1 /* Module that wraps all OpenSSL hash algorithms */ 2 3 /* 4 * Copyright (C) 2005-2010 Gregory P. Smith (greg (at) krypto.org) 5 * Licensed to PSF under a Contributor Agreement. 6 * 7 * Derived from a skeleton of shamodule.c containing work performed by: 8 * 9 * Andrew Kuchling (amk (at) amk.ca) 10 * Greg Stein (gstein (at) lyra.org) 11 * 12 */ 13 14 #define PY_SSIZE_T_CLEAN 15 16 #include "Python.h" 17 #include "structmember.h" 18 #include "hashlib.h" 19 #include "pystrhex.h" 20 21 22 /* EVP is the preferred interface to hashing in OpenSSL */ 23 #include <openssl/evp.h> 24 #include <openssl/hmac.h> 25 /* We use the object interface to discover what hashes OpenSSL supports. */ 26 #include <openssl/objects.h> 27 #include "openssl/err.h" 28 29 #include "clinic/_hashopenssl.c.h" 30 /*[clinic input] 31 module _hashlib 32 [clinic start generated code]*/ 33 /*[clinic end generated code: output=da39a3ee5e6b4b0d input=c2b4ff081bac4be1]*/ 34 35 #define MUNCH_SIZE INT_MAX 36 37 #ifndef HASH_OBJ_CONSTRUCTOR 38 #define HASH_OBJ_CONSTRUCTOR 0 39 #endif 40 41 #if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) 42 /* OpenSSL < 1.1.0 */ 43 #define EVP_MD_CTX_new EVP_MD_CTX_create 44 #define EVP_MD_CTX_free EVP_MD_CTX_destroy 45 #define HAS_FAST_PKCS5_PBKDF2_HMAC 0 46 #include <openssl/hmac.h> 47 #else 48 /* OpenSSL >= 1.1.0 */ 49 #define HAS_FAST_PKCS5_PBKDF2_HMAC 1 50 #endif 51 52 53 typedef struct { 54 PyObject_HEAD 55 PyObject *name; /* name of this hash algorithm */ 56 EVP_MD_CTX *ctx; /* OpenSSL message digest context */ 57 PyThread_type_lock lock; /* OpenSSL context lock */ 58 } EVPobject; 59 60 61 static PyTypeObject EVPtype; 62 63 64 #define DEFINE_CONSTS_FOR_NEW(Name) \ 65 static PyObject *CONST_ ## Name ## _name_obj = NULL; \ 66 static EVP_MD_CTX *CONST_new_ ## Name ## _ctx_p = NULL; 67 68 DEFINE_CONSTS_FOR_NEW(md5) 69 DEFINE_CONSTS_FOR_NEW(sha1) 70 DEFINE_CONSTS_FOR_NEW(sha224) 71 DEFINE_CONSTS_FOR_NEW(sha256) 72 DEFINE_CONSTS_FOR_NEW(sha384) 73 DEFINE_CONSTS_FOR_NEW(sha512) 74 75 76 /* LCOV_EXCL_START */ 77 static PyObject * 78 _setException(PyObject *exc) 79 { 80 unsigned long errcode; 81 const char *lib, *func, *reason; 82 83 errcode = ERR_peek_last_error(); 84 if (!errcode) { 85 PyErr_SetString(exc, "unknown reasons"); 86 return NULL; 87 } 88 ERR_clear_error(); 89 90 lib = ERR_lib_error_string(errcode); 91 func = ERR_func_error_string(errcode); 92 reason = ERR_reason_error_string(errcode); 93 94 if (lib && func) { 95 PyErr_Format(exc, "[%s: %s] %s", lib, func, reason); 96 } 97 else if (lib) { 98 PyErr_Format(exc, "[%s] %s", lib, reason); 99 } 100 else { 101 PyErr_SetString(exc, reason); 102 } 103 return NULL; 104 } 105 /* LCOV_EXCL_STOP */ 106 107 static EVPobject * 108 newEVPobject(PyObject *name) 109 { 110 EVPobject *retval = (EVPobject *)PyObject_New(EVPobject, &EVPtype); 111 if (retval == NULL) { 112 return NULL; 113 } 114 115 /* save the name for .name to return */ 116 Py_INCREF(name); 117 retval->name = name; 118 retval->lock = NULL; 119 120 retval->ctx = EVP_MD_CTX_new(); 121 if (retval->ctx == NULL) { 122 Py_DECREF(retval); 123 PyErr_NoMemory(); 124 return NULL; 125 } 126 127 return retval; 128 } 129 130 static void 131 EVP_hash(EVPobject *self, const void *vp, Py_ssize_t len) 132 { 133 unsigned int process; 134 const unsigned char *cp = (const unsigned char *)vp; 135 while (0 < len) { 136 if (len > (Py_ssize_t)MUNCH_SIZE) 137 process = MUNCH_SIZE; 138 else 139 process = Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int); 140 if (!EVP_DigestUpdate(self->ctx, (const void*)cp, process)) { 141 _setException(PyExc_ValueError); 142 break; 143 } 144 len -= process; 145 cp += process; 146 } 147 } 148 149 /* Internal methods for a hash object */ 150 151 static