1 /* Module that wraps all OpenSSL hash algorithms */ 2 3 /* 4 * Copyright (C) 2005-2010 Gregory P. Smith (greg (at) krypto.org) 5 * Licensed to PSF under a Contributor Agreement. 6 * 7 * Derived from a skeleton of shamodule.c containing work performed by: 8 * 9 * Andrew Kuchling (amk (at) amk.ca) 10 * Greg Stein (gstein (at) lyra.org) 11 * 12 */ 13 14 #define PY_SSIZE_T_CLEAN 15 16 #include "Python.h" 17 #include "structmember.h" 18 19 #ifdef WITH_THREAD 20 #include "pythread.h" 21 #define ENTER_HASHLIB(obj) \ 22 if ((obj)->lock) { \ 23 if (!PyThread_acquire_lock((obj)->lock, 0)) { \ 24 Py_BEGIN_ALLOW_THREADS \ 25 PyThread_acquire_lock((obj)->lock, 1); \ 26 Py_END_ALLOW_THREADS \ 27 } \ 28 } 29 #define LEAVE_HASHLIB(obj) \ 30 if ((obj)->lock) { \ 31 PyThread_release_lock((obj)->lock); \ 32 } 33 #else 34 #define ENTER_HASHLIB(obj) 35 #define LEAVE_HASHLIB(obj) 36 #endif 37 38 /* EVP is the preferred interface to hashing in OpenSSL */ 39 #include <openssl/evp.h> 40 #include <openssl/err.h> 41 /* We use the object interface to discover what hashes OpenSSL supports. */ 42 #include <openssl/objects.h> 43 #include "openssl/err.h" 44 45 #define MUNCH_SIZE INT_MAX 46 47 /* TODO(gps): We should probably make this a module or EVPobject attribute 48 * to allow the user to optimize based on the platform they're using. */ 49 #define HASHLIB_GIL_MINSIZE 2048 50 51 #ifndef HASH_OBJ_CONSTRUCTOR 52 #define HASH_OBJ_CONSTRUCTOR 0 53 #endif 54 55 #if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x00908000) 56 #define _OPENSSL_SUPPORTS_SHA2 57 #endif 58 59 #if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) 60 /* OpenSSL < 1.1.0 */ 61 #define EVP_MD_CTX_new EVP_MD_CTX_create 62 #define EVP_MD_CTX_free EVP_MD_CTX_destroy 63 #define HAS_FAST_PKCS5_PBKDF2_HMAC 0 64 #include <openssl/hmac.h> 65 #else 66 /* OpenSSL >= 1.1.0 */ 67 #define HAS_FAST_PKCS5_PBKDF2_HMAC 1 68 #endif 69 70 71 typedef struct { 72 PyObject_HEAD 73 PyObject *name; /* name of this hash algorithm */ 74 EVP_MD_CTX *ctx; /* OpenSSL message digest context */ 75 #ifdef WITH_THREAD 76 PyThread_type_lock lock; /* OpenSSL context lock */ 77 #endif 78 } EVPobject; 79 80 81 static PyTypeObject EVPtype; 82 83 84 #define DEFINE_CONSTS_FOR_NEW(Name) \ 85 static PyObject *CONST_ ## Name ## _name_obj = NULL; \ 86 static EVP_MD_CTX *CONST_new_ ## Name ## _ctx_p = NULL; 87 88 DEFINE_CONSTS_FOR_NEW(md5) 89 DEFINE_CONSTS_FOR_NEW(sha1) 90 #ifdef _OPENSSL_SUPPORTS_SHA2 91 DEFINE_CONSTS_FOR_NEW(sha224) 92 DEFINE_CONSTS_FOR_NEW(sha256) 93 DEFINE_CONSTS_FOR_NEW(sha384) 94 DEFINE_CONSTS_FOR_NEW(sha512) 95 #endif 96 97 98 /* LCOV_EXCL_START */ 99 static PyObject * 100 _setException(PyObject *exc) 101 { 102 unsigned long errcode; 103 const char *lib, *func, *reason; 104 105 errcode = ERR_peek_last_error(); 106 if (!errcode) { 107 PyErr_SetString(exc, "unknown reasons"); 108 return NULL; 109 } 110 ERR_clear_error(); 111 112 lib = ERR_lib_error_string(errcode); 113 func = ERR_func_error_string(errcode); 114 reason = ERR_reason_error_string(errcode); 115 116 if (lib && func) { 117 PyErr_Format(exc, "[%s: %s] %s", lib, func, reason); 118 } 119 else if (lib) { 