL); |
|
1611 |
|
return 0; |
|
1612 |
|
} |
|
1613 |
|
return 1; |
|
1614 |
|
} |
|
1615 |
|
|
|
1616 |
|
/*[clinic input] |
|
1617 |
|
_hashlib.HMAC.copy |
|
1618 |
|
|
|
1619 |
|
Return a copy ("clone") of the HMAC object. |
|
1620 |
|
[clinic start generated code]*/ |
|
1621 |
|
|
|
1622 |
|
static PyObject * |
|
1623 |
|
_hashlib_HMAC_copy_impl(HMACobject *self) |
|
1624 |
|
/*[clinic end generated code: output=29aa28b452833127 input=e2fa6a05db61a4d6]*/ |
|
1625 |
|
{ |
|
1626 |
|
HMACobject *retval; |
|
1627 |
|
|
|
1628 |
|
HMAC_CTX *ctx = HMAC_CTX_new(); |
|
1629 |
|
if (ctx == NULL) { |
|
1630 |
|
return _setException(PyExc_ValueError, NULL); |
|
1631 |
|
} |
|
1632 |
|
if (!locked_HMAC_CTX_copy(ctx, self)) { |
|
1633 |
|
HMAC_CTX_free(ctx); |
|
1634 |
|
return _setException(PyExc_ValueError, NULL); |
|
1635 |
|
} |
|
1636 |
|
|
|
1637 |
|
retval = (HMACobject *)PyObject_New(HMACobject, Py_TYPE(self)); |
|
1638 |
|
if (retval == NULL) { |
|
1639 |
|
HMAC_CTX_free(ctx); |
|
1640 |
|
return NULL; |
|
1641 |
|
} |
|
1642 |
|
retval->ctx = ctx; |
|
1643 |
|
retval->lock = NULL; |
|
1644 |
|
|
|
1645 |
|
return (PyObject *)retval; |
|
1646 |
|
} |
|
1647 |
|
|
|
1648 |
|
static void |
|
1649 |
|
_hmac_dealloc(HMACobject *self) |
|
1650 |
|
{ |
|
1651 |
|
PyTypeObject *tp = Py_TYPE(self); |
|
1652 |
|
if (self->lock != NULL) { |
|
1653 |
|
PyThread_free_lock(self->lock); |
|
1654 |
|
} |
|
1655 |
|
HMAC_CTX_free(self->ctx); |
|
1656 |
|
PyObject_Free(self); |
|
1657 |
|
Py_DECREF(tp); |
|
1658 |
|
} |
|
1659 |
|
|
|
1660 |
|
static PyObject * |
|
1661 |
|
_hmac_repr(HMACobject *self) |
|
1662 |
|
{ |
|
1663 |
|
PyObject *digest_name = py_digest_name(HMAC_CTX_get_md(self->ctx)); |
|
1664 |
|
if (digest_name == NULL) { |
|
1665 |
|
return NULL; |
|
1666 |
|
} |
|
1667 |
|
PyObject *repr = PyUnicode_FromFormat( |
|
1668 |
|
"<%U HMAC object @ %p>", digest_name, self |
|
1669 |
|
); |
|
1670 |
|
Py_DECREF(digest_name); |
|
1671 |
|
return repr; |
|
1672 |
|
} |
|
1673 |
|
|
|
1674 |
|
/*[clinic input] |
|
1675 |
|
_hashlib.HMAC.update |
|
1676 |
|
msg: object |
|
1677 |
|
|
|
1678 |
|
Update the HMAC object with msg. |
|
1679 |
|
[clinic start generated code]*/ |
|
1680 |
|
|
|
1681 |
|
static PyObject * |
|
1682 |
|
_hashlib_HMAC_update_impl(HMACobject *self, PyObject *msg) |
|
1683 |
|
/*[clinic end generated code: output=f31f0ace8c625b00 input=1829173bb3cfd4e6]*/ |
|
1684 |
|
{ |
|
1685 |
|
if (!_hmac_update(self, msg)) { |
|
1686 |
|
return NULL; |
|
1687 |
|
} |
|
1688 |
|
Py_RETURN_NONE; |
|
1689 |
|
} |
|
1690 |
|
|
|
1691 |
|
static int |
|
1692 |
|
_hmac_digest(HMACobject *self, unsigned char *buf, unsigned int len) |
|
1693 |
|
{ |
|
1694 |
|
HMAC_CTX *temp_ctx = HMAC_CTX_new(); |
|
1695 |
|
if (temp_ctx == NULL) { |
|
1696 |
|
PyErr_NoMemory(); |
|
1697 |
|
return 0; |
|
1698 |
|
} |
|
1699 |
|
if (!locked_HMAC_CTX_copy(temp_ctx, self)) { |
|
1700 |
|
_setException(PyExc_ValueError, NULL); |
|
1701 |
|
return 0; |
|
1702 |
|
} |
|
1703 |
|
int r = HMAC_Final(temp_ctx, buf, &len); |
|
1704 |
|
HMAC_CTX_free(temp_ctx); |