void 152 EVP_dealloc(EVPobject *self) 153 { 154 if (self->lock != NULL) 155 PyThread_free_lock(self->lock); 156 EVP_MD_CTX_free(self->ctx); 157 Py_XDECREF(self->name); 158 PyObject_Del(self); 159 } 160 161 static int 162 locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self) 163 { 164 int result; 165 ENTER_HASHLIB(self); 166 result = EVP_MD_CTX_copy(new_ctx_p, self->ctx); 167 LEAVE_HASHLIB(self); 168 return result; 169 } 170 171 /* External methods for a hash object */ 172 173 PyDoc_STRVAR(EVP_copy__doc__, "Return a copy of the hash object."); 174 175 176 static PyObject * 177 EVP_copy(EVPobject *self, PyObject *unused) 178 { 179 EVPobject *newobj; 180 181 if ( (newobj = newEVPobject(self->name))==NULL) 182 return NULL; 183 184 if (!locked_EVP_MD_CTX_copy(newobj->ctx, self)) { 185 Py_DECREF(newobj); 186 return _setException(PyExc_ValueError); 187 } 188 return (PyObject *)newobj; 189 } 190 191 PyDoc_STRVAR(EVP_digest__doc__, 192 "Return the digest value as a bytes object."); 193 194 static PyObject * 195 EVP_digest(EVPobject *self, PyObject *unused) 196 { 197 unsigned char digest[EVP_MAX_MD_SIZE]; 198 EVP_MD_CTX *temp_ctx; 199 PyObject *retval; 200 unsigned int digest_size; 201 202 temp_ctx = EVP_MD_CTX_new(); 203 if (temp_ctx == NULL) { 204 PyErr_NoMemory(); 205 return NULL; 206 } 207 208 if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { 209 return _setException(PyExc_ValueError); 210 } 211 digest_size = EVP_MD_CTX_size(temp_ctx); 212 if (!EVP_DigestFinal(temp_ctx, digest, NULL)) { 213 _setException(PyExc_ValueError); 214 return NULL; 215 } 216 217 retval = PyBytes_FromStringAndSize((const char *)digest, digest_size); 218 EVP_MD_CTX_free(temp_ctx); 219 return retval; 220 } 221 222 PyDoc_STRVAR(EVP_hexdigest__doc__, 223 "Return the digest value as a string of hexadecimal digits."); 224 225 static PyObject * 226 EVP_hexdigest(EVPobject *self, PyObject *unused) 227 { 228 unsigned char digest[EVP_MAX_MD_SIZE]; 229 EVP_MD_CTX *temp_ctx; 230 unsigned int digest_size; 231 232 temp_ctx = EVP_MD_CTX_new(); 233 if (temp_ctx == NULL) { 234 PyErr_NoMemory(); 235 return NULL; 236 } 237 238 /* Get the raw (binary) digest value */ 239 if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { 240 return _setException(PyExc_ValueError); 241 } 242 digest_size = EVP_MD_CTX_size(temp_ctx); 243 if (!EVP_DigestFinal(temp_ctx, digest, NULL)) { 244 _setException(PyExc_ValueError); 245 return NULL; 246 } 247 248 EVP_MD_CTX_free(temp_ctx); 249 250 return _Py_strhex((const char *)digest, digest_size); 251 } 252 253 PyDoc_STRVAR(EVP_update__doc__, 254 "Update this hash object's state with the provided string."); 255 256 static PyObject * 257 EVP_update(EVPobject *self, PyObject *args) 258 { 259 PyObject *obj; 260 Py_buffer view; 261 262 if (!PyArg_ParseTuple(args, "O:update", &obj)) 263 return NULL; 264 265 GET_BUFFER_VIEW_OR_ERROUT(obj, &view); 266 267 if (self->lock == NULL && view.len >= HASHLIB_GIL_MINSIZE) { 268 self->lock = PyThread_allocate_lock(); 269 /* fail? lock = NULL and we fail over to non-threaded code. */ 270 } 271 272 if (self->lock != NULL) { 273 Py_BEGIN_ALLOW_THREADS 274 PyThread_acquire_lock(self->lock, 1); 275 EVP_hash(self, view.buf, view.len); 276 PyThread_release_lock(self->lock); 277 Py_END_ALLOW_THREADS 278 } else { 279 EVP_hash(self, view.buf, view.len); 280 } 281 282 PyBuffer_Release(&view); 283 Py_RETURN_NONE; 284 } 285 286 static PyMethodDef EVP_methods[] = { 287 {"update", (PyCFunction)EVP_update, METH_VARARGS, EVP_update__doc__}, 288 {"digest", (PyCFunction)EVP_digest, METH_NOARGS, EVP_digest__doc__}, 289 {"hexdigest", (PyCFunction)EVP_hexdigest, METH_NOARGS, EVP_hexdigest__doc__}, 290 {"copy", (PyCFunction)EVP_copy, METH_NOARGS, EVP_copy__doc__}, 291 {NULL, NULL} /* sentinel */ 292 }; 293 294 static PyObject * 295 EVP_get_block_size(EVPobject *self, void *closure) 296 { 297 long block_size; 298 block_size = EVP_MD_CTX_block_size(self->ctx); 299 return PyLong_FromLong(block_size); 300 } 301 302 static PyObject * 303 EVP_get_digest_size(EVPobject *self, void *closure) 304 { 305 long size; 306 size = EVP_MD_CTX_size(self->ctx); 307 return PyLong_FromLong(size); 308 } 309 310 static PyMemberDef EVP_members[] = { 311 {"name", T_OBJECT, offsetof(EVPobject, name), READONLY, PyDoc_STR("algorithm name.")