1/* Module that wraps all OpenSSL hash algorithms */ 2 3/* 4 * Copyright (C) 2005-2010 Gregory P. Smith (greg@krypto.org) 5 * Licensed to PSF under a Contributor Agreement. 6 * 7 * Derived from a skeleton of shamodule.c containing work performed by: 8 * 9 * Andrew Kuchling (amk@amk.ca) 10 * Greg Stein (gstein@lyra.org) 11 * 12 */ 13 14#define PY_SSIZE_T_CLEAN 15 16#include "Python.h" 17#include "structmember.h" 18#include "hashlib.h" 19#include "pystrhex.h" 20 21 22/* EVP is the preferred interface to hashing in OpenSSL */ 23#include <openssl/evp.h> 24/* We use the object interface to discover what hashes OpenSSL supports. */ 25#include <openssl/objects.h> 26#include "openssl/err.h" 27 28#include "clinic/_hashopenssl.c.h" 29/*[clinic input] 30module _hashlib 31[clinic start generated code]*/ 32/*[clinic end generated code: output=da39a3ee5e6b4b0d input=c2b4ff081bac4be1]*/ 33 34#define MUNCH_SIZE INT_MAX 35 36#ifndef HASH_OBJ_CONSTRUCTOR 37#define HASH_OBJ_CONSTRUCTOR 0 38#endif 39 40#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) 41/* OpenSSL < 1.1.0 */ 42#define EVP_MD_CTX_new EVP_MD_CTX_create 43#define EVP_MD_CTX_free EVP_MD_CTX_destroy 44#define HAS_FAST_PKCS5_PBKDF2_HMAC 0 45#include <openssl/hmac.h> 46#else 47/* OpenSSL >= 1.1.0 */ 48#define HAS_FAST_PKCS5_PBKDF2_HMAC 1 49#endif 50 51 52typedef struct { 53 PyObject_HEAD 54 PyObject *name; /* name of this hash algorithm */ 55 EVP_MD_CTX *ctx; /* OpenSSL message digest context */ 56#ifdef WITH_THREAD 57 PyThread_type_lock lock; /* OpenSSL context lock */ 58#endif 59} EVPobject; 60 61 62static PyTypeObject EVPtype; 63 64 65#define DEFINE_CONSTS_FOR_NEW(Name) \ 66 static PyObject *CONST_ ## Name ## _name_obj = NULL; \ 67 static EVP_MD_CTX *CONST_new_ ## Name ## _ctx_p = NULL; 68 69DEFINE_CONSTS_FOR_NEW(md5) 70DEFINE_CONSTS_FOR_NEW(sha1) 71DEFINE_CONSTS_FOR_NEW(sha224) 72DEFINE_CONSTS_FOR_NEW(sha256) 73DEFINE_CONSTS_FOR_NEW(sha384) 74DEFINE_CONSTS_FOR_NEW(sha512) 75 76 77/* LCOV_EXCL_START */ 78static PyObject * 79_setException(PyObject *exc) 80{ 81 unsigned long errcode; 82 const char *lib, *func, *reason; 83 84 errcode = ERR_peek_last_error(); 85 if (!errcode) { 86 PyErr_SetString(exc, "unknown reasons"); 87 return NULL; 88 } 89 ERR_clear_error(); 90 91 lib = ERR_lib_error_string(errcode); 92 func = ERR_func_error_string(errcode); 93 reason = ERR_reason_error_string(errcode); 94 95 if (lib && func) { 96 PyErr_Format(exc, "[%s: %s] %s", lib, func, reason); 97 } 98 else if (lib) { 99 PyErr_Format(exc, "[%s] %s", lib, reason); 100 } 101 else { 102 PyErr_SetString(exc, reason); 103 } 104 return NULL; 105} 106/* LCOV_EXCL_STOP */ 107 108static EVPobject * 109newEVPobject(PyObject *name) 110{ 111 EVPobject *retval = (EVPobject *)PyObject_New(EVPobject, &EVPtype); 112 if (retval == NULL) { 113 return NULL; 114 } 115 116 retval->ctx = EVP_MD_CTX_new(); 117 if (retval->ctx == NULL) { 118 PyErr_NoMemory(); 119 return NULL; 120 } 121 122 /* save the name for .name to return */ 123 Py_INCREF(name); 124 retval->name = name; 125#ifdef WITH_THREAD 126 retval->lock = NULL; 127#endif 128 129 return retval; 130} 131 132static void 133EVP_hash(EVPobject *self, const void *vp, Py_ssize_t len) 134{ 135 unsigned int process; 136 const unsigned char *cp = (const unsigned char *)vp; 137 while (0 < len) { 138 if (len > (Py_ssize_t)MUNCH_SIZE) 139 process = MUNCH_SIZE; 140 else 141 process = Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int); 