1 /* Module that wraps all OpenSSL hash algorithms */ 2 3 /* 4 * Copyright (C) 2005-2010 Gregory P. Smith (greg (at) krypto.org) 5 * Licensed to PSF under a Contributor Agreement. 6 * 7 * Derived from a skeleton of shamodule.c containing work performed by: 8 * 9 * Andrew Kuchling (amk (at) amk.ca) 10 * Greg Stein (gstein (at) lyra.org) 11 * 12 */ 13 14 #define PY_SSIZE_T_CLEAN 15 16 #include "Python.h" 17 #include "structmember.h" 18 #include "hashlib.h" 19 #include "pystrhex.h" 20 21 22 /* EVP is the preferred interface to hashing in OpenSSL */ 23 #include <openssl/evp.h> 24 /* We use the object interface to discover what hashes OpenSSL supports. */ 25 #include <openssl/objects.h> 26 #include "openssl/err.h" 27 28 #include "clinic/_hashopenssl.c.h" 29 /*[clinic input] 30 module _hashlib 31 [clinic start generated code]*/ 32 /*[clinic end generated code: output=da39a3ee5e6b4b0d input=c2b4ff081bac4be1]*/ 33 34 #define MUNCH_SIZE INT_MAX 35 36 #ifndef HASH_OBJ_CONSTRUCTOR 37 #define HASH_OBJ_CONSTRUCTOR 0 38 #endif 39 40 #if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) 41 /* OpenSSL < 1.1.0 */ 42 #define EVP_MD_CTX_new EVP_MD_CTX_create 43 #define EVP_MD_CTX_free EVP_MD_CTX_destroy 44 #define HAS_FAST_PKCS5_PBKDF2_HMAC 0 45 #include <openssl/hmac.h> 46 #else 47 /* OpenSSL >= 1.1.0 */ 48 #define HAS_FAST_PKCS5_PBKDF2_HMAC 1 49 #endif 50 51 52 typedef struct { 53 PyObject_HEAD 54 PyObject *name; /* name of this hash algorithm */ 55 EVP_MD_CTX *ctx; /* OpenSSL message digest context */ 56 #ifdef WITH_THREAD 57 PyThread_type_lock lock; /* OpenSSL context lock */ 58 #endif 59 } EVPobject; 60 61 62 static PyTypeObject EVPtype; 63 64 65 #define DEFINE_CONSTS_FOR_NEW(Name) \ 66 static PyObject *CONST_ ## Name ## _name_obj = NULL; \ 67 static EVP_MD_CTX *CONST_new_ ## Name ## _ctx_p = NULL; 68 69 DEFINE_CONSTS_FOR_NEW(md5) 70 DEFINE_CONSTS_FOR_NEW(sha1) 71 DEFINE_CONSTS_FOR_NEW(sha224) 72 DEFINE_CONSTS_FOR_NEW(sha256) 73 DEFINE_CONSTS_FOR_NEW(sha384) 74 DEFINE_CONSTS_FOR_NEW(sha512) 75 76 77 /* LCOV_EXCL_START */ 78 static PyObject * 79 _setException(PyObject *exc) 80 { 81 unsigned long errcode; 82 const char *lib, *func, *reason; 83 84 errcode = ERR_peek_last_error(); 85 if (!errcode) { 86 PyErr_SetString(exc, "unknown reasons"); 87 return NULL; 88 } 89 ERR_clear_error(); 90 91 lib = ERR_lib_error_string(errcode); 92 func = ERR_func_error_string(errcode); 93 reason = ERR_reason_error_string(errcode); 94 95 if (lib && func) { 96 PyErr_Format(exc, "[%s: %s] %s", lib, func, reason); 97 } 98 else if (lib) { 99 PyErr_Format(exc, "[%s] %s", lib, reason); 100 } 101 else { 102 PyErr_SetString(exc, reason); 103 } 104 return NULL; 105 } 106 /* LCOV_EXCL_STOP */ 107 108 static EVPobject * 109 newEVPobject(PyObject *name) 110 { 111 EVPobject *retval = (EVPobject *)PyObject_New(EVPobject, &EVPtype); 112 if (retval == NULL) { 113 return NULL; 114 } 115 116 retval->ctx = EVP_MD_CTX_new(); 117 if (retval->ctx == NULL) { 118 PyErr_NoMemory(); 119 return NULL; 120 } 121 122 /* save the name for .name to return */ 123 Py_INCREF(name); 124 retval->name = name; 125 #ifdef WITH_THREAD 126 retval->lock = NULL; 127 #endif 128 129 return retval; 130 } 131 132 static void 133 EVP_hash(EVPobject *self, const void *vp, Py_ssize_t len) 134 { 135 unsigned int process; 136 const unsigned char *cp = (const unsigned char *)vp; 137 while (0 < len) { 138 if (len > (Py_ssize_t)MUNCH_SIZE) 139 process = MUNCH_SIZE; 140 else 