}, 312 {NULL} /* Sentinel */ 313 }; 314 315 static PyGetSetDef EVP_getseters[] = { 316 {"digest_size", 317 (getter)EVP_get_digest_size, NULL, 318 NULL, 319 NULL}, 320 {"block_size", 321 (getter)EVP_get_block_size, NULL, 322 NULL, 323 NULL}, 324 {NULL} /* Sentinel */ 325 }; 326 327 328 static PyObject * 329 EVP_repr(EVPobject *self) 330 { 331 return PyUnicode_FromFormat("<%U HASH object @ %p>", self->name, self); 332 } 333 334 #if HASH_OBJ_CONSTRUCTOR 335 static int 336 EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds) 337 { 338 static char *kwlist[] = {"name", "string", NULL}; 339 PyObject *name_obj = NULL; 340 PyObject *data_obj = NULL; 341 Py_buffer view; 342 char *nameStr; 343 const EVP_MD *digest; 344 345 if (!PyArg_ParseTupleAndKeywords(args, kwds, "O|O:HASH", kwlist, 346 &name_obj, &data_obj)) { 347 return -1; 348 } 349 350 if (data_obj) 351 GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view); 352 353 if (!PyArg_Parse(name_obj, "s", &nameStr)) { 354 PyErr_SetString(PyExc_TypeError, "name must be a string"); 355 if (data_obj) 356 PyBuffer_Release(&view); 357 return -1; 358 } 359 360 digest = EVP_get_digestbyname(nameStr); 361 if (!digest) { 362 PyErr_SetString(PyExc_ValueError, "unknown hash function"); 363 if (data_obj) 364 PyBuffer_Release(&view); 365 return -1; 366 } 367 if (!EVP_DigestInit(self->ctx, digest)) { 368 _setException(PyExc_ValueError); 369 if (data_obj) 370 PyBuffer_Release(&view); 371 return -1; 372 } 373 374 Py_INCREF(name_obj); 375 Py_XSETREF(self->name, name_obj); 376 377 if (data_obj) { 378 if (view.len >= HASHLIB_GIL_MINSIZE) { 379 Py_BEGIN_ALLOW_THREADS 380 EVP_hash(self, view.buf, view.len); 381 Py_END_ALLOW_THREADS 382 } else { 383 EVP_hash(self, view.buf, view.len); 384 } 385 PyBuffer_Release(&view); 386 } 387 388 return 0; 389 } 390 #endif 391 392 393 PyDoc_STRVAR(hashtype_doc, 394 "A hash represents the object used to calculate a checksum of a\n\ 395 string of information.\n\ 396 \n\ 397 Methods:\n\ 398 \n\ 399 update() -- updates the current digest with an additional string\n\ 400 digest() -- return the current digest value\n\ 401 hexdigest() -- return the current digest as a string of hexadecimal digits\n\ 402 copy() -- return a copy of the current hash object\n\ 403 \n\ 404 Attributes:\n\ 405 \n\ 406 name -- the hash algorithm being used by this object\n\ 407 digest_size -- number of bytes in this hashes output\n"); 408 409 static PyTypeObject EVPtype = { 410 PyVarObject_HEAD_INIT(NULL, 0) 411 "_hashlib.HASH", /*tp_name*/ 412 sizeof(EVPobject), /*tp_basicsize*/ 413 0, /*tp_itemsize*/ 414 /* methods */ 415 (destructor)EVP_dealloc, /*tp_dealloc*/ 416 0, /*tp_print*/ 417 0, /*tp_getattr*/ 418 0, /*tp_setattr*/ 419 0, /*tp_reserved*/ 420 (reprfunc)EVP_repr, /*tp_repr*/ 421 0, /*tp_as_number*/ 422 0, /*tp_as_sequence*/ 423 0, /*tp_as_mapping*/ 424 0, /*tp_hash*/ 425 0, /*tp_call*/ 426 0, /*tp_str*/ 427 0, /*tp_getattro*/ 428 0, /*tp_setattro*/ 429 0, /*tp_as_buffer*/ 430 Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, /*tp_flags*/ 431 hashtype_doc, /*tp_doc*/ 432 0, /*tp_traverse*/ 433 0, /*tp_clear*/ 434 0, /*tp_richcompare*/ 435 0, /*tp_weaklistoffset*/ 436 0, /*tp_iter*/ 