142 EVP_DigestUpdate(self->ctx, (const void*)cp, process); 143 len -= process; 144 cp += process; 145 } 146} 147 148/* Internal methods for a hash object */ 149 150static void 151EVP_dealloc(EVPobject *self) 152{ 153#ifdef WITH_THREAD 154 if (self->lock != NULL) 155 PyThread_free_lock(self->lock); 156#endif 157 EVP_MD_CTX_free(self->ctx); 158 Py_XDECREF(self->name); 159 PyObject_Del(self); 160} 161 162static int 163locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self) 164{ 165 int result; 166 ENTER_HASHLIB(self); 167 result = EVP_MD_CTX_copy(new_ctx_p, self->ctx); 168 LEAVE_HASHLIB(self); 169 return result; 170} 171 172/* External methods for a hash object */ 173 174PyDoc_STRVAR(EVP_copy__doc__, "Return a copy of the hash object."); 175 176 177static PyObject * 178EVP_copy(EVPobject *self, PyObject *unused) 179{ 180 EVPobject *newobj; 181 182 if ( (newobj = newEVPobject(self->name))==NULL) 183 return NULL; 184 185 if (!locked_EVP_MD_CTX_copy(newobj->ctx, self)) { 186 return _setException(PyExc_ValueError); 187 } 188 return (PyObject *)newobj; 189} 190 191PyDoc_STRVAR(EVP_digest__doc__, 192"Return the digest value as a string of binary data."); 193 194static PyObject * 195EVP_digest(EVPobject *self, PyObject *unused) 196{ 197 unsigned char digest[EVP_MAX_MD_SIZE]; 198 EVP_MD_CTX *temp_ctx; 199 PyObject *retval; 200 unsigned int digest_size; 201 202 temp_ctx = EVP_MD_CTX_new(); 203 if (temp_ctx == NULL) { 204 PyErr_NoMemory(); 205 return NULL; 206 } 207 208 if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { 209 return _setException(PyExc_ValueError); 210 } 211 digest_size = EVP_MD_CTX_size(temp_ctx); 212 EVP_DigestFinal(temp_ctx, digest, NULL); 213 214 retval = PyBytes_FromStringAndSize((const char *)digest, digest_size); 215 EVP_MD_CTX_free(temp_ctx); 216 return retval; 217} 218 219PyDoc_STRVAR(EVP_hexdigest__doc__, 220"Return the digest value as a string of hexadecimal digits."); 221 222static PyObject * 223EVP_hexdigest(EVPobject *self, PyObject *unused) 224{ 225 unsigned char digest[EVP_MAX_MD_SIZE]; 226 EVP_MD_CTX *temp_ctx; 227 unsigned int digest_size; 228 229 temp_ctx = EVP_MD_CTX_new(); 230 if (temp_ctx == NULL) { 231 PyErr_NoMemory(); 232 return NULL; 233 } 234 235 /* Get the raw (binary) digest value */ 236 if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { 237 return _setException(PyExc_ValueError); 238 } 239 digest_size = EVP_MD_CTX_size(temp_ctx); 240 EVP_DigestFinal(temp_ctx, digest, NULL); 241 242 EVP_MD_CTX_free(temp_ctx); 243 244 return _Py_strhex((const char *)digest, digest_size); 245} 246 247PyDoc_STRVAR(EVP_update__doc__, 248"Update this hash object's state with the provided string."); 249 250static PyObject * 251EVP_update(EVPobject *self, PyObject *args) 252{ 253 PyObject *obj; 254 Py_buffer view; 255 256 if (!PyArg_ParseTuple(args, "O:update", &obj)) 257 return NULL; 258 259 GET_BUFFER_VIEW_OR_ERROUT(obj, &view); 260 261#ifdef WITH_THREAD 262 if (self->lock == NULL && view.len >= HASHLIB_GIL_MINSIZE) { 263 self->lock = PyThread_allocate_lock(); 264 /* fail? lock = NULL and we fail over to non-threaded code. */ 265 } 266 267 if (self->lock != NULL) { 268 Py_BEGIN_ALLOW_THREADS 269 PyThread_acquire_lock(self->lock, 1); 270 EVP_hash(self, view.buf, view.len); 271 PyThread_release_lock(self->lock); 272 Py_END_ALLOW_THREADS 273 } else { 274 EVP_hash(self, view.buf, view.len); 275 } 276#else 