141 process = Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int); 142 EVP_DigestUpdate(self->ctx, (const void*)cp, process); 143 len -= process; 144 cp += process; 145 } 146 } 147 148 /* Internal methods for a hash object */ 149 150 static void 151 EVP_dealloc(EVPobject *self) 152 { 153 #ifdef WITH_THREAD 154 if (self->lock != NULL) 155 PyThread_free_lock(self->lock); 156 #endif 157 EVP_MD_CTX_free(self->ctx); 158 Py_XDECREF(self->name); 159 PyObject_Del(self); 160 } 161 162 static int 163 locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self) 164 { 165 int result; 166 ENTER_HASHLIB(self); 167 result = EVP_MD_CTX_copy(new_ctx_p, self->ctx); 168 LEAVE_HASHLIB(self); 169 return result; 170 } 171 172 /* External methods for a hash object */ 173 174 PyDoc_STRVAR(EVP_copy__doc__, "Return a copy of the hash object."); 175 176 177 static PyObject * 178 EVP_copy(EVPobject *self, PyObject *unused) 179 { 180 EVPobject *newobj; 181 182 if ( (newobj = newEVPobject(self->name))==NULL) 183 return NULL; 184 185 if (!locked_EVP_MD_CTX_copy(newobj->ctx, self)) { 186 return _setException(PyExc_ValueError); 187 } 188 return (PyObject *)newobj; 189 } 190 191 PyDoc_STRVAR(EVP_digest__doc__, 192 "Return the digest value as a string of binary data."); 193 194 static PyObject * 195 EVP_digest(EVPobject *self, PyObject *unused) 196 { 197 unsigned char digest[EVP_MAX_MD_SIZE]; 198 EVP_MD_CTX *temp_ctx; 199 PyObject *retval; 200 unsigned int digest_size; 201 202 temp_ctx = EVP_MD_CTX_new(); 203 if (temp_ctx == NULL) { 204 PyErr_NoMemory(); 205 return NULL; 206 } 207 208 if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { 209 return _setException(PyExc_ValueError); 210 } 211 digest_size = EVP_MD_CTX_size(temp_ctx); 212 EVP_DigestFinal(temp_ctx, digest, NULL); 213 214 retval = PyBytes_FromStringAndSize((const char *)digest, digest_size); 215 EVP_MD_CTX_free(temp_ctx); 216 return retval; 217 } 218 219 PyDoc_STRVAR(EVP_hexdigest__doc__, 220 "Return the digest value as a string of hexadecimal digits."); 221 222 static PyObject * 223 EVP_hexdigest(EVPobject *self, PyObject *unused) 224 { 225 unsigned char digest[EVP_MAX_MD_SIZE]; 226 EVP_MD_CTX *temp_ctx; 227 unsigned int digest_size; 228 229 temp_ctx = EVP_MD_CTX_new(); 230 if (temp_ctx == NULL) { 231 PyErr_NoMemory(); 232 return NULL; 233 } 234 235 /* Get the raw (binary) digest value */ 236 if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { 237 return _setException(PyExc_ValueError); 238 } 239 digest_size = EVP_MD_CTX_size(temp_ctx); 240 EVP_DigestFinal(temp_ctx, digest, NULL); 241 242 EVP_MD_CTX_free(temp_ctx); 243 244 return _Py_strhex((const char *)digest, digest_size); 245 } 246 247 PyDoc_STRVAR(EVP_update__doc__, 248 "Update this hash object's state with the provided string."); 249 250 static PyObject * 251 EVP_update(EVPobject *self, PyObject *args) 252 { 253 PyObject *obj; 254 Py_buffer view; 255 256 if (!PyArg_ParseTuple(args, "O:update", &obj)) 257 return NULL; 258 259 GET_BUFFER_VIEW_OR_ERROUT(obj, &view); 260 261 #ifdef WITH_THREAD 262 if (self->lock == NULL && view.len >= HASHLIB_GIL_MINSIZE) { 263 self->lock = PyThread_allocate_lock(); 264 /* fail? lock = NULL and we fail over to non-threaded code. */ 265 } 266 267 if (self->lock != NULL) { 268 Py_BEGIN_ALLOW_THREADS 269 PyThread_acquire_lock(self->lock, 1); 270 EVP_hash(self, view.buf, view.len); 271 PyThread_release_lock(self->lock); 272 Py_END_ALLOW_THREADS 273 } else { 274 