|
1705 |
|
if (r == 0) { |
|
1706 |
|
_setException(PyExc_ValueError, NULL); |
|
1707 |
|
return 0; |
|
1708 |
|
} |
|
1709 |
|
return 1; |
|
1710 |
|
} |
|
1711 |
|
|
|
1712 |
|
/*[clinic input] |
|
1713 |
|
_hashlib.HMAC.digest |
|
1714 |
|
Return the digest of the bytes passed to the update() method so far. |
|
1715 |
|
[clinic start generated code]*/ |
|
1716 |
|
|
|
1717 |
|
static PyObject * |
|
1718 |
|
_hashlib_HMAC_digest_impl(HMACobject *self) |
|
1719 |
|
/*[clinic end generated code: output=1b1424355af7a41e input=bff07f74da318fb4]*/ |
|
1720 |
|
{ |
|
1721 |
|
unsigned char digest[EVP_MAX_MD_SIZE]; |
|
1722 |
|
unsigned int digest_size = _hmac_digest_size(self); |
|
1723 |
|
if (digest_size == 0) { |
|
1724 |
|
return _setException(PyExc_ValueError, NULL); |
|
1725 |
|
} |
|
1726 |
|
int r = _hmac_digest(self, digest, digest_size); |
|
1727 |
|
if (r == 0) { |
|
1728 |
|
return NULL; |
|
1729 |
|
} |
|
1730 |
|
return PyBytes_FromStringAndSize((const char *)digest, digest_size); |
|
1731 |
|
} |
|
1732 |
|
|
|
1733 |
|
/*[clinic input] |
|
1734 |
|
_hashlib.HMAC.hexdigest |
|
1735 |
|
|
|
1736 |
|
Return hexadecimal digest of the bytes passed to the update() method so far. |
|
1737 |
|
|
|
1738 |
|
This may be used to exchange the value safely in email or other non-binary |
|
1739 |
|
environments. |
|
1740 |
|
[clinic start generated code]*/ |
|
1741 |
|
|
|
1742 |
|
static PyObject * |
|
1743 |
|
_hashlib_HMAC_hexdigest_impl(HMACobject *self) |
|
1744 |
|
/*[clinic end generated code: output=80d825be1eaae6a7 input=5abc42702874ddcf]*/ |
|
1745 |
|
{ |
|
1746 |
|
unsigned char digest[EVP_MAX_MD_SIZE]; |
|
1747 |
|
unsigned int digest_size = _hmac_digest_size(self); |
|
1748 |
|
if (digest_size == 0) { |
|
1749 |
|
return _setException(PyExc_ValueError, NULL); |
|
1750 |
|
} |
|
1751 |
|
int r = _hmac_digest(self, digest, digest_size); |
|
1752 |
|
if (r == 0) { |
|
1753 |
|
return NULL; |
|
1754 |
|
} |
|
1755 |
|
return _Py_strhex((const char *)digest, digest_size); |
|
1756 |
|
} |
|
1757 |
|
|
|
1758 |
|
static PyObject * |
|
1759 |
|
_hashlib_hmac_get_digest_size(HMACobject *self, void *closure) |
|
1760 |
|
{ |
|
1761 |
|
unsigned int digest_size = _hmac_digest_size(self); |
|
1762 |
|
if (digest_size == 0) { |
|
1763 |
|
return _setException(PyExc_ValueError, NULL); |
|
1764 |
|
} |
|
1765 |
|
return PyLong_FromLong(digest_size); |
|
1766 |
|
} |
|
1767 |
|
|
|
1768 |
|
static PyObject * |
|
1769 |
|
_hashlib_hmac_get_block_size(HMACobject *self, void *closure) |
|
1770 |
|
{ |
|
1771 |
|
const EVP_MD *md = HMAC_CTX_get_md(self->ctx); |
|
1772 |
|
if (md == NULL) { |
|
1773 |
|
return _setException(PyExc_ValueError, NULL); |
|
1774 |
|
} |
|
1775 |
|
return PyLong_FromLong(EVP_MD_block_size(md)); |
|
1776 |
|
} |
|
1777 |
|
|
|
1778 |
|
static PyObject * |
|
1779 |
|
_hashlib_hmac_get_name(HMACobject *self, void *closure) |
|
1780 |
|
{ |
|
1781 |
|
PyObject *digest_name = py_digest_name(HMAC_CTX_get_md(self->ctx)); |
|
1782 |
|
if (digest_name == NULL) { |
|
1783 |
|
return NULL; |
|