277 EVP_hash(self, view.buf, view.len); 278#endif 279 280 PyBuffer_Release(&view); 281 Py_RETURN_NONE; 282} 283 284static PyMethodDef EVP_methods[] = { 285 {"update", (PyCFunction)EVP_update, METH_VARARGS, EVP_update__doc__}, 286 {"digest", (PyCFunction)EVP_digest, METH_NOARGS, EVP_digest__doc__}, 287 {"hexdigest", (PyCFunction)EVP_hexdigest, METH_NOARGS, EVP_hexdigest__doc__}, 288 {"copy", (PyCFunction)EVP_copy, METH_NOARGS, EVP_copy__doc__}, 289 {NULL, NULL} /* sentinel */ 290}; 291 292static PyObject * 293EVP_get_block_size(EVPobject *self, void *closure) 294{ 295 long block_size; 296 block_size = EVP_MD_CTX_block_size(self->ctx); 297 return PyLong_FromLong(block_size); 298} 299 300static PyObject * 301EVP_get_digest_size(EVPobject *self, void *closure) 302{ 303 long size; 304 size = EVP_MD_CTX_size(self->ctx); 305 return PyLong_FromLong(size); 306} 307 308static PyMemberDef EVP_members[] = { 309 {"name", T_OBJECT, offsetof(EVPobject, name), READONLY, PyDoc_STR("algorithm name.")}, 310 {NULL} /* Sentinel */ 311}; 312 313static PyGetSetDef EVP_getseters[] = { 314 {"digest_size", 315 (getter)EVP_get_digest_size, NULL, 316 NULL, 317 NULL}, 318 {"block_size", 319 (getter)EVP_get_block_size, NULL, 320 NULL, 321 NULL}, 322 {NULL} /* Sentinel */ 323}; 324 325 326static PyObject * 327EVP_repr(EVPobject *self) 328{ 329 return PyUnicode_FromFormat("<%U HASH object @ %p>", self->name, self); 330} 331 332#if HASH_OBJ_CONSTRUCTOR 333static int 334EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds) 335{ 336 static char *kwlist[] = {"name", "string", NULL}; 337 PyObject *name_obj = NULL; 338 PyObject *data_obj = NULL; 339 Py_buffer view; 340 char *nameStr; 341 const EVP_MD *digest; 342 343 if (!PyArg_ParseTupleAndKeywords(args, kwds, "O|O:HASH", kwlist, 344 &name_obj, &data_obj)) { 345 return -1; 346 } 347 348 if (data_obj) 349 GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view); 350 351 if (!PyArg_Parse(name_obj, "s", &nameStr)) { 352 PyErr_SetString(PyExc_TypeError, "name must be a string"); 353 if (data_obj) 354 PyBuffer_Release(&view); 355 return -1; 356 } 357 358 digest = EVP_get_digestbyname(nameStr); 359 if (!digest) { 360 PyErr_SetString(PyExc_ValueError, "unknown hash function"); 361 if (data_obj) 362 PyBuffer_Release(&view); 363 return -1; 364 } 365 EVP_DigestInit(self->ctx, digest); 366 367 self->name = name_obj; 368 Py_INCREF(self->name); 369 370 if (data_obj) { 371 if (view.len >= HASHLIB_GIL_MINSIZE) { 372 Py_BEGIN_ALLOW_THREADS 373 EVP_hash(self, view.buf, view.len); 374 Py_END_ALLOW_THREADS 375 } else { 376 EVP_hash(self, view.buf, view.len); 377 } 378 PyBuffer_Release(&view); 379 } 380 381 return 0; 382} 383#endif 384 385 386PyDoc_STRVAR(hashtype_doc, 387"A hash represents the object used to calculate a checksum of a\n\ 388string of information.\n\ 389\n\ 390Methods:\n\ 391\n\ 392update() -- updates the current digest with an additional string\n\ 393digest() -- return the current digest value\n\ 394hexdigest() -- return the current digest as a string of hexadecimal digits\n\ 395copy() -- return a copy of the current hash object\n\ 396\n\ 397Attributes:\n\ 398\n\ 399name -- the hash algorithm being used by this object\n\ 400digest_size -- number of bytes in this hashes output\n"); 401 402static PyTypeObject EVPtype = { 403 PyVarObject_HEAD_INIT(NULL, 0) 404 "_hashlib.HASH", /*tp_name*/ 405 sizeof(EVPobject), /*tp_basicsize*/ 406 