120 PyErr_Format(exc, "[%s] %s", lib, reason); 121 } 122 else { 123 PyErr_SetString(exc, reason); 124 } 125 return NULL; 126 } 127 /* LCOV_EXCL_STOP */ 128 129 static EVPobject * 130 newEVPobject(PyObject *name) 131 { 132 EVPobject *retval = (EVPobject *)PyObject_New(EVPobject, &EVPtype); 133 if (retval == NULL) 134 return NULL; 135 136 retval->ctx = EVP_MD_CTX_new(); 137 if (retval->ctx == NULL) { 138 PyErr_NoMemory(); 139 return NULL; 140 } 141 142 /* save the name for .name to return */ 143 Py_INCREF(name); 144 retval->name = name; 145 #ifdef WITH_THREAD 146 retval->lock = NULL; 147 #endif 148 149 return retval; 150 } 151 152 static void 153 EVP_hash(EVPobject *self, const void *vp, Py_ssize_t len) 154 { 155 unsigned int process; 156 const unsigned char *cp = (const unsigned char *)vp; 157 while (0 < len) 158 { 159 if (len > (Py_ssize_t)MUNCH_SIZE) 160 process = MUNCH_SIZE; 161 else 162 process = Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int); 163 EVP_DigestUpdate(self->ctx, (const void*)cp, process); 164 len -= process; 165 cp += process; 166 } 167 } 168 169 /* Internal methods for a hash object */ 170 171 static void 172 EVP_dealloc(EVPobject *self) 173 { 174 #ifdef WITH_THREAD 175 if (self->lock != NULL) 176 PyThread_free_lock(self->lock); 177 #endif 178 EVP_MD_CTX_free(self->ctx); 179 Py_XDECREF(self->name); 180 PyObject_Del(self); 181 } 182 183 static int 184 locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self) 185 { 186 int result; 187 ENTER_HASHLIB(self); 188 /* XXX no error reporting */ 189 result = EVP_MD_CTX_copy(new_ctx_p, self->ctx); 190 LEAVE_HASHLIB(self); 191 return result; 192 } 193 194 /* External methods for a hash object */ 195 196 PyDoc_STRVAR(EVP_copy__doc__, "Return a copy of the hash object."); 197 198 199 static PyObject * 200 EVP_copy(EVPobject *self, PyObject *unused) 201 { 202 EVPobject *newobj; 203 204 if ( (newobj = newEVPobject(self->name))==NULL) 205 return NULL; 206 207 if (!locked_EVP_MD_CTX_copy(newobj->ctx, self)) { 208 return _setException(PyExc_ValueError); 209 } 210 return (PyObject *)newobj; 211 } 212 213 PyDoc_STRVAR(EVP_digest__doc__, 214 "Return the digest value as a string of binary data."); 215 216 static PyObject * 217 EVP_digest(EVPobject *self, PyObject *unused) 218 { 219 unsigned char digest[EVP_MAX_MD_SIZE]; 220 EVP_MD_CTX *temp_ctx; 221 PyObject *retval; 222 unsigned int digest_size; 223 224 temp_ctx = EVP_MD_CTX_new(); 225 if (temp_ctx == NULL) { 226 PyErr_NoMemory(); 227 return NULL; 228 } 229 230 if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { 231 return _setException(PyExc_ValueError); 232 } 233 digest_size = EVP_MD_CTX_size(temp_ctx); 234 EVP_DigestFinal(temp_ctx, digest, NULL); 235 236 retval = PyString_FromStringAndSize((const char *)digest, digest_size); 237 EVP_MD_CTX_free(temp_ctx); 238 return retval; 239 } 240 241 PyDoc_STRVAR(EVP_hexdigest__doc__, 242 "Return the digest value as a string of hexadecimal digits."); 243 244 static PyObject * 245 EVP_hexdigest(EVPobject *self, PyObject *unused) 246 { 247 unsigned char digest[EVP_MAX_MD_SIZE]; 248 EVP_MD_CTX *temp_ctx; 249 PyObject *retval; 250 char *hex_digest; 251 unsigned int i, j, digest_size; 252 253 temp_ctx = EVP_MD_CTX_new(); 254 if (temp_ctx == NULL) { 255 PyErr_NoMemory(); 256 return NULL; 257 } 258 259 /* Get the raw (binary) digest value */ 260 if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { 261 return _setException(PyExc_ValueError); 262 } 263 digest_size = EVP_MD_CTX_size(temp_ctx); 264 EVP_DigestFinal(temp_ctx, digest, NULL); 265 266 EVP_MD_CTX_free(temp_ctx); 267 268 /* Create a new string */ 269 /* NOTE: not thread safe! modifying an already created string object */ 270 /* (not a problem because we hold the GIL by default) */ 271 retval = PyString_FromStringAndSize(NULL, digest_size * 2); 272 if (!retval) 273 return NULL; 274 hex_digest = PyString_AsString(retval); 275 if (!hex_digest) { 276 Py_DECREF(retval); 277 return NULL; 278 } 279 280 /* Make hex version of the digest */ 281 for(i=j=0; i<digest_size; i++) { 282 char c; 283 c = (digest[i] >> 4) & 0xf; 284 c = (c>9) ? c+'a'-10 : c + '0'; 285 hex_digest[j++] = c; 286 c = (digest[i] & 0xf); 287 c = (c>9) ? c+'a'-10 : c + '0'; 288 hex_digest[j++] = c; 289 } 290 return retval; 291 } 292 293 PyDoc_STRVAR(EVP_update__doc__, 294 "Update this hash object's state with the provided string."); 295 296 static PyObject * 297 EVP_update(EVPobject *self, PyObject *args) 298 { 299 Py_buffer view; 300 301 if (!PyArg_ParseTuple(args, "s*:update", &view)) 302 return NULL; 303 304 #ifdef WITH_THREAD 305 if (self->lock == NULL && view.len >= HASHLIB_GIL_MINSIZE) { 306 self->lock = PyThread_allocate_lock(); 307 /* fail? lock = NULL and we fail over to non-threaded code. */ 308 } 309 310 if (self->lock != NULL) { 311 Py_BEGIN_ALLOW_THREADS 312 PyThread_acquire_lock(self->lock, 1); 313 EVP_hash(self, view.buf, view.len); 314 PyThread_release_lock(self->lock); 315 Py_END_ALLOW_THREADS 316 } 317 else 318 #endif 319 { 320 EVP_hash(self, view.buf, view.len); 321 } 322 323 PyBuffer_Release(&view); 324 325 Py_RETURN_NONE; 326 } 327 328 static PyMethodDef EVP_methods[] = { 329 {"update", (PyCFunction)EVP_update, METH_VARARGS, EVP_update__doc__}, 330 {"digest", (PyCFunction)EVP_digest, METH_NOARGS, EVP_digest__doc__}, 331 {"hexdigest", (PyCFunction)EVP_hexdigest, METH_NOARGS, EVP_hexdigest__doc__}, 332 {"copy", (PyCFunction)EVP_copy, METH_NOARGS, EVP_copy__doc__}, 333 {NULL, NULL} /* sentinel */ 334 }; 335 336 static PyObject * 337 EVP_get_block_size(EVPobject *self, void *closure) 338 { 339 long block_size; 340 block_size = EVP_MD_CTX_block_size(self->ctx); 341 return PyLong_FromLong(block_size); 342 } 343 344 static PyObject * 345 EVP_get_digest_size(EVPobject *self, void *closure) 346 { 347 long size; 348 size = EVP_MD_CTX_size(self->ctx); 349 return PyLong_FromLong(size); 350 } 351 352 static PyMemberDef EVP_members[] = { 353 {"name", T_OBJECT, offsetof(EVPobject, name), READONLY, PyDoc_STR("algorithm name.")}, 354 {NULL} /* Sentinel */ 355 }; 356 357 static PyGetSetDef EVP_getseters[] = { 358 {"digest_size", 359 (getter)EVP_get_digest_size, NULL, 360 NULL, 361 NULL}, 362 {"block_size", 363 (getter)EVP_get_block_size, NULL, 364 NULL, 365 NULL}, 366 /* the old md5 and sha modules support 'digest_size' as in PEP 247. 