1784 |
|
} |
|
1785 |
|
PyObject *name = PyUnicode_FromFormat("hmac-%U", digest_name); |
|
1786 |
|
Py_DECREF(digest_name); |
|
1787 |
|
return name; |
|
1788 |
|
} |
|
1789 |
|
|
|
1790 |
|
static PyMethodDef HMAC_methods[] = { |
|
1791 |
|
_HASHLIB_HMAC_UPDATE_METHODDEF |
|
1792 |
|
_HASHLIB_HMAC_DIGEST_METHODDEF |
|
1793 |
|
_HASHLIB_HMAC_HEXDIGEST_METHODDEF |
|
1794 |
|
_HASHLIB_HMAC_COPY_METHODDEF |
|
1795 |
|
{NULL, NULL} /* sentinel */ |
|
1796 |
|
}; |
|
1797 |
|
|
|
1798 |
|
static PyGetSetDef HMAC_getset[] = { |
|
1799 |
|
{"digest_size", (getter)_hashlib_hmac_get_digest_size, NULL, NULL, NULL}, |
|
1800 |
|
{"block_size", (getter)_hashlib_hmac_get_block_size, NULL, NULL, NULL}, |
|
1801 |
|
{"name", (getter)_hashlib_hmac_get_name, NULL, NULL, NULL}, |
|
1802 |
|
{NULL} /* Sentinel */ |
|
1803 |
|
}; |
|
1804 |
|
|
|
1805 |
|
|
|
1806 |
|
PyDoc_STRVAR(hmactype_doc, |
|
1807 |
|
"The object used to calculate HMAC of a message.\n\ |
|
1808 |
|
\n\ |
|
1809 |
|
Methods:\n\ |
|
1810 |
|
\n\ |
|
1811 |
|
update() -- updates the current digest with an additional string\n\ |
|
1812 |
|
digest() -- return the current digest value\n\ |
|
1813 |
|
hexdigest() -- return the current digest as a string of hexadecimal digits\n\ |
|
1814 |
|
copy() -- return a copy of the current hash object\n\ |
|
1815 |
|
\n\ |
|
1816 |
|
Attributes:\n\ |
|
1817 |
|
\n\ |
|
1818 |
|
name -- the name, including the hash algorithm used by this object\n\ |
|
1819 |
|
digest_size -- number of bytes in digest() output\n"); |
|
1820 |
|
|
|
1821 |
|
static PyType_Slot HMACtype_slots[] = { |
|
1822 |
|
{Py_tp_doc, (char *)hmactype_doc}, |
|
1823 |
|
{Py_tp_repr, (reprfunc)_hmac_repr}, |
|
1824 |
|
{Py_tp_dealloc,(destructor)_hmac_dealloc}, |
|
1825 |
|
{Py_tp_methods, HMAC_methods}, |
|
1826 |
|
{Py_tp_getset, HMAC_getset}, |
|
1827 |
|
{0, NULL} |
|
1828 |
|
}; |
|
1829 |
|
|
|
1830 |
|
PyType_Spec HMACtype_spec = { |
|
1831 |
|
"_hashlib.HMAC", /* name */ |
|
1832 |
|
sizeof(HMACobject), /* basicsize */ |
|
1833 |
|
.flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_DISALLOW_INSTANTIATION | Py_TPFLAGS_IMMUTABLETYPE, |
|
1834 |
|
.slots = HMACtype_slots, |
|
1835 |
|
}; |
|
1836 |
|
|
|
1837 |
|
|
|
1838 |
|
/* State for our callback function so that it can accumulate a result. */ |
|
1839 |
|
typedef struct _internal_name_mapper_state { |
|
1840 |
|
PyObject *set; |
|
1841 |
|
int error; |
|
1842 |
|
} _InternalNameMapperState; |
|
1843 |
|
|
|
1844 |
|
|
|
1845 |
|
/* A callback function to pass to OpenSSL's OBJ_NAME_do_all(...) */ |
|
1846 |
|
static void |
|
1847 |
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L |
|
1848 |
|
_openssl_hash_name_mapper(EVP_MD *md, void *arg) |
|
1849 |
|
#else |
|
1850 |
|
_openssl_hash_name_mapper(const EVP_MD *md, const char *from, |
|
1851 |
|
const char *to, void *arg) |
|
1852 |
|
#endif |
|
1853 |
|
{ |
|
1854 |
|
_InternalNameMapperState *state = (_InternalNameMapperState *)arg; |
|
1855 |
|
PyObject *py_name; |
|
1856 |
|
|
|
1857 |
|
assert(state != NULL); |
|
1858 |
|