0, /*tp_itemsize*/ 407 /* methods */ 408 (destructor)EVP_dealloc, /*tp_dealloc*/ 409 0, /*tp_print*/ 410 0, /*tp_getattr*/ 411 0, /*tp_setattr*/ 412 0, /*tp_reserved*/ 413 (reprfunc)EVP_repr, /*tp_repr*/ 414 0, /*tp_as_number*/ 415 0, /*tp_as_sequence*/ 416 0, /*tp_as_mapping*/ 417 0, /*tp_hash*/ 418 0, /*tp_call*/ 419 0, /*tp_str*/ 420 0, /*tp_getattro*/ 421 0, /*tp_setattro*/ 422 0, /*tp_as_buffer*/ 423 Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, /*tp_flags*/ 424 hashtype_doc, /*tp_doc*/ 425 0, /*tp_traverse*/ 426 0, /*tp_clear*/ 427 0, /*tp_richcompare*/ 428 0, /*tp_weaklistoffset*/ 429 0, /*tp_iter*/ 430 0, /*tp_iternext*/ 431 EVP_methods, /* tp_methods */ 432 EVP_members, /* tp_members */ 433 EVP_getseters, /* tp_getset */ 434#if 1 435 0, /* tp_base */ 436 0, /* tp_dict */ 437 0, /* tp_descr_get */ 438 0, /* tp_descr_set */ 439 0, /* tp_dictoffset */ 440#endif 441#if HASH_OBJ_CONSTRUCTOR 442 (initproc)EVP_tp_init, /* tp_init */ 443#endif 444}; 445 446static PyObject * 447EVPnew(PyObject *name_obj, 448 const EVP_MD *digest, const EVP_MD_CTX *initial_ctx, 449 const unsigned char *cp, Py_ssize_t len) 450{ 451 EVPobject *self; 452 453 if (!digest && !initial_ctx) { 454 PyErr_SetString(PyExc_ValueError, "unsupported hash type"); 455 return NULL; 456 } 457 458 if ((self = newEVPobject(name_obj)) == NULL) 459 return NULL; 460 461 if (initial_ctx) { 462 EVP_MD_CTX_copy(self->ctx, initial_ctx); 463 } else { 464 EVP_DigestInit(self->ctx, digest); 465 } 466 467 if (cp && len) { 468 if (len >= HASHLIB_GIL_MINSIZE) { 469 Py_BEGIN_ALLOW_THREADS 470 EVP_hash(self, cp, len); 471 Py_END_ALLOW_THREADS 472 } else { 473 EVP_hash(self, cp, len); 474 } 475 } 476 477 return (PyObject *)self; 478} 479 480 481/* The module-level function: new() */ 482 483PyDoc_STRVAR(EVP_new__doc__, 484"Return a new hash object using the named algorithm.\n\ 485An optional string argument may be provided and will be\n\ 486automatically hashed.\n\ 487\n\ 488The MD5 and SHA1 algorithms are always supported.\n"); 489 490static PyObject * 491EVP_new(PyObject *self, PyObject *args, PyObject *kwdict) 492{ 493 static char *kwlist[] = {"name", "string", NULL}; 494 PyObject *name_obj = NULL; 495 PyObject *data_obj = NULL; 496 Py_buffer view = { 0 }; 497 PyObject *ret_obj; 498 char *name; 499 const EVP_MD *digest; 500 501 if (!PyArg_ParseTupleAndKeywords(args, kwdict, "O|O:new", kwlist, 502 &name_obj, &data_obj)) { 503 return NULL; 504 } 505 506 if (!PyArg_Parse(name_obj, "s", &name)) { 507 PyErr_SetString(PyExc_TypeError, "name must be a string"); 508 return NULL; 509 } 510 511 if (data_obj) 512 GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view); 513 514 digest = EVP_get_digestbyname(name); 515 516 ret_obj = EVPnew(name_obj, digest, NULL, (unsigned char*)view.buf, view.len); 517 518 if (data_obj) 519 PyBuffer_Release(&view); 520 return ret_obj; 521} 522 523 524 525#if (OPENSSL_VERSION_NUMBER >= 0x10000000 && !defined(OPENSSL_NO_HMAC) \ 526 && !defined(OPENSSL_NO_SHA)) 527 528#define PY_PBKDF2_HMAC 1 529 530#if !HAS_FAST_PKCS5_PBKDF2_HMAC 531/* Improved implementation of PKCS5_PBKDF2_HMAC() 532 * 533 * PKCS5_PBKDF2_HMAC_fast() hashes the password exactly one time instead of 534 * `iter` times. Today (2013) the iteration count is typically 100,000 or 535 * more. The improved algorithm is not subject to a Denial-of-Service 536 * vulnerability with overly large passwords. 