367 * the old sha module also supported 'digestsize'. ugh. */ 368 {"digestsize", 369 (getter)EVP_get_digest_size, NULL, 370 NULL, 371 NULL}, 372 {NULL} /* Sentinel */ 373 }; 374 375 376 static PyObject * 377 EVP_repr(PyObject *self) 378 { 379 char buf[100]; 380 PyOS_snprintf(buf, sizeof(buf), "<%s HASH object @ %p>", 381 PyString_AsString(((EVPobject *)self)->name), self); 382 return PyString_FromString(buf); 383 } 384 385 #if HASH_OBJ_CONSTRUCTOR 386 static int 387 EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds) 388 { 389 static char *kwlist[] = {"name", "string", NULL}; 390 PyObject *name_obj = NULL; 391 Py_buffer view = { 0 }; 392 char *nameStr; 393 const EVP_MD *digest; 394 395 if (!PyArg_ParseTupleAndKeywords(args, kwds, "O|s*:HASH", kwlist, 396 &name_obj, &view)) { 397 return -1; 398 } 399 400 if (!PyArg_Parse(name_obj, "s", &nameStr)) { 401 PyErr_SetString(PyExc_TypeError, "name must be a string"); 402 PyBuffer_Release(&view); 403 return -1; 404 } 405 406 digest = EVP_get_digestbyname(nameStr); 407 if (!digest) { 408 PyErr_SetString(PyExc_ValueError, "unknown hash function"); 409 PyBuffer_Release(&view); 410 return -1; 411 } 412 EVP_DigestInit(self->ctx, digest); 413 414 self->name = name_obj; 415 Py_INCREF(self->name); 416 417 if (view.obj) { 418 if (view.len >= HASHLIB_GIL_MINSIZE) { 419 Py_BEGIN_ALLOW_THREADS 420 EVP_hash(self, view.buf, view.len); 421 Py_END_ALLOW_THREADS 422 } else { 423 EVP_hash(self, view.buf, view.len); 424 } 425 PyBuffer_Release(&view); 426 } 427 428 return 0; 429 } 430 #endif 431 432 433 PyDoc_STRVAR(hashtype_doc, 434 "A hash represents the object used to calculate a checksum of a\n\ 435 string of information.\n\ 436 \n\ 437 Methods:\n\ 438 \n\ 439 update() -- updates the current digest with an additional string\n\ 440 digest() -- return the current digest value\n\ 441 hexdigest() -- return the current digest as a string of hexadecimal digits\n\ 442 copy() -- return a copy of the current hash object\n\ 443 \n\ 444 Attributes:\n\ 445 \n\ 446 name -- the hash algorithm being used by this object\n\ 447 digest_size -- number of bytes in this hashes output\n"); 448 449 static PyTypeObject EVPtype = { 450 PyVarObject_HEAD_INIT(NULL, 0) 451 "_hashlib.HASH", /*tp_name*/ 452 sizeof(EVPobject), /*tp_basicsize*/ 453 0, /*tp_itemsize*/ 454 /* methods */ 455 (destructor)EVP_dealloc, /*tp_dealloc*/ 456 0, /*tp_print*/ 457 0, /*tp_getattr*/ 458 0, /*tp_setattr*/ 459 0, /*tp_compare*/ 460 EVP_repr, /*tp_repr*/ 461 0, /*tp_as_number*/ 462 0, /*tp_as_sequence*/ 463 0, /*tp_as_mapping*/ 464 0, /*tp_hash*/ 465 0, /*tp_call*/ 466 0, /*tp_str*/ 467 0, /*tp_getattro*/ 468 0, /*tp_setattro*/ 469 0, /*tp_as_buffer*/ 470 Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, /*tp_flags*/ 471 hashtype_doc, /*tp_doc*/ 472 0, /*tp_traverse*/ 473 0, /*tp_clear*/ 474 0, /*tp_richcompare*/ 475 0, /*tp_weaklistoffset*/ 476 0, /*tp_iter*/ 477 0, /*tp_iternext*/ 478 EVP_methods, /* tp_methods */ 479 EVP_members, /* tp_members */ 480 EVP_getseters, /* tp_getset */ 481 #if 1 482 0, /* tp_base */ 483 0, /* tp_dict */ 484 0, /* tp_descr_get */ 485 