// ignore all undefined providers |
|
1859 |
|
if ((md == NULL) || (EVP_MD_nid(md) == NID_undef)) { |
|
1860 |
|
return; |
|
1861 |
|
} |
|
1862 |
|
|
|
1863 |
|
py_name = py_digest_name(md); |
|
1864 |
|
if (py_name == NULL) { |
|
1865 |
|
state->error = 1; |
|
1866 |
|
} else { |
|
1867 |
|
if (PySet_Add(state->set, py_name) != 0) { |
|
1868 |
|
state->error = 1; |
|
1869 |
|
} |
|
1870 |
|
Py_DECREF(py_name); |
|
1871 |
|
} |
|
1872 |
|
} |
|
1873 |
|
|
|
1874 |
|
|
|
1875 |
|
/* Ask OpenSSL for a list of supported ciphers, filling in a Python set. */ |
|
1876 |
|
static int |
|
1877 |
|
hashlib_md_meth_names(PyObject *module) |
|
1878 |
|
{ |
|
1879 |
|
_InternalNameMapperState state = { |
|
1880 |
|
.set = PyFrozenSet_New(NULL), |
|
1881 |
|
.error = 0 |
|
1882 |
|
}; |
|
1883 |
|
if (state.set == NULL) { |
|
1884 |
|
return -1; |
|
1885 |
|
} |
|
1886 |
|
|
|
1887 |
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L |
|
1888 |
|
// get algorithms from all activated providers in default context |
|
1889 |
|
EVP_MD_do_all_provided(NULL, &_openssl_hash_name_mapper, &state); |
|
1890 |
|
#else |
|
1891 |
|
EVP_MD_do_all(&_openssl_hash_name_mapper, &state); |
|
1892 |
|
#endif |
|
1893 |
|
|
|
1894 |
|
if (state.error) { |
|
1895 |
|
Py_DECREF(state.set); |
|
1896 |
|
return -1; |
|
1897 |
|
} |
|
1898 |
|
|
|
1899 |
|
if (PyModule_AddObject(module, "openssl_md_meth_names", state.set) < 0) { |
|
1900 |
|
Py_DECREF(state.set); |
|
1901 |
|
return -1; |
|
1902 |
|
} |
|
1903 |
|
|
|
1904 |
|
return 0; |
|
1905 |
|
} |
|
1906 |
|
|
|
1907 |
|
/*[clinic input] |
|
1908 |
|
_hashlib.get_fips_mode -> int |
|
1909 |
|
|
|
1910 |
|
Determine the OpenSSL FIPS mode of operation. |
|
1911 |
|
|
|
1912 |
|
For OpenSSL 3.0.0 and newer it returns the state of the default provider |
|
1913 |
|
in the default OSSL context. It's not quite the same as FIPS_mode() but good |
|
1914 |
|
enough for unittests. |
|
1915 |
|
|
|
1916 |
|
Effectively any non-zero return value indicates FIPS mode; |
|
1917 |
|
values other than 1 may have additional significance. |
|
1918 |
|
[clinic start generated code]*/ |
|
1919 |
|
|
|
1920 |
|
static int |
|
1921 |
|
_hashlib_get_fips_mode_impl(PyObject *module) |
|
1922 |
|
/*[clinic end generated code: output=87eece1bab4d3fa9 input=2db61538c41c6fef]*/ |
|
1923 |
|
|
|
1924 |
|
{ |
|
1925 |
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L |
|
1926 |
|
return EVP_default_properties_is_fips_enabled(NULL); |
|
1927 |
|
#else |
|
1928 |
|
ERR_clear_error(); |
|
1929 |
|
int result = FIPS_mode(); |
|
1930 |
|
if (result == 0) { |
|
1931 |
|
// "If the library was built without support of the FIPS Object Module, |
|
1932 |
|
// then the function will return 0 with an error code of |
|
1933 |
|
// CRYPTO_R_FIPS_MODE_NOT_SUPPORTED (0x0f06d065)." |
|
1934 |
|
// But 0 is also a valid result value. |
|
1935 |
|
unsigned long errcode = ERR_peek_last_error(); |
|
1936 |
|
if (errcode) { |
|
1937 |
|
_setException(PyExc_ValueError, NULL); |
|
1938 |
|
return -1; |
|
1939 |
|
} |
|
1940 |
|
} |
|
1941 |
|
return result; |