437 0, /*tp_iternext*/ 438 EVP_methods, /* tp_methods */ 439 EVP_members, /* tp_members */ 440 EVP_getseters, /* tp_getset */ 441 #if 1 442 0, /* tp_base */ 443 0, /* tp_dict */ 444 0, /* tp_descr_get */ 445 0, /* tp_descr_set */ 446 0, /* tp_dictoffset */ 447 #endif 448 #if HASH_OBJ_CONSTRUCTOR 449 (initproc)EVP_tp_init, /* tp_init */ 450 #endif 451 }; 452 453 static PyObject * 454 EVPnew(PyObject *name_obj, 455 const EVP_MD *digest, const EVP_MD_CTX *initial_ctx, 456 const unsigned char *cp, Py_ssize_t len) 457 { 458 EVPobject *self; 459 460 if (!digest && !initial_ctx) { 461 PyErr_SetString(PyExc_ValueError, "unsupported hash type"); 462 return NULL; 463 } 464 465 if ((self = newEVPobject(name_obj)) == NULL) 466 return NULL; 467 468 if (initial_ctx) { 469 EVP_MD_CTX_copy(self->ctx, initial_ctx); 470 } else { 471 if (!EVP_DigestInit(self->ctx, digest)) { 472 _setException(PyExc_ValueError); 473 Py_DECREF(self); 474 return NULL; 475 } 476 } 477 478 if (cp && len) { 479 if (len >= HASHLIB_GIL_MINSIZE) { 480 Py_BEGIN_ALLOW_THREADS 481 EVP_hash(self, cp, len); 482 Py_END_ALLOW_THREADS 483 } else { 484 EVP_hash(self, cp, len); 485 } 486 } 487 488 return (PyObject *)self; 489 } 490 491 492 /* The module-level function: new() */ 493 494 PyDoc_STRVAR(EVP_new__doc__, 495 "Return a new hash object using the named algorithm.\n\ 496 An optional string argument may be provided and will be\n\ 497 automatically hashed.\n\ 498 \n\ 499 The MD5 and SHA1 algorithms are always supported.\n"); 500 501 static PyObject * 502 EVP_new(PyObject *self, PyObject *args, PyObject *kwdict) 503 { 504 static char *kwlist[] = {"name", "string", NULL}; 505 PyObject *name_obj = NULL; 506 PyObject *data_obj = NULL; 507 Py_buffer view = { 0 }; 508 PyObject *ret_obj; 509 char *name; 510 const EVP_MD *digest; 511 512 if (!PyArg_ParseTupleAndKeywords(args, kwdict, "O|O:new", kwlist, 513 &name_obj, &data_obj)) { 514 return NULL; 515 } 516 517 if (!PyArg_Parse(name_obj, "s", &name)) { 518 PyErr_SetString(PyExc_TypeError, "name must be a string"); 519 return NULL; 520 } 521 522 if (data_obj) 523 GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view); 524 525 digest = EVP_get_digestbyname(name); 526 527 ret_obj = EVPnew(name_obj, digest, NULL, (unsigned char*)view.buf, view.len); 528 529 if (data_obj) 530 PyBuffer_Release(&view); 531 return ret_obj; 532 } 533 534 #if (OPENSSL_VERSION_NUMBER >= 0x10000000 && !defined(OPENSSL_NO_HMAC) \ 535 && !defined(OPENSSL_NO_SHA)) 536 537 #define PY_PBKDF2_HMAC 1 538 539 #if !HAS_FAST_PKCS5_PBKDF2_HMAC 540 /* Improved implementation of PKCS5_PBKDF2_HMAC() 541 * 542 * PKCS5_PBKDF2_HMAC_fast() hashes the password exactly one time instead of 543 * `iter` times. Today (2013) the iteration count is typically 100,000 or 544 * more. The improved algorithm is not subject to a Denial-of-Service 545 * vulnerability with overly large passwords. 546 * 547 * Also OpenSSL < 1.0 don't provide PKCS5_PBKDF2_HMAC(), only 548 * PKCS5_PBKDF2_SHA1. 549 */ 550 static int 551 PKCS5_PBKDF2_HMAC_fast(const char *pass, int passlen, 552 const unsigned char *salt, int saltlen, 553 int iter, const EVP_MD *digest, 554 int keylen, unsigned char *out) 555 { 556 unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; 557 int cplen, j, k, tkeylen, mdlen; 558 unsigned long i = 1; 559 HMAC_CTX hctx_tpl, hctx; 560 561 mdlen = EVP_MD_size(digest); 562 if (mdlen < 0) 563 return 0; 564 565 HMAC_CTX_init(&hctx_tpl); 566 HMAC_CTX_init(&hctx); 567 p = out; 568 tkeylen = keylen; 569 if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) { 570 HMAC_CTX_cleanup(&hctx_tpl); 571 return 0; 572 } 573 while (tkeylen) { 574 if (tkeylen > mdlen) 575 cplen = mdlen; 576 else 577 cplen = tkeylen; 578 /* We are unlikely to ever