EVP_hash(self, view.buf, view.len); 275 } 276 #else 277 EVP_hash(self, view.buf, view.len); 278 #endif 279 280 PyBuffer_Release(&view); 281 Py_RETURN_NONE; 282 } 283 284 static PyMethodDef EVP_methods[] = { 285 {"update", (PyCFunction)EVP_update, METH_VARARGS, EVP_update__doc__}, 286 {"digest", (PyCFunction)EVP_digest, METH_NOARGS, EVP_digest__doc__}, 287 {"hexdigest", (PyCFunction)EVP_hexdigest, METH_NOARGS, EVP_hexdigest__doc__}, 288 {"copy", (PyCFunction)EVP_copy, METH_NOARGS, EVP_copy__doc__}, 289 {NULL, NULL} /* sentinel */ 290 }; 291 292 static PyObject * 293 EVP_get_block_size(EVPobject *self, void *closure) 294 { 295 long block_size; 296 block_size = EVP_MD_CTX_block_size(self->ctx); 297 return PyLong_FromLong(block_size); 298 } 299 300 static PyObject * 301 EVP_get_digest_size(EVPobject *self, void *closure) 302 { 303 long size; 304 size = EVP_MD_CTX_size(self->ctx); 305 return PyLong_FromLong(size); 306 } 307 308 static PyMemberDef EVP_members[] = { 309 {"name", T_OBJECT, offsetof(EVPobject, name), READONLY, PyDoc_STR("algorithm name.")}, 310 {NULL} /* Sentinel */ 311 }; 312 313 static PyGetSetDef EVP_getseters[] = { 314 {"digest_size", 315 (getter)EVP_get_digest_size, NULL, 316 NULL, 317 NULL}, 318 {"block_size", 319 (getter)EVP_get_block_size, NULL, 320 NULL, 321 NULL}, 322 {NULL} /* Sentinel */ 323 }; 324 325 326 static PyObject * 327 EVP_repr(EVPobject *self) 328 { 329 return PyUnicode_FromFormat("<%U HASH object @ %p>", self->name, self); 330 } 331 332 #if HASH_OBJ_CONSTRUCTOR 333 static int 334 EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds) 335 { 336 static char *kwlist[] = {"name", "string", NULL}; 337 PyObject *name_obj = NULL; 338 PyObject *data_obj = NULL; 339 Py_buffer view; 340 char *nameStr; 341 const EVP_MD *digest; 342 343 if (!PyArg_ParseTupleAndKeywords(args, kwds, "O|O:HASH", kwlist, 344 &name_obj, &data_obj)) { 345 return -1; 346 } 347 348 if (data_obj) 349 GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view); 350 351 if (!PyArg_Parse(name_obj, "s", &nameStr)) { 352 PyErr_SetString(PyExc_TypeError, "name must be a string"); 353 if (data_obj) 354 PyBuffer_Release(&view); 355 return -1; 356 } 357 358 digest = EVP_get_digestbyname(nameStr); 359 if (!digest) { 360 PyErr_SetString(PyExc_ValueError, "unknown hash function"); 361 if (data_obj) 362 PyBuffer_Release(&view); 363 return -1; 364 } 365 EVP_DigestInit(self->ctx, digest); 366 367 self->name = name_obj; 368 Py_INCREF(self->name); 369 370 if (data_obj) { 371 if (view.len >= HASHLIB_GIL_MINSIZE) { 372 Py_BEGIN_ALLOW_THREADS 373 EVP_hash(self, view.buf, view.len); 374 Py_END_ALLOW_THREADS 375 } else { 376 EVP_hash(self, view.buf, view.len); 377 } 378 PyBuffer_Release(&view); 379 } 380 381 return 0; 382 } 383 #endif 384 385 386 PyDoc_STRVAR(hashtype_doc, 387 "A hash represents the object used to calculate a checksum of a\n\ 388 string of information.\n\ 389 \n\ 390 Methods:\n\ 391 \n\ 392 update() -- updates the current digest with an additional string\n\ 393 digest() -- return the current digest value\n\ 394 hexdigest() -- return the current digest as a string of hexadecimal digits\n\ 395 copy() -- return a copy of the current hash object\n\ 396 \n\ 397 Attributes:\n\ 398 \n\ 399 name -- the hash algorithm being used by this object\n\ 400 digest_size -- number of bytes in this hashes output\n"); 401 402 static PyTypeObject EVPtype = { 403 PyVarObject_HEAD_INIT(NULL, 0) 404 "_hashlib.HASH", /*tp_name*/ 