537 * 538 * Also OpenSSL < 1.0 don't provide PKCS5_PBKDF2_HMAC(), only 539 * PKCS5_PBKDF2_SHA1. 540 */ 541static int 542PKCS5_PBKDF2_HMAC_fast(const char *pass, int passlen, 543 const unsigned char *salt, int saltlen, 544 int iter, const EVP_MD *digest, 545 int keylen, unsigned char *out) 546{ 547 unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; 548 int cplen, j, k, tkeylen, mdlen; 549 unsigned long i = 1; 550 HMAC_CTX hctx_tpl, hctx; 551 552 mdlen = EVP_MD_size(digest); 553 if (mdlen < 0) 554 return 0; 555 556 HMAC_CTX_init(&hctx_tpl); 557 HMAC_CTX_init(&hctx); 558 p = out; 559 tkeylen = keylen; 560 if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) { 561 HMAC_CTX_cleanup(&hctx_tpl); 562 return 0; 563 } 564 while (tkeylen) { 565 if (tkeylen > mdlen) 566 cplen = mdlen; 567 else 568 cplen = tkeylen; 569 /* We are unlikely to ever use more than 256 blocks (5120 bits!) 570 * but just in case... 571 */ 572 itmp[0] = (unsigned char)((i >> 24) & 0xff); 573 itmp[1] = (unsigned char)((i >> 16) & 0xff); 574 itmp[2] = (unsigned char)((i >> 8) & 0xff); 575 itmp[3] = (unsigned char)(i & 0xff); 576 if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { 577 HMAC_CTX_cleanup(&hctx_tpl); 578 return 0; 579 } 580 if (!HMAC_Update(&hctx, salt, saltlen) 581 || !HMAC_Update(&hctx, itmp, 4) 582 || !HMAC_Final(&hctx, digtmp, NULL)) { 583 HMAC_CTX_cleanup(&hctx_tpl); 584 HMAC_CTX_cleanup(&hctx); 585 return 0; 586 } 587 HMAC_CTX_cleanup(&hctx); 588 memcpy(p, digtmp, cplen); 589 for (j = 1; j < iter; j++) { 590 if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { 591 HMAC_CTX_cleanup(&hctx_tpl); 592 return 0; 593 } 594 if (!HMAC_Update(&hctx, digtmp, mdlen) 595 || !HMAC_Final(&hctx, digtmp, NULL)) { 596 HMAC_CTX_cleanup(&hctx_tpl); 597 HMAC_CTX_cleanup(&hctx); 598 return 0; 599 } 600 HMAC_CTX_cleanup(&hctx); 601 for (k = 0; k < cplen; k++) { 602 p[k] ^= digtmp[k]; 603 } 604 } 605 tkeylen-= cplen; 606 i++; 607 p+= cplen; 608 } 609 HMAC_CTX_cleanup(&hctx_tpl); 610 return 1; 611} 612#endif 613 614 615PyDoc_STRVAR(pbkdf2_hmac__doc__, 616"pbkdf2_hmac(hash_name, password, salt, iterations, dklen=None) -> key\n\ 617\n\ 618Password based key derivation function 2 (PKCS #5 v2.0) with HMAC as\n\ 619pseudorandom function."); 620 621static PyObject * 622pbkdf2_hmac(PyObject *self, PyObject *args, PyObject *kwdict) 623{ 624 static char *kwlist[] = {"hash_name", "password", "salt", "iterations", 625 "dklen", NULL}; 626 PyObject *key_obj = NULL, *dklen_obj = Py_None; 627 char *name, *key; 628 Py_buffer password, salt; 629 long iterations, dklen; 630 int retval; 631 const EVP_MD *digest; 632 633 if (!PyArg_ParseTupleAndKeywords(args, kwdict, "sy*y*l|O:pbkdf2_hmac", 634 kwlist, &name, &password, &salt, 635 &iterations, &dklen_obj)) { 636 return NULL; 637 } 638 639 digest = EVP_get_digestbyname(name); 640 if (digest == NULL) { 641 PyErr_SetString(PyExc_ValueError, "unsupported hash type"); 642 goto end; 643 } 644 645 if (password.len > INT_MAX) { 646 PyErr_SetString(PyExc_OverflowError, 647 "password is too long."); 648 goto end; 649 } 650 651 if (salt.len > INT_MAX) { 652 PyErr_SetString(PyExc_OverflowError, 653 "salt is too long."); 654 goto end; 655 } 656 657 if (iterations < 1) { 658 PyErr_SetString(PyExc_ValueError, 659 "iteration value must be greater than 0."); 660 goto end; 661 } 662 if (iterations > INT_MAX) { 663 PyErr_SetString(PyExc_OverflowError, 664 "iteration value is too great."); 665 