use more than 256 blocks (5120 bits!) 579 * but just in case... 580 */ 581 itmp[0] = (unsigned char)((i >> 24) & 0xff); 582 itmp[1] = (unsigned char)((i >> 16) & 0xff); 583 itmp[2] = (unsigned char)((i >> 8) & 0xff); 584 itmp[3] = (unsigned char)(i & 0xff); 585 if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { 586 HMAC_CTX_cleanup(&hctx_tpl); 587 return 0; 588 } 589 if (!HMAC_Update(&hctx, salt, saltlen) 590 || !HMAC_Update(&hctx, itmp, 4) 591 || !HMAC_Final(&hctx, digtmp, NULL)) { 592 HMAC_CTX_cleanup(&hctx_tpl); 593 HMAC_CTX_cleanup(&hctx); 594 return 0; 595 } 596 HMAC_CTX_cleanup(&hctx); 597 memcpy(p, digtmp, cplen); 598 for (j = 1; j < iter; j++) { 599 if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { 600 HMAC_CTX_cleanup(&hctx_tpl); 601 return 0; 602 } 603 if (!HMAC_Update(&hctx, digtmp, mdlen) 604 || !HMAC_Final(&hctx, digtmp, NULL)) { 605 HMAC_CTX_cleanup(&hctx_tpl); 606 HMAC_CTX_cleanup(&hctx); 607 return 0; 608 } 609 HMAC_CTX_cleanup(&hctx); 610 for (k = 0; k < cplen; k++) { 611 p[k] ^= digtmp[k]; 612 } 613 } 614 tkeylen-= cplen; 615 i++; 616 p+= cplen; 617 } 618 HMAC_CTX_cleanup(&hctx_tpl); 619 return 1; 620 } 621 #endif 622 623 624 PyDoc_STRVAR(pbkdf2_hmac__doc__, 625 "pbkdf2_hmac(hash_name, password, salt, iterations, dklen=None) -> key\n\ 626 \n\ 627 Password based key derivation function 2 (PKCS #5 v2.0) with HMAC as\n\ 628 pseudorandom function."); 629 630 static PyObject * 631 pbkdf2_hmac(PyObject *self, PyObject *args, PyObject *kwdict) 632 { 633 static char *kwlist[] = {"hash_name", "password", "salt", "iterations", 634 "dklen", NULL}; 635 PyObject *key_obj = NULL, *dklen_obj = Py_None; 636 char *name, *key; 637 Py_buffer password, salt; 638 long iterations, dklen; 639 int retval; 640 const EVP_MD *digest; 641 642 if (!PyArg_ParseTupleAndKeywords(args, kwdict, "sy*y*l|O:pbkdf2_hmac", 643 kwlist, &name, &password, &salt, 644 &iterations, &dklen_obj)) { 645 return NULL; 646 } 647 648 digest = EVP_get_digestbyname(name); 649 if (digest == NULL) { 650 PyErr_SetString(PyExc_ValueError, "unsupported hash type"); 651 goto end; 652 } 653 654 if (password.len > INT_MAX) { 655 PyErr_SetString(PyExc_OverflowError, 656 "password is too long."); 657 goto end; 658 } 659 660 if (salt.len > INT_MAX) { 661 PyErr_SetString(PyExc_OverflowError, 662 "salt is too long."); 663 goto end; 664 } 665 666 if (iterations < 1) { 667 PyErr_SetString(PyExc_ValueError, 668 "iteration value must be greater than 0."); 669 goto end; 670 } 671 if (iterations > INT_MAX) { 672 PyErr_SetString(PyExc_OverflowError, 673 "iteration value is too great."); 674 goto end; 675 } 676 677 if (dklen_obj == Py_None) { 678 dklen = EVP_MD_size(digest); 679 } else { 680 dklen = PyLong_AsLong(dklen_obj); 681 if ((dklen == -1) && PyErr_Occurred()) { 682 goto end; 683 } 684 } 685 if (dklen < 1) { 686 PyErr_SetString(PyExc_ValueError, 687 "key length must be greater than 0."); 688 goto end; 689 } 690 if (dklen > INT_MAX) { 691 /* INT_MAX is always smaller than dkLen max (2^32 - 1) * hLen */ 692 PyErr_SetString(PyExc_OverflowError, 693 "key length is too great."); 694 goto end; 695 } 696 697 key_obj = PyBytes_FromStringAndSize(NULL, dklen); 698 if (key_obj == NULL) { 699 goto end; 700 } 701 key = PyBytes_AS_STRING(key_obj); 702 703 Py_BEGIN_ALLOW_THREADS 704 #if HAS_FAST_PKCS5_PBKDF2_HMAC 705 retval = PKCS5_PBKDF2_HMAC((char*)password.buf, (int)password.len, 706 (unsigned char *)salt.buf, (int)salt.len, 707 iterations, digest, dklen, 708 (unsigned char *)key); 709 #else 710 retval = PKCS5_PBKDF2_HMAC_fast((char*)password.buf, (int)password.len, 711 (unsigned char *)salt.buf, (int)salt.len, 712 iterations, digest, dklen, 713 (unsigned char *)key); 714 #endif 715 Py_END_ALLOW_THREADS 716 717 if (!retval) { 718 Py_CLEAR(key_obj); 719 _setException(PyExc_ValueError); 720 goto end; 721 } 722 723 end: 724 PyBuffer_Release(&password); 725 PyBuffer_Release(&salt); 726 return key_obj; 727 } 728 729 #endif 730 731 #if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_SCRYPT) && !defined(LIBRESSL_VERSION_NUMBER) 732 #define PY_SCRYPT 1 733 734 /* XXX: Parameters salt, n, r and p should be required keyword-only parameters. 