405 sizeof(EVPobject), /*tp_basicsize*/ 406 0, /*tp_itemsize*/ 407 /* methods */ 408 (destructor)EVP_dealloc, /*tp_dealloc*/ 409 0, /*tp_print*/ 410 0, /*tp_getattr*/ 411 0, /*tp_setattr*/ 412 0, /*tp_reserved*/ 413 (reprfunc)EVP_repr, /*tp_repr*/ 414 0, /*tp_as_number*/ 415 0, /*tp_as_sequence*/ 416 0, /*tp_as_mapping*/ 417 0, /*tp_hash*/ 418 0, /*tp_call*/ 419 0, /*tp_str*/ 420 0, /*tp_getattro*/ 421 0, /*tp_setattro*/ 422 0, /*tp_as_buffer*/ 423 Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, /*tp_flags*/ 424 hashtype_doc, /*tp_doc*/ 425 0, /*tp_traverse*/ 426 0, /*tp_clear*/ 427 0, /*tp_richcompare*/ 428 0, /*tp_weaklistoffset*/ 429 0, /*tp_iter*/ 430 0, /*tp_iternext*/ 431 EVP_methods, /* tp_methods */ 432 EVP_members, /* tp_members */ 433 EVP_getseters, /* tp_getset */ 434 #if 1 435 0, /* tp_base */ 436 0, /* tp_dict */ 437 0, /* tp_descr_get */ 438 0, /* tp_descr_set */ 439 0, /* tp_dictoffset */ 440 #endif 441 #if HASH_OBJ_CONSTRUCTOR 442 (initproc)EVP_tp_init, /* tp_init */ 443 #endif 444 }; 445 446 static PyObject * 447 EVPnew(PyObject *name_obj, 448 const EVP_MD *digest, const EVP_MD_CTX *initial_ctx, 449 const unsigned char *cp, Py_ssize_t len) 450 { 451 EVPobject *self; 452 453 if (!digest && !initial_ctx) { 454 PyErr_SetString(PyExc_ValueError, "unsupported hash type"); 455 return NULL; 456 } 457 458 if ((self = newEVPobject(name_obj)) == NULL) 459 return NULL; 460 461 if (initial_ctx) { 462 EVP_MD_CTX_copy(self->ctx, initial_ctx); 463 } else { 464 EVP_DigestInit(self->ctx, digest); 465 } 466 467 if (cp && len) { 468 if (len >= HASHLIB_GIL_MINSIZE) { 469 Py_BEGIN_ALLOW_THREADS 470 EVP_hash(self, cp, len); 471 Py_END_ALLOW_THREADS 472 } else { 473 EVP_hash(self, cp, len); 474 } 475 } 476 477 return (PyObject *)self; 478 } 479 480 481 /* The module-level function: new() */ 482 483 PyDoc_STRVAR(EVP_new__doc__, 484 "Return a new hash object using the named algorithm.\n\ 485 An optional string argument may be provided and will be\n\ 486 automatically hashed.\n\ 487 \n\ 488 The MD5 and SHA1 algorithms are always supported.\n"); 489 490 static PyObject * 491 EVP_new(PyObject *self, PyObject *args, PyObject *kwdict) 492 { 493 static char *kwlist[] = {"name", "string", NULL}; 494 PyObject *name_obj = NULL; 495 PyObject *data_obj = NULL; 496 Py_buffer view = { 0 }; 497 PyObject *ret_obj; 498 char *name; 499 const EVP_MD *digest; 500 501 if (!PyArg_ParseTupleAndKeywords(args, kwdict, "O|O:new", kwlist, 502 &name_obj, &data_obj)) { 503 return NULL; 504 } 505 506 if (!PyArg_Parse(name_obj, "s", &name)) { 507 PyErr_SetString(PyExc_TypeError, "name must be a string"); 508 return NULL; 509 } 510 511 if (data_obj) 512 GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view); 513 514 digest = EVP_get_digestbyname(name); 515 516 ret_obj = EVPnew(name_obj, digest, NULL, (unsigned char*)view.buf, view.len); 517 518 if (data_obj) 519 PyBuffer_Release(&view); 520 return ret_obj; 521 } 522 523 524 525 #if (OPENSSL_VERSION_NUMBER >= 0x10000000 && !defined(OPENSSL_NO_HMAC) \ 526 && !defined(OPENSSL_NO_SHA)) 527 528 #define PY_PBKDF2_HMAC 1 529 530 #if !HAS_FAST_PKCS5_PBKDF2_HMAC 531 /* Improved implementation of PKCS5_PBKDF2_HMAC() 532 * 533 * PKCS5_PBKDF2_HMAC_fast() hashes the password exactly one time instead of 534 * `iter` times. Today (2013) the iteration count is typically 100,000 or 535 * more. The improved algorithm is not subject to a Denial-of-Service 536 * vulnerability with overly large passwords. 