|
1942 |
|
#endif |
|
1943 |
|
} |
|
1944 |
|
|
|
1945 |
|
|
|
1946 |
|
static int |
|
1947 |
|
_tscmp(const unsigned char *a, const unsigned char *b, |
|
1948 |
|
Py_ssize_t len_a, Py_ssize_t len_b) |
|
1949 |
|
{ |
|
1950 |
|
/* loop count depends on length of b. Might leak very little timing |
|
1951 |
|
* information if sizes are different. |
|
1952 |
|
*/ |
|
1953 |
|
Py_ssize_t length = len_b; |
|
1954 |
|
const void *left = a; |
|
1955 |
|
const void *right = b; |
|
1956 |
|
int result = 0; |
|
1957 |
|
|
|
1958 |
|
if (len_a != length) { |
|
1959 |
|
left = b; |
|
1960 |
|
result = 1; |
|
1961 |
|
} |
|
1962 |
|
|
|
1963 |
|
result |= CRYPTO_memcmp(left, right, length); |
|
1964 |
|
|
|
1965 |
|
return (result == 0); |
|
1966 |
|
} |
|
1967 |
|
|
|
1968 |
|
/* NOTE: Keep in sync with _operator.c implementation. */ |
|
1969 |
|
|
|
1970 |
|
/*[clinic input] |
|
1971 |
|
_hashlib.compare_digest |
|
1972 |
|
|
|
1973 |
|
a: object |
|
1974 |
|
b: object |
|
1975 |
|
/ |
|
1976 |
|
|
|
1977 |
|
Return 'a == b'. |
|
1978 |
|
|
|
1979 |
|
This function uses an approach designed to prevent |
|
1980 |
|
timing analysis, making it appropriate for cryptography. |
|
1981 |
|
|
|
1982 |
|
a and b must both be of the same type: either str (ASCII only), |
|
1983 |
|
or any bytes-like object. |
|
1984 |
|
|
|
1985 |
|
Note: If a and b are of different lengths, or if an error occurs, |
|
1986 |
|
a timing attack could theoretically reveal information about the |
|
1987 |
|
types and lengths of a and b--but not their values. |
|
1988 |
|
[clinic start generated code]*/ |
|
1989 |
|
|
|
1990 |
|
static PyObject * |
|
1991 |
|
_hashlib_compare_digest_impl(PyObject *module, PyObject *a, PyObject *b) |
|
1992 |
|
/*[clinic end generated code: output=6f1c13927480aed9 input=9c40c6e566ca12f5]*/ |
|
1993 |
|
{ |
|
1994 |
|
int rc; |
|
1995 |
|
|
|
1996 |
|
/* ASCII unicode string */ |
|
1997 |
|
if(PyUnicode_Check(a) && PyUnicode_Check(b)) { |
|
1998 |
|
if (PyUnicode_READY(a) == -1 || PyUnicode_READY(b) == -1) { |
|
1999 |
|
return NULL; |
|
2000 |
|
} |
|
2001 |
|
if (!PyUnicode_IS_ASCII(a) || !PyUnicode_IS_ASCII(b)) { |
|
2002 |
|
PyErr_SetString(PyExc_TypeError, |
|
2003 |
|
"comparing strings with non-ASCII characters is " |
|
2004 |
|
"not supported"); |
|
2005 |
|
return NULL; |
|
2006 |
|
} |
|
2007 |
|
|
|
2008 |
|
rc = _tscmp(PyUnicode_DATA(a), |
|
2009 |
|
PyUnicode_DATA(b), |
|
2010 |
|
PyUnicode_GET_LENGTH(a), |
|
2011 |
|
PyUnicode_GET_LENGTH(b)); |
|
2012 |
|
} |
|
2013 |
|
/* fallback to buffer interface for bytes, bytearray and other */ |
|
2014 |
|
else { |
|
2015 |
|
Py_buffer view_a; |
|
2016 |
|
Py_buffer view_b; |
|
2017 |
|
|
|
2018 |
|
if (PyObject_CheckBuffer(a) == 0 && PyObject_CheckBuffer(b) == 0) { |
|
2019 |
|
PyErr_Format(PyExc_TypeError, |
|
2020 |
|
"unsupported operand types(s) or combination of types: " |
|
2021 |
|
"'%.100s' and '%.100s'", |
|
2022 |
|
Py_TYPE(a)->tp_name, Py_TYPE(b)->tp_name); |
|
2023 |
|
return NULL; |
|
2024 |
|
} |
|
2025 |
|
|
|
2026 |
|
if (PyObject_GetBuffer(a, &view_a, PyBUF_SIMPLE) == -1) { |