735 They are optional in the Argument Clinic declaration only due to a 736 limitation of PyArg_ParseTupleAndKeywords. */ 737 738 /*[clinic input] 739 _hashlib.scrypt 740 741 password: Py_buffer 742 * 743 salt: Py_buffer = None 744 n as n_obj: object(subclass_of='&PyLong_Type') = None 745 r as r_obj: object(subclass_of='&PyLong_Type') = None 746 p as p_obj: object(subclass_of='&PyLong_Type') = None 747 maxmem: long = 0 748 dklen: long = 64 749 750 751 scrypt password-based key derivation function. 752 [clinic start generated code]*/ 753 754 static PyObject * 755 _hashlib_scrypt_impl(PyObject *module, Py_buffer *password, Py_buffer *salt, 756 PyObject *n_obj, PyObject *r_obj, PyObject *p_obj, 757 long maxmem, long dklen) 758 /*[clinic end generated code: output=14849e2aa2b7b46c input=48a7d63bf3f75c42]*/ 759 { 760 PyObject *key_obj = NULL; 761 char *key; 762 int retval; 763 unsigned long n, r, p; 764 765 if (password->len > INT_MAX) { 766 PyErr_SetString(PyExc_OverflowError, 767 "password is too long."); 768 return NULL; 769 } 770 771 if (salt->buf == NULL) { 772 PyErr_SetString(PyExc_TypeError, 773 "salt is required"); 774 return NULL; 775 } 776 if (salt->len > INT_MAX) { 777 PyErr_SetString(PyExc_OverflowError, 778 "salt is too long."); 779 return NULL; 780 } 781 782 n = PyLong_AsUnsignedLong(n_obj); 783 if (n == (unsigned long) -1 && PyErr_Occurred()) { 784 PyErr_SetString(PyExc_TypeError, 785 "n is required and must be an unsigned int"); 786 return NULL; 787 } 788 if (n < 2 || n & (n - 1)) { 789 PyErr_SetString(PyExc_ValueError, 790 "n must be a power of 2."); 791 return NULL; 792 } 793 794 r = PyLong_AsUnsignedLong(r_obj); 795 if (r == (unsigned long) -1 && PyErr_Occurred()) { 796 PyErr_SetString(PyExc_TypeError, 797 "r is required and must be an unsigned int"); 798 return NULL; 799 } 800 801 p = PyLong_AsUnsignedLong(p_obj); 802 if (p == (unsigned long) -1 && PyErr_Occurred()) { 803 PyErr_SetString(PyExc_TypeError, 804 "p is required and must be an unsigned int"); 805 return NULL; 806 } 807 808 if (maxmem < 0 || maxmem > INT_MAX) { 809 /* OpenSSL 1.1.0 restricts maxmem to 32 MiB. It may change in the 810 future. The maxmem constant is private to OpenSSL. */ 811 PyErr_Format(PyExc_ValueError, 812 "maxmem must be positive and smaller than %d", 813 INT_MAX); 814 return NULL; 815 } 816 817 if (dklen < 1 || dklen > INT_MAX) { 818 PyErr_Format(PyExc_ValueError, 819 "dklen must be greater than 0 and smaller than %d", 820 INT_MAX); 821 return NULL; 822 } 823 824 /* let OpenSSL validate the rest */ 825 retval = EVP_PBE_scrypt(NULL, 0, NULL, 0, n, r, p, maxmem, NULL, 0); 826 if (!retval) { 827 /* sorry, can't do much better */ 828 PyErr_SetString(PyExc_ValueError, 829 "Invalid parameter combination for n, r, p, maxmem."); 830 return NULL; 831 } 832 833 key_obj = PyBytes_FromStringAndSize(NULL, dklen); 834 if (key_obj == NULL) { 835 return NULL; 836 } 837 key = PyBytes_AS_STRING(key_obj); 838 839 Py_BEGIN_ALLOW_THREADS 840 retval = EVP_PBE_scrypt( 841 (const char*)password->buf, (size_t)password->len, 842 (const unsigned char *)salt->buf, (size_t)salt->len, 843 n, r, p, maxmem, 844 (unsigned char *)key, (size_t)dklen 845 ); 846 Py_END_ALLOW_THREADS 847 848 if (!retval) { 849 Py_CLEAR(key_obj); 850 _setException(PyExc_ValueError); 851 return NULL; 852 } 853 return