537 * 538 * Also OpenSSL < 1.0 don't provide PKCS5_PBKDF2_HMAC(), only 539 * PKCS5_PBKDF2_SHA1. 540 */ 541 static int 542 PKCS5_PBKDF2_HMAC_fast(const char *pass, int passlen, 543 const unsigned char *salt, int saltlen, 544 int iter, const EVP_MD *digest, 545 int keylen, unsigned char *out) 546 { 547 unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; 548 int cplen, j, k, tkeylen, mdlen; 549 unsigned long i = 1; 550 HMAC_CTX hctx_tpl, hctx; 551 552 mdlen = EVP_MD_size(digest); 553 if (mdlen < 0) 554 return 0; 555 556 HMAC_CTX_init(&hctx_tpl); 557 HMAC_CTX_init(&hctx); 558 p = out; 559 tkeylen = keylen; 560 if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) { 561 HMAC_CTX_cleanup(&hctx_tpl); 562 return 0; 563 } 564 while (tkeylen) { 565 if (tkeylen > mdlen) 566 cplen = mdlen; 567 else 568 cplen = tkeylen; 569 /* We are unlikely to ever use more than 256 blocks (5120 bits!) 570 * but just in case... 571 */ 572 itmp[0] = (unsigned char)((i >> 24) & 0xff); 573 itmp[1] = (unsigned char)((i >> 16) & 0xff); 574 itmp[2] = (unsigned char)((i >> 8) & 0xff); 575 itmp[3] = (unsigned char)(i & 0xff); 576 if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { 577 HMAC_CTX_cleanup(&hctx_tpl); 578 return 0; 579 } 580 if (!HMAC_Update(&hctx, salt, saltlen) 581 || !HMAC_Update(&hctx, itmp, 4) 582 || !HMAC_Final(&hctx, digtmp, NULL)) { 583 HMAC_CTX_cleanup(&hctx_tpl); 584 HMAC_CTX_cleanup(&hctx); 585 return 0; 586 } 587 HMAC_CTX_cleanup(&hctx); 588 memcpy(p, digtmp, cplen); 589 for (j = 1; j < iter; j++) { 590 if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { 591 HMAC_CTX_cleanup(&hctx_tpl); 592 return 0; 593 } 594 if (!HMAC_Update(&hctx, digtmp, mdlen) 595 || !HMAC_Final(&hctx, digtmp, NULL)) { 596 HMAC_CTX_cleanup(&hctx_tpl); 597 HMAC_CTX_cleanup(&hctx); 598 return 0; 599 } 600 HMAC_CTX_cleanup(&hctx); 601 for (k = 0; k < cplen; k++) { 602 p[k] ^= digtmp[k]; 603 } 604 } 605 tkeylen-= cplen; 606 i++; 607 p+= cplen; 608 } 609 HMAC_CTX_cleanup(&hctx_tpl); 610 return 1; 611 } 612 #endif 613 614 615 PyDoc_STRVAR(pbkdf2_hmac__doc__, 616 "pbkdf2_hmac(hash_name, password, salt, iterations, dklen=None) -> key\n\ 617 \n\ 618 Password based key derivation function 2 (PKCS #5 v2.0) with HMAC as\n\ 619 pseudorandom function."); 620 621 static PyObject * 622 pbkdf2_hmac(PyObject *self, PyObject *args, PyObject *kwdict) 623 { 624 static char *kwlist[] = {"hash_name", "password", "salt", "iterations", 625 "dklen", NULL}; 626 PyObject *key_obj = NULL, *dklen_obj = Py_None; 627 char *name, *key; 628 Py_buffer password, salt; 629 long iterations, dklen; 630 int retval; 631 const EVP_MD *digest; 632 633 if (!PyArg_ParseTupleAndKeywords(args, kwdict, "sy*y*l|O:pbkdf2_hmac", 634 kwlist, &name, &password, &salt, 635 &iterations, &dklen_obj)) { 636 return NULL; 637 } 638 639 digest = EVP_get_digestbyname(name); 640 if (digest == NULL) { 641 PyErr_SetString(PyExc_ValueError, "unsupported hash type"); 642 goto end; 643 } 644 645 if (password.len > INT_MAX) { 646 PyErr_SetString(PyExc_OverflowError, 647 "password is too long."); 648 goto end; 649 } 650 651 if (salt.len > INT_MAX) { 652 PyErr_SetString(PyExc_OverflowError, 653 "salt is too long."); 654 goto end; 655 } 656 657 if (iterations < 1) { 658 PyErr_SetString(PyExc_ValueError, 659 "iteration value must be greater than 0."); 660 goto end; 661 } 662 if (iterations > INT_MAX) { 663 PyErr_SetString(PyExc_OverflowError, 664 "iteration value is too great."); 665 goto end; 666 } 667 668 if (dklen_obj == Py_None) { 669 dklen = EVP_MD_size(digest); 670 } else { 671 dklen = PyLong_AsLong(dklen_obj); 672 if ((dklen == -1) && PyErr_Occurred()) { 673 goto end; 674 } 675 } 676 if (dklen < 1) { 677 PyErr_SetString(PyExc_ValueError, 678 "key length must be greater than 0."); 679 goto end; 680 } 681 if (dklen > INT_MAX) { 682 /* INT_MAX is always smaller than dkLen max (2^32 - 1) * hLen */ 683 PyErr_SetString(PyExc_OverflowError, 684 "key length is too great."); 685 goto end; 686 } 687 688 key_obj = PyBytes_FromStringAndSize(NULL, dklen); 689 if (key_obj == NULL) { 690 goto end; 691 } 692 key = PyBytes_AS_STRING(key_obj); 693 694 Py_BEGIN_ALLOW_THREADS 695 #if HAS_FAST_PKCS5_PBKDF2_HMAC 696 retval = PKCS5_PBKDF2_HMAC((char*)password.buf, (int)password.len, 697 (unsigned char *)salt.buf, (int)salt.len, 698 iterations, digest, dklen, 699 (unsigned char *)key); 700 #else 701 retval = PKCS5_PBKDF2_HMAC_fast((char*)password.buf, (int)password.len, 702 (unsigned char *)salt.buf, (int)salt.len, 703 iterations, digest, dklen, 704 (unsigned char *)key); 705 #endif 706 Py_END_ALLOW_THREADS 707 708 if (!retval) { 709 Py_CLEAR(key_obj); 710 _setException(PyExc_ValueError); 711 goto end; 712 } 713 714 end: 715 PyBuffer_Release(&password); 716 PyBuffer_Release(&salt); 717 return key_obj; 718 } 719 720 #endif 721 722 #if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_SCRYPT) && !defined(LIBRESSL_VERSION_NUMBER) 723 #define PY_SCRYPT 1 724 725 /*[clinic input] 726 _hashlib.scrypt 727 728 password: Py_buffer 729 * 730 salt: Py_buffer = None 731 n as n_obj: object(subclass_of='&PyLong_Type') = None 732 r as r_obj: object(subclass_of='&PyLong_Type') = None 733 p as p_obj: object(subclass_of='&PyLong_Type') = None 734 maxmem: long = 0 735 dklen: long = 64 736 737 738 scrypt password-based key derivation function. 739 [clinic start generated code]*/ 740 741 static PyObject * 742 _hashlib_scrypt_impl(PyObject *module, Py_buffer *password, Py_buffer *salt, 743 PyObject *n_obj, PyObject *r_obj, PyObject *p_obj, 744 long maxmem, long dklen) 745 /*[clinic end generated code: output=14849e2aa2b7b46c input=48a7d63bf3f75c42]*/ 746 { 747 PyObject *key_obj = NULL; 748 char *key; 749 int retval; 750 unsigned long n, r, p; 751 752 if (password->len > INT_MAX) { 753 PyErr_SetString(PyExc_OverflowError, 754 "password is too long."); 755 return NULL; 756 } 757 758 if (salt->buf == NULL) { 759 PyErr_SetString(PyExc_TypeError, 760 "salt is required"); 761 return NULL; 762 } 763 if (salt->len > INT_MAX) { 764 PyErr_SetString(PyExc_OverflowError, 765 "salt is too long."); 766 return NULL; 767 } 768 769 n = PyLong_AsUnsignedLong(n_obj); 770 if (n == (unsigned long) -1 && PyErr_Occurred()) { 771 PyErr_SetString(PyExc_TypeError, 772 "n is required and must be an unsigned int"); 773 return NULL; 774 } 775 if (n < 2 || n & (n - 1)) { 776 PyErr_SetString(PyExc_ValueError, 777 "n must be a power of 2."); 778 return NULL; 779 } 780 781 r = PyLong_AsUnsignedLong(r_obj); 782 if (r == (unsigned long) -1 && PyErr_Occurred()) { 783 PyErr_SetString(PyExc_TypeError, 784 "r is required and must be an unsigned int"); 785 return NULL; 786 } 787 788 p = PyLong_AsUnsignedLong(p_obj); 789 if (p == (unsigned long) -1 && PyErr_Occurred()) { 790 PyErr_SetString(PyExc_TypeError, 791 "p is required and must be an unsigned int"); 792 return NULL; 793 } 794 795 if (maxmem < 0 || maxmem > INT_MAX) { 796 /* OpenSSL 1.1.0 restricts maxmem to 32MB. It may change in the 797 future. The maxmem constant is private to OpenSSL. */ 798 PyErr_Format(PyExc_ValueError, 799 "maxmem must be positive and smaller than %d", 800 INT_MAX); 801 return NULL; 802 } 803 804 if (dklen < 1 || dklen > INT_MAX) { 805 PyErr_Format(PyExc_ValueError, 806 "dklen must be greater than 0 and smaller than %d", 807 INT_MAX); 808 return NULL; 809 } 810 811 /* let OpenSSL validate the rest */ 812 retval = EVP_PBE_scrypt(NULL, 0, NULL, 0, n, r, p, maxmem, NULL, 0); 813 if (!retval) { 814 /* sorry, can't do much better */ 815 PyErr_SetString(PyExc_ValueError, 816 "Invalid paramemter combination for n, r, p, maxmem."); 817 return NULL; 818 } 819 820 key_obj = PyBytes_FromStringAndSize(NULL, dklen); 821 if (key_obj == NULL) { 822 return NULL; 823 } 824 key = PyBytes_AS_STRING(key_obj); 825 826 Py_BEGIN_ALLOW_THREADS 827 retval = EVP_PBE_scrypt( 828 (const char*)password->buf, (size_t)password->len, 829 (const unsigned char *)salt->buf, (size_t)salt->len, 830 n, r, p, maxmem, 831 (unsigned char *)key, (size_t)dklen 832 ); 833 Py_END_ALLOW_THREADS 834 835 if (!retval) { 836 Py_CLEAR(key_obj); 837 _setException(PyExc_ValueError); 838 return NULL; 839 } 840 return key_obj; 841 } 842 #endif 843 844 /* State for our callback function so that it can accumulate a result. */ 845 typedef struct _internal_name_mapper_state { 846 PyObject *set; 847 int error; 848 } _InternalNameMapperState; 849 850 851 /* A callback function to pass to OpenSSL's OBJ_NAME_do_all(...) */ 852 static void 853 _openssl_hash_name_mapper(const OBJ_NAME *openssl_obj_name, void *arg) 854 { 855 _InternalNameMapperState *state = (_InternalNameMapperState *)arg; 856 PyObject *py_name; 857 858 assert(state != NULL); 859 if (openssl_obj_name == NULL) 860 return; 861 /* Ignore aliased names, they pollute the list and OpenSSL appears to 862 * have its own definition of alias as the resulting list still 863 * contains duplicate and alternate names for several algorithms. */ 864 if (openssl_obj_name->alias) 865 return; 866 867 py_name = PyUnicode_FromString(openssl_obj_name->name); 868 if (py_name == NULL) { 869 state->error = 1; 870 } else { 871 if (PySet_Add(state->set, py_name) != 0) { 872 state->error = 1; 873 } 874 Py_DECREF(py_name); 875 } 876 } 877 878 879 /* Ask OpenSSL for a list of supported ciphers, filling in a Python set. */ 880 static PyObject* 881 generate_hash_name_list(void) 882 { 883 _InternalNameMapperState state; 884 state.set = PyFrozenSet_New(NULL); 885 if (state.set == NULL) 886 return NULL; 887 state.error = 0; 888 889 OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, &_openssl_hash_name_mapper, &state); 890 891 if (state.error) { 892 Py_DECREF(state.set); 893 return NULL; 894 } 895 return state.set; 896 } 897 898 899 /* 900 * This macro generates constructor function definitions for specific 901 * hash algorithms. These constructors are much faster than calling 902 * the generic one passing it a python string and are noticeably 903 * faster than calling a python new() wrapper. Thats important for 904 * code that wants to make hashes of a bunch of small strings. 