0, /* tp_descr_set */ 486 0, /* tp_dictoffset */ 487 #endif 488 #if HASH_OBJ_CONSTRUCTOR 489 (initproc)EVP_tp_init, /* tp_init */ 490 #endif 491 }; 492 493 static PyObject * 494 EVPnew(PyObject *name_obj, 495 const EVP_MD *digest, const EVP_MD_CTX *initial_ctx, 496 const unsigned char *cp, Py_ssize_t len) 497 { 498 EVPobject *self; 499 500 if (!digest && !initial_ctx) { 501 PyErr_SetString(PyExc_ValueError, "unsupported hash type"); 502 return NULL; 503 } 504 505 if ((self = newEVPobject(name_obj)) == NULL) 506 return NULL; 507 508 if (initial_ctx) { 509 EVP_MD_CTX_copy(self->ctx, initial_ctx); 510 } else { 511 EVP_DigestInit(self->ctx, digest); 512 } 513 514 if (cp && len) { 515 if (len >= HASHLIB_GIL_MINSIZE) { 516 Py_BEGIN_ALLOW_THREADS 517 EVP_hash(self, cp, len); 518 Py_END_ALLOW_THREADS 519 } else { 520 EVP_hash(self, cp, len); 521 } 522 } 523 524 return (PyObject *)self; 525 } 526 527 528 /* The module-level function: new() */ 529 530 PyDoc_STRVAR(EVP_new__doc__, 531 "Return a new hash object using the named algorithm.\n\ 532 An optional string argument may be provided and will be\n\ 533 automatically hashed.\n\ 534 \n\ 535 The MD5 and SHA1 algorithms are always supported.\n"); 536 537 static PyObject * 538 EVP_new(PyObject *self, PyObject *args, PyObject *kwdict) 539 { 540 static char *kwlist[] = {"name", "string", NULL}; 541 PyObject *name_obj = NULL; 542 Py_buffer view = { 0 }; 543 PyObject *ret_obj; 544 char *name; 545 const EVP_MD *digest; 546 547 if (!PyArg_ParseTupleAndKeywords(args, kwdict, "O|s*:new", kwlist, 548 &name_obj, &view)) { 549 return NULL; 550 } 551 552 if (!PyArg_Parse(name_obj, "s", &name)) { 553 PyBuffer_Release(&view); 554 PyErr_SetString(PyExc_TypeError, "name must be a string"); 555 return NULL; 556 } 557 558 digest = EVP_get_digestbyname(name); 559 560 ret_obj = EVPnew(name_obj, digest, NULL, (unsigned char*)view.buf, 561 view.len); 562 PyBuffer_Release(&view); 563 564 return ret_obj; 565 } 566 567 568 #if (OPENSSL_VERSION_NUMBER >= 0x10000000 && !defined(OPENSSL_NO_HMAC) \ 569 && !defined(OPENSSL_NO_SHA)) 570 571 #define PY_PBKDF2_HMAC 1 572 573 #if !HAS_FAST_PKCS5_PBKDF2_HMAC 574 /* Improved implementation of PKCS5_PBKDF2_HMAC() 575 * 576 * PKCS5_PBKDF2_HMAC_fast() hashes the password exactly one time instead of 577 * `iter` times. Today (2013) the iteration count is typically 100,000 or 578 * more. The improved algorithm is not subject to a Denial-of-Service 579 * vulnerability with overly large passwords. 580 * 581 * Also OpenSSL < 1.0 don't provide PKCS5_PBKDF2_HMAC(), only 582 * PKCS5_PBKDF2_SHA1. 583 */ 584 static int 585 PKCS5_PBKDF2_HMAC_fast(const char *pass, int passlen, 586 const unsigned char *salt, int saltlen, 587 int iter, const EVP_MD *digest, 588 int keylen, unsigned char *out) 589 { 590 unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; 591 int cplen, j, k, tkeylen, mdlen; 592 unsigned long i = 1; 593 HMAC_CTX hctx_tpl, hctx; 594 595 mdlen = EVP_MD_size(digest); 596 if (mdlen < 0) 597 return 0; 598 599 HMAC_CTX_init(&hctx_tpl); 600 HMAC_CTX_init(&hctx); 601 p = out; 602 tkeylen = keylen; 603 if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) { 