|
2027 |
|
return NULL; |
|
2028 |
|
} |
|
2029 |
|
if (view_a.ndim > 1) { |
|
2030 |
|
PyErr_SetString(PyExc_BufferError, |
|
2031 |
|
"Buffer must be single dimension"); |
|
2032 |
|
PyBuffer_Release(&view_a); |
|
2033 |
|
return NULL; |
|
2034 |
|
} |
|
2035 |
|
|
|
2036 |
|
if (PyObject_GetBuffer(b, &view_b, PyBUF_SIMPLE) == -1) { |
|
2037 |
|
PyBuffer_Release(&view_a); |
|
2038 |
|
return NULL; |
|
2039 |
|
} |
|
2040 |
|
if (view_b.ndim > 1) { |
|
2041 |
|
PyErr_SetString(PyExc_BufferError, |
|
2042 |
|
"Buffer must be single dimension"); |
|
2043 |
|
PyBuffer_Release(&view_a); |
|
2044 |
|
PyBuffer_Release(&view_b); |
|
2045 |
|
return NULL; |
|
2046 |
|
} |
|
2047 |
|
|
|
2048 |
|
rc = _tscmp((const unsigned char*)view_a.buf, |
|
2049 |
|
(const unsigned char*)view_b.buf, |
|
2050 |
|
view_a.len, |
|
2051 |
|
view_b.len); |
|
2052 |
|
|
|
2053 |
|
PyBuffer_Release(&view_a); |
|
2054 |
|
PyBuffer_Release(&view_b); |
|
2055 |
|
} |
|
2056 |
|
|
|
2057 |
|
return PyBool_FromLong(rc); |
|
2058 |
|
} |
|
2059 |
|
|
|
2060 |
|
/* List of functions exported by this module */ |
|
2061 |
|
|
|
2062 |
|
static struct PyMethodDef EVP_functions[] = { |
|
2063 |
|
EVP_NEW_METHODDEF |
|
2064 |
|
PBKDF2_HMAC_METHODDEF |
|
2065 |
|
_HASHLIB_SCRYPT_METHODDEF |
|
2066 |
|
_HASHLIB_GET_FIPS_MODE_METHODDEF |
|
2067 |
|
_HASHLIB_COMPARE_DIGEST_METHODDEF |
|
2068 |
|
_HASHLIB_HMAC_SINGLESHOT_METHODDEF |
|
2069 |
|
_HASHLIB_HMAC_NEW_METHODDEF |
|
2070 |
|
_HASHLIB_OPENSSL_MD5_METHODDEF |
|
2071 |
|
_HASHLIB_OPENSSL_SHA1_METHODDEF |
|
2072 |
|
_HASHLIB_OPENSSL_SHA224_METHODDEF |
|
2073 |
|
_HASHLIB_OPENSSL_SHA256_METHODDEF |
|
2074 |
|
_HASHLIB_OPENSSL_SHA384_METHODDEF |
|
2075 |
|
_HASHLIB_OPENSSL_SHA512_METHODDEF |
|
2076 |
|
_HASHLIB_OPENSSL_SHA3_224_METHODDEF |
|
2077 |
|
_HASHLIB_OPENSSL_SHA3_256_METHODDEF |
|
2078 |
|
_HASHLIB_OPENSSL_SHA3_384_METHODDEF |
|
2079 |
|
_HASHLIB_OPENSSL_SHA3_512_METHODDEF |
|
2080 |
|
_HASHLIB_OPENSSL_SHAKE_128_METHODDEF |
|
2081 |
|
_HASHLIB_OPENSSL_SHAKE_256_METHODDEF |
|
2082 |
|
{NULL, NULL} /* Sentinel */ |
|
2083 |
|
}; |
|
2084 |
|
|
|
2085 |
|
|
|
2086 |
|
/* Initialize this module. */ |
|
2087 |
|
|
|
2088 |
|
static int |
|
2089 |
|
hashlib_traverse(PyObject *m, visitproc visit, void *arg) |
|
2090 |
|
{ |
|
2091 |
|
_hashlibstate *state = get_hashlib_state(m); |
|
2092 |
|
Py_VISIT(state->EVPtype); |
|
2093 |
|
Py_VISIT(state->HMACtype); |
|
2094 |
|
#ifdef PY_OPENSSL_HAS_SHAKE |
|
2095 |
|
Py_VISIT(state->EVPXOFtype); |
|
2096 |
|
#endif |
|
2097 |
|
Py_VISIT(state->constructs); |
|
2098 |
|
Py_VISIT(state->unsupported_digestmod_error); |
|
2099 |
|
return 0; |
|
2100 |
|
} |
|
2101 |
|
|
|
2102 |
|
static int |
|
2103 |
|
hashlib_clear(PyObject *m) |
|
2104 |
|
{ |
|
2105 |
|
_hashlibstate *state = get_hashlib_state(m); |
|
2106 |
|
Py_CLEAR(state->EVPtype); |
|
2107 |
|
Py_CLEAR(state->HMACtype); |
|
2108 |
|
#ifdef PY_OPENSSL_HAS_SHAKE |
|
2109 |
|
Py_CLEAR(state->EVPXOFtype); |
|
2110 |
|
#endif |
|
2111 |
|
Py_CLEAR(state->constructs); |
|
2112 |
|