905 */ 906 #define GEN_CONSTRUCTOR(NAME) \ 907 static PyObject * \ 908 EVP_new_ ## NAME (PyObject *self, PyObject *args) \ 909 { \ 910 PyObject *data_obj = NULL; \ 911 Py_buffer view = { 0 }; \ 912 PyObject *ret_obj; \ 913 \ 914 if (!PyArg_ParseTuple(args, "|O:" #NAME , &data_obj)) { \ 915 return NULL; \ 916 } \ 917 \ 918 if (data_obj) \ 919 GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view); \ 920 \ 921 ret_obj = EVPnew( \ 922 CONST_ ## NAME ## _name_obj, \ 923 NULL, \ 924 CONST_new_ ## NAME ## _ctx_p, \ 925 (unsigned char*)view.buf, \ 926 view.len); \ 927 \ 928 if (data_obj) \ 929 PyBuffer_Release(&view); \ 930 return ret_obj; \ 931 } 932 933 /* a PyMethodDef structure for the constructor */ 934 #define CONSTRUCTOR_METH_DEF(NAME) \ 935 {"openssl_" #NAME, (PyCFunction)EVP_new_ ## NAME, METH_VARARGS, \ 936 PyDoc_STR("Returns a " #NAME \ 937 " hash object; optionally initialized with a string") \ 938 } 939 940 /* used in the init function to setup a constructor: initialize OpenSSL 941 constructor constants if they haven't been initialized already. */ 942 #define INIT_CONSTRUCTOR_CONSTANTS(NAME) do { \ 943 if (CONST_ ## NAME ## _name_obj == NULL) { \ 944 CONST_ ## NAME ## _name_obj = PyUnicode_FromString(#NAME); \ 945 if (EVP_get_digestbyname(#NAME)) { \ 946 CONST_new_ ## NAME ## _ctx_p = EVP_MD_CTX_new(); \ 947 EVP_DigestInit(CONST_new_ ## NAME ## _ctx_p, EVP_get_digestbyname(#NAME)); \ 948 } \ 949 } \ 950 } while (0); 951 952 GEN_CONSTRUCTOR(md5) 953 GEN_CONSTRUCTOR(sha1) 954 GEN_CONSTRUCTOR(sha224) 955 GEN_CONSTRUCTOR(sha256) 956 GEN_CONSTRUCTOR(sha384) 957 GEN_CONSTRUCTOR(sha512) 958 959 /* List of functions exported by this module */ 960 961 static struct PyMethodDef EVP_functions[] = { 962 {"new", (PyCFunction)EVP_new, METH_VARARGS|METH_KEYWORDS, EVP_new__doc__}, 963 #ifdef PY_PBKDF2_HMAC 964 {"pbkdf2_hmac", (PyCFunction)pbkdf2_hmac, METH_VARARGS|METH_KEYWORDS, 965 pbkdf2_hmac__doc__}, 966 #endif 967 _HASHLIB_SCRYPT_METHODDEF 968 CONSTRUCTOR_METH_DEF(md5), 969 CONSTRUCTOR_METH_DEF(sha1), 970 CONSTRUCTOR_METH_DEF(sha224), 971 CONSTRUCTOR_METH_DEF(sha256), 972 CONSTRUCTOR_METH_DEF(sha384), 973 CONSTRUCTOR_METH_DEF(sha512), 974 {NULL, NULL} /* Sentinel */ 975 }; 976 977 978 /* Initialize this module. */ 979 980 981 static struct PyModuleDef _hashlibmodule = { 982 PyModuleDef_HEAD_INIT, 983 "_hashlib", 984 NULL, 985 -1, 986 EVP_functions, 987 NULL, 988 NULL, 989 NULL, 990 NULL 991 }; 992 993 PyMODINIT_FUNC 994 PyInit__hashlib(void) 995 { 996 PyObject *m, *openssl_md_meth_names; 997 998 OpenSSL_add_all_digests(); 999 ERR_load_crypto_strings(); 1000 1001 /* TODO build EVP_functions openssl_* entries dynamically based 1002 * on what hashes are supported rather than listing many 1003 * but having some be unsupported. Only init appropriate 1004 * constants. */ 1005 1006 Py_TYPE(&EVPtype) = &PyType_Type; 1007 if (PyType_Ready(&EVPtype) < 0) 1008 return NULL; 1009 1010 m = PyModule_Create(&_hashlibmodule); 1011 if (m == NULL) 1012 return NULL; 1013 1014 openssl_md_meth_names = generate_hash_name_list(); 1015 if (openssl_md_meth_names == NULL) { 1016 Py_DECREF(m); 1017 return NULL; 1018 } 1019 if (PyModule_AddObject(m, "openssl_md_meth_names", openssl_md_meth_names)) { 1020 Py_DECREF(m); 1021 return NULL; 1022 } 1023 1024 Py_INCREF((PyObject *)&EVPtype); 1025 PyModule_AddObject(m, "HASH", (PyObject *)&EVPtype); 1026 1027 /* these constants are used by the convenience constructors */ 1028 INIT_CONSTRUCTOR_CONSTANTS(md5); 1029 INIT_CONSTRUCTOR_CONSTANTS(sha1); 1030 INIT_CONSTRUCTOR_CONSTANTS(sha224); 1031 INIT_CONSTRUCTOR_CONSTANTS(sha256); 1032 INIT_CONSTRUCTOR_CONSTANTS(sha384); 1033 INIT_CONSTRUCTOR_CONSTANTS(sha512); 1034 return m; 1035 } 1036