604 HMAC_CTX_cleanup(&hctx_tpl); 605 return 0; 606 } 607 while (tkeylen) { 608 if (tkeylen > mdlen) 609 cplen = mdlen; 610 else 611 cplen = tkeylen; 612 /* We are unlikely to ever use more than 256 blocks (5120 bits!) 613 * but just in case... 614 */ 615 itmp[0] = (unsigned char)((i >> 24) & 0xff); 616 itmp[1] = (unsigned char)((i >> 16) & 0xff); 617 itmp[2] = (unsigned char)((i >> 8) & 0xff); 618 itmp[3] = (unsigned char)(i & 0xff); 619 if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { 620 HMAC_CTX_cleanup(&hctx_tpl); 621 return 0; 622 } 623 if (!HMAC_Update(&hctx, salt, saltlen) 624 || !HMAC_Update(&hctx, itmp, 4) 625 || !HMAC_Final(&hctx, digtmp, NULL)) { 626 HMAC_CTX_cleanup(&hctx_tpl); 627 HMAC_CTX_cleanup(&hctx); 628 return 0; 629 } 630 HMAC_CTX_cleanup(&hctx); 631 memcpy(p, digtmp, cplen); 632 for (j = 1; j < iter; j++) { 633 if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { 634 HMAC_CTX_cleanup(&hctx_tpl); 635 return 0; 636 } 637 if (!HMAC_Update(&hctx, digtmp, mdlen) 638 || !HMAC_Final(&hctx, digtmp, NULL)) { 639 HMAC_CTX_cleanup(&hctx_tpl); 640 HMAC_CTX_cleanup(&hctx); 641 return 0; 642 } 643 HMAC_CTX_cleanup(&hctx); 644 for (k = 0; k < cplen; k++) { 645 p[k] ^= digtmp[k]; 646 } 647 } 648 tkeylen-= cplen; 649 i++; 650 p+= cplen; 651 } 652 HMAC_CTX_cleanup(&hctx_tpl); 653 return 1; 654 } 655 #endif 656 657 658 PyDoc_STRVAR(pbkdf2_hmac__doc__, 659 "pbkdf2_hmac(hash_name, password, salt, iterations, dklen=None) -> key\n\ 660 \n\ 661 Password based key derivation function 2 (PKCS #5 v2.0) with HMAC as\n\ 662 pseudorandom function."); 663 664 static PyObject * 665 pbkdf2_hmac(PyObject *self, PyObject *args, PyObject *kwdict) 666 { 667 static char *kwlist[] = {"hash_name", "password", "salt", "iterations", 668 "dklen", NULL}; 669 PyObject *key_obj = NULL, *dklen_obj = Py_None; 670 char *name, *key; 671 Py_buffer password, salt; 672 long iterations, dklen; 673 int retval; 674 const EVP_MD *digest; 675 676 if (!PyArg_ParseTupleAndKeywords(args, kwdict, "ss*s*l|O:pbkdf2_hmac", 677 kwlist, &name, &password, &salt, 678 &iterations, &dklen_obj)) { 679 return NULL; 680 } 681 682 digest = EVP_get_digestbyname(name); 683 if (digest == NULL) { 684 PyErr_SetString(PyExc_ValueError, "unsupported hash type"); 685 goto end; 686 } 687 688 if (password.len > INT_MAX) { 689 PyErr_SetString(PyExc_OverflowError, 690 "password is too long."); 691 goto end; 692 } 693 694 if (salt.len > INT_MAX) { 695 PyErr_SetString(PyExc_OverflowError, 696 "salt is too long."); 697 goto end; 698 } 699 700 if (iterations < 1) { 701 PyErr_SetString(PyExc_ValueError, 702 "iteration value must be greater than 0."); 703 goto end; 704 } 705 if (iterations > INT_MAX) { 706 PyErr_SetString(PyExc_OverflowError, 707 "iteration value is too great."); 708 goto end; 709 } 710 711 if (dklen_obj == Py_None) { 712 dklen = EVP_MD_size(digest); 713 } else { 714 dklen = PyLong_AsLong(dklen_obj); 715 if ((dklen == -1) && PyErr_Occurred()) { 716 goto end; 717 } 718 } 719 if (dklen < 1) { 720 PyErr_SetString(PyExc_ValueError, 721 "key length must be greater than 0."); 722 goto end; 723 } 724 if (dklen > INT_MAX) { 