Py_CLEAR(state->unsupported_digestmod_error); |
|
2113 |
|
|
|
2114 |
|
if (state->hashtable != NULL) { |
|
2115 |
|
_Py_hashtable_destroy(state->hashtable); |
|
2116 |
|
state->hashtable = NULL; |
|
2117 |
|
} |
|
2118 |
|
|
|
2119 |
|
return 0; |
|
2120 |
|
} |
|
2121 |
|
|
|
2122 |
|
static void |
|
2123 |
|
hashlib_free(void *m) |
|
2124 |
|
{ |
|
2125 |
|
hashlib_clear((PyObject *)m); |
|
2126 |
|
} |
|
2127 |
|
|
|
2128 |
|
/* Py_mod_exec functions */ |
|
2129 |
|
static int |
|
2130 |
|
hashlib_init_hashtable(PyObject *module) |
|
2131 |
|
{ |
|
2132 |
|
_hashlibstate *state = get_hashlib_state(module); |
|
2133 |
|
|
|
2134 |
|
state->hashtable = py_hashentry_table_new(); |
|
2135 |
|
if (state->hashtable == NULL) { |
|
2136 |
|
PyErr_NoMemory(); |
|
2137 |
|
return -1; |
|
2138 |
|
} |
|
2139 |
|
return 0; |
|
2140 |
|
} |
|
2141 |
|
|
|
2142 |
|
static int |
|
2143 |
|
hashlib_init_evptype(PyObject *module) |
|
2144 |
|
{ |
|
2145 |
|
_hashlibstate *state = get_hashlib_state(module); |
|
2146 |
|
|
|
2147 |
|
state->EVPtype = (PyTypeObject *)PyType_FromSpec(&EVPtype_spec); |
|
2148 |
|
if (state->EVPtype == NULL) { |
|
2149 |
|
return -1; |
|
2150 |
|
} |
|
2151 |
|
if (PyModule_AddType(module, state->EVPtype) < 0) { |
|
2152 |
|
return -1; |
|
2153 |
|
} |
|
2154 |
|
return 0; |
|
2155 |
|
} |
|
2156 |
|
|
|
2157 |
|
static int |
|
2158 |
|
hashlib_init_evpxoftype(PyObject *module) |
|
2159 |
|
{ |
|
2160 |
|
#ifdef PY_OPENSSL_HAS_SHAKE |
|
2161 |
|
_hashlibstate *state = get_hashlib_state(module); |
|
2162 |
|
|
|
2163 |
|
if (state->EVPtype == NULL) { |
|
2164 |
|
return -1; |
|
2165 |
|
} |
|
2166 |
|
|
|
2167 |
|
state->EVPXOFtype = (PyTypeObject *)PyType_FromSpecWithBases( |
|
2168 |
|
&EVPXOFtype_spec, (PyObject *)state->EVPtype |
|
2169 |
|
); |
|
2170 |
|
if (state->EVPXOFtype == NULL) { |
|
2171 |
|
return -1; |
|
2172 |
|
} |
|
2173 |
|
if (PyModule_AddType(module, state->EVPXOFtype) < 0) { |
|
2174 |
|
return -1; |
|
2175 |
|
} |
|
2176 |
|
#endif |
|
2177 |
|
return 0; |
|
2178 |
|
} |
|
2179 |
|
|
|
2180 |
|
static int |
|
2181 |
|
hashlib_init_hmactype(PyObject *module) |
|
2182 |
|
{ |
|
2183 |
|
_hashlibstate *state = get_hashlib_state(module); |
|
2184 |
|
|
|
2185 |
|
state->HMACtype = (PyTypeObject *)PyType_FromSpec(&HMACtype_spec); |
|
2186 |
|
if (state->HMACtype == NULL) { |
|
2187 |
|
return -1; |
|
2188 |
|
} |
|
2189 |
|
if (PyModule_AddType(module, state->HMACtype) < 0) { |
|
2190 |
|
return -1; |
|
2191 |
|
} |
|
2192 |
|
return 0; |
|
2193 |
|
} |
|
2194 |
|
|
|
2195 |
|
static int |
|
2196 |
|
hashlib_init_constructors(PyObject *module) |
|
2197 |
|
{ |
|
2198 |
|
/* Create dict from builtin openssl_hash functions to name |
|
2199 |
|
* {_hashlib.openssl_sha256: "sha256", ...} |
|
2200 |
|
*/ |
|
2201 |
|
PyModuleDef *mdef; |
|
2202 |
|
PyMethodDef *fdef; |
|
2203 |
|
PyObject *proxy; |
|
2204 |
|
PyObject *func, *name_obj; |
|
2205 |
|
_hashlibstate *state = get_hashlib_state(module); |
|
2206 |
|
|
|
2207 |
|
mdef = PyModule_GetDef(module); |
|
2208 |
|
if (mdef == NULL) { |
|
2209 |