key_obj; 854 } 855 #endif 856 857 /* Fast HMAC for hmac.digest() 858 */ 859 860 /*[clinic input] 861 _hashlib.hmac_digest 862 863 key: Py_buffer 864 msg: Py_buffer 865 digest: str 866 867 Single-shot HMAC. 868 [clinic start generated code]*/ 869 870 static PyObject * 871 _hashlib_hmac_digest_impl(PyObject *module, Py_buffer *key, Py_buffer *msg, 872 const char *digest) 873 /*[clinic end generated code: output=75630e684cdd8762 input=562d2f4249511bd3]*/ 874 { 875 unsigned char md[EVP_MAX_MD_SIZE] = {0}; 876 unsigned int md_len = 0; 877 unsigned char *result; 878 const EVP_MD *evp; 879 880 evp = EVP_get_digestbyname(digest); 881 if (evp == NULL) { 882 PyErr_SetString(PyExc_ValueError, "unsupported hash type"); 883 return NULL; 884 } 885 if (key->len > INT_MAX) { 886 PyErr_SetString(PyExc_OverflowError, 887 "key is too long."); 888 return NULL; 889 } 890 if (msg->len > INT_MAX) { 891 PyErr_SetString(PyExc_OverflowError, 892 "msg is too long."); 893 return NULL; 894 } 895 896 Py_BEGIN_ALLOW_THREADS 897 result = HMAC( 898 evp, 899 (const void*)key->buf, (int)key->len, 900 (const unsigned char*)msg->buf, (int)msg->len, 901 md, &md_len 902 ); 903 Py_END_ALLOW_THREADS 904 905 if (result == NULL) { 906 _setException(PyExc_ValueError); 907 return NULL; 908 } 909 return PyBytes_FromStringAndSize((const char*)md, md_len); 910 } 911 912 /* State for our callback function so that it can accumulate a result. */ 913 typedef struct _internal_name_mapper_state { 914 PyObject *set; 915 int error; 916 } _InternalNameMapperState; 917 918 919 /* A callback function to pass to OpenSSL's OBJ_NAME_do_all(...) */ 920 static void 921 _openssl_hash_name_mapper(const OBJ_NAME *openssl_obj_name, void *arg) 922 { 923 _InternalNameMapperState *state = (_InternalNameMapperState *)arg; 924 PyObject *py_name; 925 926 assert(state != NULL); 927 if (openssl_obj_name == NULL) 928 return; 929 /* Ignore aliased names, they pollute the list and OpenSSL appears to 930 * have its own definition of alias as the resulting list still 931 * contains duplicate and alternate names for several algorithms. */ 932 if (openssl_obj_name->alias) 933 return; 934 935 py_name = PyUnicode_FromString(openssl_obj_name->name); 936 if (py_name == NULL) { 937 state->error = 1; 938 } else { 939 if (PySet_Add(state->set, py_name) != 0) { 940 state->error = 1; 941 } 942 Py_DECREF(py_name); 943 } 944 } 945 946 947 /* Ask OpenSSL for a list of supported ciphers, filling in a Python set. */ 948 static PyObject* 949 generate_hash_name_list(void) 950 { 951 _InternalNameMapperState state; 952 state.set = PyFrozenSet_New(NULL); 953 if (state.set == NULL) 954 return NULL; 955 state.error = 0; 956 957 OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, &_openssl_hash_name_mapper, &state); 958 959 if (state.error) { 960 Py_DECREF(state.set); 961 return NULL; 962 } 963 return state.set; 964 } 965 966 967 /* 968 * This macro generates constructor function definitions for specific 969 * hash algorithms. These constructors are much faster than calling 970 * the generic one passing it a python string and are noticeably 971 * faster than calling a python new() wrapper. That is important for 972 * code that wants to make hashes of a bunch of small strings. 973 * The first call will lazy-initialize, which reports an exception 974 * if initialization fails. 975 */ 976 #define GEN_CONSTRUCTOR(NAME) \ 977 static PyObject * \ 978 EVP_new_ ## NAME (PyObject *self, PyObject *const *args, Py_ssize_t nargs) \ 979 { \ 980 PyObject *data_obj = NULL; \ 981 Py_buffer view = { 0 }; \ 982 PyObject *ret_obj; \ 983 \ 984 if (!