725 /* INT_MAX is always smaller than dkLen max (2^32 - 1) * hLen */ 726 PyErr_SetString(PyExc_OverflowError, 727 "key length is too great."); 728 goto end; 729 } 730 731 key_obj = PyBytes_FromStringAndSize(NULL, dklen); 732 if (key_obj == NULL) { 733 goto end; 734 } 735 key = PyBytes_AS_STRING(key_obj); 736 737 Py_BEGIN_ALLOW_THREADS 738 #if HAS_FAST_PKCS5_PBKDF2_HMAC 739 retval = PKCS5_PBKDF2_HMAC((char*)password.buf, (int)password.len, 740 (unsigned char *)salt.buf, (int)salt.len, 741 iterations, digest, dklen, 742 (unsigned char *)key); 743 #else 744 retval = PKCS5_PBKDF2_HMAC_fast((char*)password.buf, (int)password.len, 745 (unsigned char *)salt.buf, (int)salt.len, 746 iterations, digest, dklen, 747 (unsigned char *)key); 748 #endif 749 Py_END_ALLOW_THREADS 750 751 if (!retval) { 752 Py_CLEAR(key_obj); 753 _setException(PyExc_ValueError); 754 goto end; 755 } 756 757 end: 758 PyBuffer_Release(&password); 759 PyBuffer_Release(&salt); 760 return key_obj; 761 } 762 763 #endif 764 765 /* State for our callback function so that it can accumulate a result. */ 766 typedef struct _internal_name_mapper_state { 767 PyObject *set; 768 int error; 769 } _InternalNameMapperState; 770 771 772 /* A callback function to pass to OpenSSL's OBJ_NAME_do_all(...) */ 773 static void 774 _openssl_hash_name_mapper(const OBJ_NAME *openssl_obj_name, void *arg) 775 { 776 _InternalNameMapperState *state = (_InternalNameMapperState *)arg; 777 PyObject *py_name; 778 779 assert(state != NULL); 780 if (openssl_obj_name == NULL) 781 return; 782 /* Ignore aliased names, they pollute the list and OpenSSL appears to 783 * have its own definition of alias as the resulting list still 784 * contains duplicate and alternate names for several algorithms. */ 785 if (openssl_obj_name->alias) 786 return; 787 788 py_name = PyString_FromString(openssl_obj_name->name); 789 if (py_name == NULL) { 790 state->error = 1; 791 } else { 792 if (PySet_Add(state->set, py_name) != 0) { 793 state->error = 1; 794 } 795 Py_DECREF(py_name); 796 } 797 } 798 799 800 /* Ask OpenSSL for a list of supported ciphers, filling in a Python set. */ 801 static PyObject* 802 generate_hash_name_list(void) 803 { 804 _InternalNameMapperState state; 805 state.set = PyFrozenSet_New(NULL); 806 if (state.set == NULL) 807 return NULL; 808 state.error = 0; 809 810 OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, &_openssl_hash_name_mapper, &state); 811 812 if (state.error) { 813 Py_DECREF(state.set); 814 return NULL; 815 } 816 return state.set; 817 } 818 819 820 /* 821 * This macro generates constructor function definitions for specific 822 * hash algorithms. These constructors are much faster than calling 823 * the generic one passing it a python string and are noticeably 824 * faster than calling a python new() wrapper. Thats important for 825 * code that wants to make hashes of a bunch of small strings. 