goto end; 666 } 667 668 if (dklen_obj == Py_None) { 669 dklen = EVP_MD_size(digest); 670 } else { 671 dklen = PyLong_AsLong(dklen_obj); 672 if ((dklen == -1) && PyErr_Occurred()) { 673 goto end; 674 } 675 } 676 if (dklen < 1) { 677 PyErr_SetString(PyExc_ValueError, 678 "key length must be greater than 0."); 679 goto end; 680 } 681 if (dklen > INT_MAX) { 682 /* INT_MAX is always smaller than dkLen max (2^32 - 1) * hLen */ 683 PyErr_SetString(PyExc_OverflowError, 684 "key length is too great."); 685 goto end; 686 } 687 688 key_obj = PyBytes_FromStringAndSize(NULL, dklen); 689 if (key_obj == NULL) { 690 goto end; 691 } 692 key = PyBytes_AS_STRING(key_obj); 693 694 Py_BEGIN_ALLOW_THREADS 695#if HAS_FAST_PKCS5_PBKDF2_HMAC 696 retval = PKCS5_PBKDF2_HMAC((char*)password.buf, (int)password.len, 697 (unsigned char *)salt.buf, (int)salt.len, 698 iterations, digest, dklen, 699 (unsigned char *)key); 700#else 701 retval = PKCS5_PBKDF2_HMAC_fast((char*)password.buf, (int)password.len, 702 (unsigned char *)salt.buf, (int)salt.len, 703 iterations, digest, dklen, 704 (unsigned char *)key); 705#endif 706 Py_END_ALLOW_THREADS 707 708 if (!retval) { 709 Py_CLEAR(key_obj); 710 _setException(PyExc_ValueError); 711 goto end; 712 } 713 714 end: 715 PyBuffer_Release(&password); 716 PyBuffer_Release(&salt); 717 return key_obj; 718} 719 720#endif 721 722#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_SCRYPT) && !defined(LIBRESSL_VERSION_NUMBER) 723#define PY_SCRYPT 1 724 725/*[clinic input] 726_hashlib.scrypt 727 728 password: Py_buffer 729 * 730 salt: Py_buffer = None 731 n as n_obj: object(subclass_of='&PyLong_Type') = None 732 r as r_obj: object(subclass_of='&PyLong_Type') = None 733 p as p_obj: object(subclass_of='&PyLong_Type') = None 734 maxmem: long = 0 735 dklen: long = 64 736 737 738scrypt password-based key derivation function. 739[clinic start generated code]*/ 740 741static PyObject * 742_hashlib_scrypt_impl(PyObject *module, Py_buffer *password, Py_buffer *salt, 743 PyObject *n_obj, PyObject *r_obj, PyObject *p_obj, 744 long maxmem, long dklen) 745/*[clinic end generated code: output=14849e2aa2b7b46c input=48a7d63bf3f75c42]*/ 746{ 747 PyObject *key_obj = NULL; 748 char *key; 749 int retval; 750 unsigned long n, r, p; 751 752 if (password->len > INT_MAX) { 753 PyErr_SetString(PyExc_OverflowError, 754 "password is too long."); 755 return NULL; 756 } 757 758 if (salt->buf == NULL) { 759 PyErr_SetString(PyExc_TypeError, 760 "salt is required"); 761 return NULL; 762 } 763 if (salt->len > INT_MAX) { 764 PyErr_SetString(PyExc_OverflowError, 765 "salt is too long."); 766 return NULL; 767 } 768 769 n = PyLong_AsUnsignedLong(n_obj); 770 if (n == (unsigned long) -1 && PyErr_Occurred()) { 771 PyErr_SetString(PyExc_TypeError, 772 "n is required and must be an unsigned int"); 773 return NULL; 774 } 775 if (n < 2 || n & (n - 1)) { 776 PyErr_SetString(PyExc_ValueError, 777 "n must be a power of 2."); 778 return NULL; 779 } 780 781 r = PyLong_AsUnsignedLong(r_obj); 782 if (r == (unsigned long) -1 && PyErr_Occurred()) { 783 PyErr_SetString(PyExc_TypeError, 784 "r is required and must be an unsigned int"); 785 return NULL; 786 } 787 788 p = PyLong_AsUnsignedLong(p_obj); 789 if (p == (unsigned long) -1 && PyErr_Occurred()) { 790 PyErr_SetString(PyExc_TypeError, 791 "p is required and must be an unsigned int"); 792 return NULL; 793 } 794 795 if (maxmem < 0 || maxmem > INT_MAX) { 796 /* OpenSSL 1.1.0 restricts maxmem to 32MB. It may change in the 797 future. The maxmem constant is private to OpenSSL. */ 798 PyErr_Format(PyExc_ValueError, 799 "maxmem must be positive and smaller than %d", 800 INT_MAX); 801 return NULL; 802 } 803 804 if (dklen < 1 || dklen > INT_MAX) { 805 PyErr_Format(PyExc_ValueError, 806 "dklen must be greater than 0 and smaller than %d", 807 INT_MAX); 808 return NULL; 809 } 810 811 /* let OpenSSL validate the rest */ 812 retval = EVP_PBE_scrypt(NULL, 0, NULL, 0, n, r, p, maxmem, NULL, 0); 813 if (!retval) { 814 /* sorry, can't do much better */ 815 PyErr_SetString(PyExc_ValueError, 816 "Invalid paramemter combination for n, r, p, maxmem."); 817 return NULL; 818 } 819 820 key_obj = PyBytes_FromStringAndSize(NULL, dklen); 821 if (key_obj == NULL) { 822 return NULL; 823 } 824 key = PyBytes_AS_STRING(key_obj); 825 826 Py_BEGIN_ALLOW_THREADS 827 retval = EVP_PBE_scrypt( 828 (const char*)password->buf, (size_t)password->len, 829 (const unsigned char *)salt->buf, (size_t)salt->len, 830 n, r, p, maxmem, 831 (unsigned char *)key, (size_t)dklen 832 ); 833 Py_END_ALLOW_THREADS 834 835 if (!retval) { 836 Py_CLEAR(key_obj); 837 _setException(PyExc_ValueError); 838 return NULL; 839 } 840 return key_obj; 841} 842#endif 843 844/* State for our callback function so that it can accumulate a result. */ 845typedef struct _internal_name_mapper_state { 846 PyObject *set; 847 int error; 848} _InternalNameMapperState; 849 850 851/* A callback function to pass to OpenSSL's OBJ_NAME_do_all(...) */ 852static void 853_openssl_hash_name_mapper(const OBJ_NAME *openssl_obj_name, void *arg) 854{ 855 _InternalNameMapperState *state = (_InternalNameMapperState *)arg; 856 PyObject *py_name; 857 858 assert(state != NULL); 859 if (openssl_obj_name == NULL) 860 return; 861 /* Ignore aliased names, they pollute the list and OpenSSL appears to 862 * have its own definition of alias as the resulting list still 863 * contains duplicate and alternate names for several algorithms. */ 864 if (openssl_obj_name->alias) 865 return; 866 867 py_name = PyUnicode_FromString(openssl_obj_name->name); 868 if (py_name == NULL) { 869 state->error = 1; 870 } else { 871 if (PySet_Add(state->set, py_name) != 0) { 872 state->error = 1; 873 } 874 Py_DECREF(py_name); 875 } 876} 877 878 879/* Ask OpenSSL for a list of supported ciphers, filling in a Python set. */ 880static PyObject* 881generate_hash_name_list(void) 882{ 883 _InternalNameMapperState state; 884 state.set = PyFrozenSet_New(NULL); 885 if (state.set == NULL) 886 return NULL; 887 state.error = 0; 888 889 OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, &_openssl_hash_name_mapper, &state); 890 891 if (state.error) { 892 Py_DECREF(state.set); 893 return NULL; 894 } 895 return state.set; 896} 897 898 899/* 900 * This macro generates constructor function definitions for specific 901 * hash algorithms. These constructors are much faster than calling 902 * the generic one passing it a python string and are noticeably 903 * faster than calling a python new() wrapper. Thats important for 904 * code that wants to make hashes of a bunch of small strings. 