|
return -1; |
|
2210 |
|
} |
|
2211 |
|
|
|
2212 |
|
state->constructs = PyDict_New(); |
|
2213 |
|
if (state->constructs == NULL) { |
|
2214 |
|
return -1; |
|
2215 |
|
} |
|
2216 |
|
|
|
2217 |
|
for (fdef = mdef->m_methods; fdef->ml_name != NULL; fdef++) { |
|
2218 |
|
if (strncmp(fdef->ml_name, "openssl_", 8)) { |
|
2219 |
|
continue; |
|
2220 |
|
} |
|
2221 |
|
name_obj = PyUnicode_FromString(fdef->ml_name + 8); |
|
2222 |
|
if (name_obj == NULL) { |
|
2223 |
|
return -1; |
|
2224 |
|
} |
|
2225 |
|
func = PyObject_GetAttrString(module, fdef->ml_name); |
|
2226 |
|
if (func == NULL) { |
|
2227 |
|
Py_DECREF(name_obj); |
|
2228 |
|
return -1; |
|
2229 |
|
} |
|
2230 |
|
int rc = PyDict_SetItem(state->constructs, func, name_obj); |
|
2231 |
|
Py_DECREF(func); |
|
2232 |
|
Py_DECREF(name_obj); |
|
2233 |
|
if (rc < 0) { |
|
2234 |
|
return -1; |
|
2235 |
|
} |
|
2236 |
|
} |
|
2237 |
|
|
|
2238 |
|
proxy = PyDictProxy_New(state->constructs); |
|
2239 |
|
if (proxy == NULL) { |
|
2240 |
|
return -1; |
|
2241 |
|
} |
|
2242 |
|
|
|
2243 |
|
int rc = PyModule_AddObjectRef(module, "_constructors", proxy); |
|
2244 |
|
Py_DECREF(proxy); |
|
2245 |
|
if (rc < 0) { |
|
2246 |
|
return -1; |
|
2247 |
|
} |
|
2248 |
|
return 0; |
|
2249 |
|
} |
|
2250 |
|
|
|
2251 |
|
static int |
|
2252 |
|
hashlib_exception(PyObject *module) |
|
2253 |
|
{ |
|
2254 |
|
_hashlibstate *state = get_hashlib_state(module); |
|
2255 |
|
state->unsupported_digestmod_error = PyErr_NewException( |
|
2256 |
|
"_hashlib.UnsupportedDigestmodError", PyExc_ValueError, NULL); |
|
2257 |
|
if (state->unsupported_digestmod_error == NULL) { |
|
2258 |
|
return -1; |
|
2259 |
|
} |
|
2260 |
|
if (PyModule_AddObjectRef(module, "UnsupportedDigestmodError", |
|
2261 |
|
state->unsupported_digestmod_error) < 0) { |
|
2262 |
|
return -1; |
|
2263 |
|
} |
|
2264 |
|
return 0; |
|
2265 |
|
} |
|
2266 |
|
|
|
2267 |
|
|
|
2268 |
|
static PyModuleDef_Slot hashlib_slots[] = { |
|
2269 |
|
{Py_mod_exec, hashlib_init_hashtable}, |
|
2270 |
|
{Py_mod_exec, hashlib_init_evptype}, |
|
2271 |
|
{Py_mod_exec, hashlib_init_evpxoftype}, |
|
2272 |
|
{Py_mod_exec, hashlib_init_hmactype}, |
|
2273 |
|
{Py_mod_exec, hashlib_md_meth_names}, |
|
2274 |
|
{Py_mod_exec, hashlib_init_constructors}, |
|
2275 |
|
{Py_mod_exec, hashlib_exception}, |
|
2276 |
|
{Py_mod_multiple_interpreters, Py_MOD_PER_INTERPRETER_GIL_SUPPORTED}, |
|
2277 |
|
{0, NULL} |
|
2278 |
|
}; |
|
2279 |
|
|
|
2280 |
|
static struct PyModuleDef _hashlibmodule = { |
|
2281 |
|
PyModuleDef_HEAD_INIT, |
|
2282 |
|
.m_name = "_hashlib", |
|
2283 |
|
.m_doc = "OpenSSL interface for hashlib module", |
|
2284 |
|
.m_size = sizeof(_hashlibstate), |
|
2285 |
|
.m_methods = EVP_functions, |
|
2286 |
|
.m_slots = hashlib_slots, |
|
2287 |
|
.m_traverse = hashlib_traverse, |
|
2288 |
|
.m_clear = hashlib_clear, |
|
2289 |
|
.m_free = hashlib_free |
|
2290 |
|
}; |
|
2291 |
|
|
|
2292 |
|
PyMODINIT_FUNC |
|
2293 |
|
PyInit__hashlib(void) |
|
2294 |
|
{ |
|
2295 |
|
return PyModuleDef_Init(&_hashlibmodule); |
|
2296 |
|
} |