826 */ 827 #define GEN_CONSTRUCTOR(NAME) \ 828 static PyObject * \ 829 EVP_new_ ## NAME (PyObject *self, PyObject *args) \ 830 { \ 831 Py_buffer view = { 0 }; \ 832 PyObject *ret_obj; \ 833 \ 834 if (!PyArg_ParseTuple(args, "|s*:" #NAME , &view)) { \ 835 return NULL; \ 836 } \ 837 \ 838 ret_obj = EVPnew( \ 839 CONST_ ## NAME ## _name_obj, \ 840 NULL, \ 841 CONST_new_ ## NAME ## _ctx_p, \ 842 (unsigned char*)view.buf, view.len); \ 843 PyBuffer_Release(&view); \ 844 return ret_obj; \ 845 } 846 847 /* a PyMethodDef structure for the constructor */ 848 #define CONSTRUCTOR_METH_DEF(NAME) \ 849 {"openssl_" #NAME, (PyCFunction)EVP_new_ ## NAME, METH_VARARGS, \ 850 PyDoc_STR("Returns a " #NAME \ 851 " hash object; optionally initialized with a string") \ 852 } 853 854 /* used in the init function to setup a constructor: initialize OpenSSL 855 constructor constants if they haven't been initialized already. */ 856 #define INIT_CONSTRUCTOR_CONSTANTS(NAME) do { \ 857 if (CONST_ ## NAME ## _name_obj == NULL) { \ 858 CONST_ ## NAME ## _name_obj = PyString_FromString(#NAME); \ 859 if (EVP_get_digestbyname(#NAME)) { \ 860 CONST_new_ ## NAME ## _ctx_p = EVP_MD_CTX_new(); \ 861 EVP_DigestInit(CONST_new_ ## NAME ## _ctx_p, EVP_get_digestbyname(#NAME)); \ 862 } \ 863 } \ 864 } while (0); 865 866 GEN_CONSTRUCTOR(md5) 867 GEN_CONSTRUCTOR(sha1) 868 #ifdef _OPENSSL_SUPPORTS_SHA2 869 GEN_CONSTRUCTOR(sha224) 870 GEN_CONSTRUCTOR(sha256) 871 GEN_CONSTRUCTOR(sha384) 872 GEN_CONSTRUCTOR(sha512) 873 #endif 874 875 /* List of functions exported by this module */ 876 877 static struct PyMethodDef EVP_functions[] = { 878 {"new", (PyCFunction)EVP_new, METH_VARARGS|METH_KEYWORDS, EVP_new__doc__}, 879 CONSTRUCTOR_METH_DEF(md5), 880 CONSTRUCTOR_METH_DEF(sha1), 881 #ifdef _OPENSSL_SUPPORTS_SHA2 882 CONSTRUCTOR_METH_DEF(sha224), 883 CONSTRUCTOR_METH_DEF(sha256), 884 CONSTRUCTOR_METH_DEF(sha384), 885 CONSTRUCTOR_METH_DEF(sha512), 886 #endif 887 #ifdef PY_PBKDF2_HMAC 888 {"pbkdf2_hmac", (PyCFunction)pbkdf2_hmac, METH_VARARGS|METH_KEYWORDS, 889 pbkdf2_hmac__doc__}, 890 #endif 891 {NULL, NULL} /* Sentinel */ 892 }; 893 894 895 /* Initialize this module. */ 896 897 PyMODINIT_FUNC 898 init_hashlib(void) 899 { 900 PyObject *m, *openssl_md_meth_names; 901 902 OpenSSL_add_all_digests(); 903 ERR_load_crypto_strings(); 904 905 /* TODO build EVP_functions openssl_* entries dynamically based 906 * on what hashes are supported rather than listing many 907 * but having some be unsupported. Only init appropriate 908 * constants. */ 909 910 Py_TYPE(&EVPtype) = &PyType_Type; 911 if (PyType_Ready(&EVPtype) < 0) 912 return; 913 914 m = Py_InitModule("_hashlib", EVP_functions); 915 if (m == NULL) 916 return; 917 918 openssl_md_meth_names = generate_hash_name_list(); 919 if (openssl_md_meth_names == NULL) { 920 return; 921 } 922 if (PyModule_AddObject(m, "openssl_md_meth_names", openssl_md_meth_names)) { 923 return; 924 } 925 926 #if HASH_OBJ_CONSTRUCTOR 927 Py_INCREF(&EVPtype); 928 PyModule_AddObject(m, "HASH", (PyObject *)&EVPtype); 929 #endif 930 931 /* these constants are used by the convenience constructors */ 932 INIT_CONSTRUCTOR_CONSTANTS(md5); 933 INIT_CONSTRUCTOR_CONSTANTS(sha1); 934 #ifdef _OPENSSL_SUPPORTS_SHA2 935 INIT_CONSTRUCTOR_CONSTANTS(sha224); 936 INIT_CONSTRUCTOR_CONSTANTS(sha256); 937 INIT_CONSTRUCTOR_CONSTANTS(sha384); 938 INIT_CONSTRUCTOR_CONSTANTS(sha512); 939 #endif 940 } 941