905 */ 906#define GEN_CONSTRUCTOR(NAME) \ 907 static PyObject * \ 908 EVP_new_ ## NAME (PyObject *self, PyObject *args) \ 909 { \ 910 PyObject *data_obj = NULL; \ 911 Py_buffer view = { 0 }; \ 912 PyObject *ret_obj; \ 913 \ 914 if (!PyArg_ParseTuple(args, "|O:" #NAME , &data_obj)) { \ 915 return NULL; \ 916 } \ 917 \ 918 if (data_obj) \ 919 GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view); \ 920 \ 921 ret_obj = EVPnew( \ 922 CONST_ ## NAME ## _name_obj, \ 923 NULL, \ 924 CONST_new_ ## NAME ## _ctx_p, \ 925 (unsigned char*)view.buf, \ 926 view.len); \ 927 \ 928 if (data_obj) \ 929 PyBuffer_Release(&view); \ 930 return ret_obj; \ 931 } 932 933/* a PyMethodDef structure for the constructor */ 934#define CONSTRUCTOR_METH_DEF(NAME) \ 935 {"openssl_" #NAME, (PyCFunction)EVP_new_ ## NAME, METH_VARARGS, \ 936 PyDoc_STR("Returns a " #NAME \ 937 " hash object; optionally initialized with a string") \ 938 } 939 940/* used in the init function to setup a constructor: initialize OpenSSL 941 constructor constants if they haven't been initialized already. */ 942#define INIT_CONSTRUCTOR_CONSTANTS(NAME) do { \ 943 if (CONST_ ## NAME ## _name_obj == NULL) { \ 944 CONST_ ## NAME ## _name_obj = PyUnicode_FromString(#NAME); \ 945 if (EVP_get_digestbyname(#NAME)) { \ 946 CONST_new_ ## NAME ## _ctx_p = EVP_MD_CTX_new(); \ 947 EVP_DigestInit(CONST_new_ ## NAME ## _ctx_p, EVP_get_digestbyname(#NAME)); \ 948 } \ 949 } \ 950} while (0); 951 952GEN_CONSTRUCTOR(md5) 953GEN_CONSTRUCTOR(sha1) 954GEN_CONSTRUCTOR(sha224) 955GEN_CONSTRUCTOR(sha256) 956GEN_CONSTRUCTOR(sha384) 957GEN_CONSTRUCTOR(sha512) 958 959/* List of functions exported by this module */ 960 961static struct PyMethodDef EVP_functions[] = { 962 {"new", (PyCFunction)EVP_new, METH_VARARGS|METH_KEYWORDS, EVP_new__doc__}, 963#ifdef PY_PBKDF2_HMAC 964 {"pbkdf2_hmac", (PyCFunction)pbkdf2_hmac, METH_VARARGS|METH_KEYWORDS, 965 pbkdf2_hmac__doc__}, 966#endif 967 _HASHLIB_SCRYPT_METHODDEF 968 CONSTRUCTOR_METH_DEF(md5), 969 CONSTRUCTOR_METH_DEF(sha1), 970 CONSTRUCTOR_METH_DEF(sha224), 971 CONSTRUCTOR_METH_DEF(sha256), 972 CONSTRUCTOR_METH_DEF(sha384), 973 CONSTRUCTOR_METH_DEF(sha512), 974 {NULL, NULL} /* Sentinel */ 975}; 976 977 978/* Initialize this module. */ 979 980 981static struct PyModuleDef _hashlibmodule = { 982 PyModuleDef_HEAD_INIT, 983 "_hashlib", 984 NULL, 985 -1, 986 EVP_functions, 987 NULL, 988 NULL, 989 NULL, 990 NULL 991}; 992 993PyMODINIT_FUNC 994PyInit__hashlib(void) 995{ 996 PyObject *m, *openssl_md_meth_names; 997 998 OpenSSL_add_all_digests(); 999 ERR_load_crypto_strings(); 1000 1001 /* TODO build EVP_functions openssl_* entries dynamically based 1002 * on what hashes are supported rather than listing many 1003 * but having some be unsupported. Only init appropriate 1004 * constants. */ 1005 1006 Py_TYPE(&EVPtype) = &PyType_Type; 1007 if (PyType_Ready(&EVPtype) < 0) 1008 return NULL; 1009 1010 m = PyModule_Create(&_hashlibmodule); 1011 if (m == NULL) 1012 return NULL; 1013 1014 openssl_md_meth_names = generate_hash_name_list(); 1015 if (openssl_md_meth_names == NULL) { 1016 Py_DECREF(m); 1017 return NULL; 1018 } 1019 if (PyModule_AddObject(m, "openssl_md_meth_names", openssl_md_meth_names)) { 1020 Py_DECREF(m); 1021 return NULL; 1022 } 1023 1024 Py_INCREF((PyObject *)&EVPtype); 1025 PyModule_AddObject(m, "HASH", (PyObject *)&EVPtype); 1026 1027 /* these constants are used by the convenience constructors */ 1028 INIT_CONSTRUCTOR_CONSTANTS(md5); 1029 INIT_CONSTRUCTOR_CONSTANTS(sha1); 1030 INIT_CONSTRUCTOR_CONSTANTS(sha224); 1031 INIT_CONSTRUCTOR_CONSTANTS(sha256); 1032 INIT_CONSTRUCTOR_CONSTANTS(sha384); 1033 INIT_CONSTRUCTOR_CONSTANTS(sha512); 1034 return m; 1035} 1036