_PyArg_ParseStack(args, nargs, "|O:" #NAME , &data_obj)) { \ 985 return NULL; \ 986 } \ 987 \ 988 if (CONST_new_ ## NAME ## _ctx_p == NULL) { \ 989 EVP_MD_CTX *ctx_p = EVP_MD_CTX_new(); \ 990 if (!EVP_get_digestbyname(#NAME) || \ 991 !EVP_DigestInit(ctx_p, EVP_get_digestbyname(#NAME))) { \ 992 _setException(PyExc_ValueError); \ 993 EVP_MD_CTX_free(ctx_p); \ 994 return NULL; \ 995 } \ 996 CONST_new_ ## NAME ## _ctx_p = ctx_p; \ 997 } \ 998 \ 999 if (data_obj) \ 1000 GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view); \ 1001 \ 1002 ret_obj = EVPnew( \ 1003 CONST_ ## NAME ## _name_obj, \ 1004 NULL, \ 1005 CONST_new_ ## NAME ## _ctx_p, \ 1006 (unsigned char*)view.buf, \ 1007 view.len); \ 1008 \ 1009 if (data_obj) \ 1010 PyBuffer_Release(&view); \ 1011 return ret_obj; \ 1012 } 1013 1014 /* a PyMethodDef structure for the constructor */ 1015 #define CONSTRUCTOR_METH_DEF(NAME) \ 1016 {"openssl_" #NAME, (PyCFunction)EVP_new_ ## NAME, METH_FASTCALL, \ 1017 PyDoc_STR("Returns a " #NAME \ 1018 " hash object; optionally initialized with a string") \ 1019 } 1020 1021 /* used in the init function to setup a constructor: initialize OpenSSL 1022 constructor constants if they haven't been initialized already. */ 1023 #define INIT_CONSTRUCTOR_CONSTANTS(NAME) do { \ 1024 if (CONST_ ## NAME ## _name_obj == NULL) { \ 1025 CONST_ ## NAME ## _name_obj = PyUnicode_FromString(#NAME); \ 1026 } \ 1027 } while (0); 1028 1029 GEN_CONSTRUCTOR(md5) 1030 GEN_CONSTRUCTOR(sha1) 1031 GEN_CONSTRUCTOR(sha224) 1032 GEN_CONSTRUCTOR(sha256) 1033 GEN_CONSTRUCTOR(sha384) 1034 GEN_CONSTRUCTOR(sha512) 1035 1036 /* List of functions exported by this module */ 1037 1038 static struct PyMethodDef EVP_functions[] = { 1039 {"new", (PyCFunction)EVP_new, METH_VARARGS|METH_KEYWORDS, EVP_new__doc__}, 1040 #ifdef PY_PBKDF2_HMAC 1041 {"pbkdf2_hmac", (PyCFunction)pbkdf2_hmac, METH_VARARGS|METH_KEYWORDS, 1042 pbkdf2_hmac__doc__}, 1043 #endif 1044 _HASHLIB_SCRYPT_METHODDEF 1045 _HASHLIB_HMAC_DIGEST_METHODDEF 1046 CONSTRUCTOR_METH_DEF(md5), 1047 CONSTRUCTOR_METH_DEF(sha1), 1048 CONSTRUCTOR_METH_DEF(sha224), 1049 CONSTRUCTOR_METH_DEF(sha256), 1050 CONSTRUCTOR_METH_DEF(sha384), 1051 CONSTRUCTOR_METH_DEF(sha512), 1052 {NULL, NULL} /* Sentinel */ 1053 }; 1054 1055 1056 /* Initialize this module. */ 1057 1058 1059 static struct PyModuleDef _hashlibmodule = { 1060 PyModuleDef_HEAD_INIT, 1061 "_hashlib", 1062 NULL, 1063 -1, 1064 EVP_functions, 1065 NULL, 1066 NULL, 1067 NULL, 1068 NULL 1069 }; 1070 1071 PyMODINIT_FUNC 1072 PyInit__hashlib(void) 1073 { 1074 PyObject *m, *openssl_md_meth_names; 1075 1076 #ifndef OPENSSL_VERSION_1_1 1077 /* Load all digest algorithms and initialize cpuid */ 1078 OPENSSL_add_all_algorithms_noconf(); 1079 ERR_load_crypto_strings(); 1080 #endif 1081 1082 /* TODO build EVP_functions openssl_* entries dynamically based 1083 * on what hashes are supported rather than listing many 1084 * but having some be unsupported. Only init appropriate 1085 * constants. */ 1086 1087 Py_TYPE(&EVPtype) = &PyType_Type; 1088 if (PyType_Ready(&EVPtype) < 0) 1089 return NULL; 1090 1091 m = PyModule_Create(&_hashlibmodule); 1092 if (m == NULL) 1093 return NULL; 1094 1095 openssl_md_meth_names = generate_hash_name_list(); 1096 if (openssl_md_meth_names == NULL) { 1097 Py_DECREF(m); 1098 return NULL; 1099 } 1100 if (PyModule_AddObject(m, "openssl_md_meth_names", openssl_md_meth_names)) { 1101 Py_DECREF(m); 1102 return NULL; 1103 } 1104 1105 Py_INCREF((PyObject *)&EVPtype); 1106 PyModule_AddObject(m, "HASH", (PyObject *)&EVPtype); 1107 1108 /* these constants are used by the convenience constructors */ 1109 INIT_CONSTRUCTOR_CONSTANTS(md5); 1110 INIT_CONSTRUCTOR_CONSTANTS(sha1); 1111 INIT_CONSTRUCTOR_CONSTANTS(sha224); 1112 INIT_CONSTRUCTOR_CONSTANTS(sha256); 1113 INIT_CONSTRUCTOR_CONSTANTS(sha384); 1114 INIT_CONSTRUCTOR_CONSTANTS(sha512); 1115 return m; 1116 } 1117