diff options
Diffstat (limited to 'contrib/tools/python3/src/Modules/_hashopenssl.c')
| -rw-r--r-- | contrib/tools/python3/src/Modules/_hashopenssl.c | 1218 |
1 files changed, 609 insertions, 609 deletions
diff --git a/contrib/tools/python3/src/Modules/_hashopenssl.c b/contrib/tools/python3/src/Modules/_hashopenssl.c index a4889450821..32a86a00be4 100644 --- a/contrib/tools/python3/src/Modules/_hashopenssl.c +++ b/contrib/tools/python3/src/Modules/_hashopenssl.c @@ -1,16 +1,16 @@ -/* Module that wraps all OpenSSL hash algorithms */ - -/* - * Copyright (C) 2005-2010 Gregory P. Smith ([email protected]) - * Licensed to PSF under a Contributor Agreement. - * - * Derived from a skeleton of shamodule.c containing work performed by: - * - * Andrew Kuchling ([email protected]) - * Greg Stein ([email protected]) - * - */ - +/* Module that wraps all OpenSSL hash algorithms */ + +/* + * Copyright (C) 2005-2010 Gregory P. Smith ([email protected]) + * Licensed to PSF under a Contributor Agreement. + * + * Derived from a skeleton of shamodule.c containing work performed by: + * + * Andrew Kuchling ([email protected]) + * Greg Stein ([email protected]) + * + */ + /* Don't warn about deprecated functions, */ #ifndef OPENSSL_API_COMPAT // 0x10101000L == 1.1.1, 30000 == 3.0.0 @@ -22,31 +22,31 @@ # define Py_BUILD_CORE_MODULE 1 #endif -#define PY_SSIZE_T_CLEAN - -#include "Python.h" +#define PY_SSIZE_T_CLEAN + +#include "Python.h" #include "pycore_hashtable.h" -#include "hashlib.h" -#include "pystrhex.h" - -/* EVP is the preferred interface to hashing in OpenSSL */ -#include <openssl/evp.h> -#include <openssl/hmac.h> +#include "hashlib.h" +#include "pystrhex.h" + +/* EVP is the preferred interface to hashing in OpenSSL */ +#include <openssl/evp.h> +#include <openssl/hmac.h> #include <openssl/crypto.h> -/* We use the object interface to discover what hashes OpenSSL supports. */ -#include <openssl/objects.h> +/* We use the object interface to discover what hashes OpenSSL supports. */ +#include <openssl/objects.h> #include <openssl/err.h> - + #include <openssl/crypto.h> // FIPS_mode() #ifndef OPENSSL_THREADS # error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL" -#endif - -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) -/* OpenSSL < 1.1.0 */ -#define EVP_MD_CTX_new EVP_MD_CTX_create -#define EVP_MD_CTX_free EVP_MD_CTX_destroy +#endif + +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) +/* OpenSSL < 1.1.0 */ +#define EVP_MD_CTX_new EVP_MD_CTX_create +#define EVP_MD_CTX_free EVP_MD_CTX_destroy HMAC_CTX * HMAC_CTX_new(void) @@ -73,10 +73,10 @@ HMAC_CTX_get_md(const HMAC_CTX *ctx) { return ctx->md; } -#endif - +#endif + #define MUNCH_SIZE INT_MAX - + #ifdef NID_sha3_224 #define PY_OPENSSL_HAS_SHA3 1 #endif @@ -253,7 +253,7 @@ py_hashentry_table_new(void) { /* Module state */ static PyModuleDef _hashlibmodule; -typedef struct { +typedef struct { PyTypeObject *EVPtype; PyTypeObject *HMACtype; #ifdef PY_OPENSSL_HAS_SHAKE @@ -271,17 +271,17 @@ get_hashlib_state(PyObject *module) } typedef struct { - PyObject_HEAD - EVP_MD_CTX *ctx; /* OpenSSL message digest context */ - PyThread_type_lock lock; /* OpenSSL context lock */ -} EVPobject; - + PyObject_HEAD + EVP_MD_CTX *ctx; /* OpenSSL message digest context */ + PyThread_type_lock lock; /* OpenSSL context lock */ +} EVPobject; + typedef struct { PyObject_HEAD HMAC_CTX *ctx; /* OpenSSL hmac context */ PyThread_type_lock lock; /* HMAC context lock */ } HMACobject; - + #include "clinic/_hashopenssl.c.h" /*[clinic input] module _hashlib @@ -290,49 +290,49 @@ class _hashlib.HASHXOF "EVPobject *" "((_hashlibstate *)PyModule_GetState(module class _hashlib.HMAC "HMACobject *" "((_hashlibstate *)PyModule_GetState(module))->HMACtype" [clinic start generated code]*/ /*[clinic end generated code: output=da39a3ee5e6b4b0d input=7df1bcf6f75cb8ef]*/ - - -/* LCOV_EXCL_START */ -static PyObject * + + +/* LCOV_EXCL_START */ +static PyObject * _setException(PyObject *exc, const char* altmsg, ...) -{ +{ unsigned long errcode = ERR_peek_last_error(); - const char *lib, *func, *reason; + const char *lib, *func, *reason; va_list vargs; - + #ifdef HAVE_STDARG_PROTOTYPES va_start(vargs, altmsg); #else va_start(vargs); #endif - if (!errcode) { + if (!errcode) { if (altmsg == NULL) { PyErr_SetString(exc, "no reason supplied"); } else { PyErr_FormatV(exc, altmsg, vargs); } - return NULL; - } + return NULL; + } va_end(vargs); - ERR_clear_error(); - - lib = ERR_lib_error_string(errcode); - func = ERR_func_error_string(errcode); - reason = ERR_reason_error_string(errcode); - - if (lib && func) { - PyErr_Format(exc, "[%s: %s] %s", lib, func, reason); - } - else if (lib) { - PyErr_Format(exc, "[%s] %s", lib, reason); - } - else { - PyErr_SetString(exc, reason); - } - return NULL; -} -/* LCOV_EXCL_STOP */ - + ERR_clear_error(); + + lib = ERR_lib_error_string(errcode); + func = ERR_func_error_string(errcode); + reason = ERR_reason_error_string(errcode); + + if (lib && func) { + PyErr_Format(exc, "[%s: %s] %s", lib, func, reason); + } + else if (lib) { + PyErr_Format(exc, "[%s] %s", lib, reason); + } + else { + PyErr_SetString(exc, reason); + } + return NULL; +} +/* LCOV_EXCL_STOP */ + /* {Py_tp_new, NULL} doesn't block __new__ */ static PyObject * _disabled_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) @@ -419,265 +419,265 @@ py_digest_by_name(PyObject *module, const char *name, enum Py_hash_type py_ht) return digest; } -static EVPobject * +static EVPobject * newEVPobject(PyTypeObject *type) -{ +{ EVPobject *retval = (EVPobject *)PyObject_New(EVPobject, type); - if (retval == NULL) { - return NULL; - } - - retval->lock = NULL; - - retval->ctx = EVP_MD_CTX_new(); - if (retval->ctx == NULL) { - Py_DECREF(retval); - PyErr_NoMemory(); - return NULL; - } - - return retval; -} - + if (retval == NULL) { + return NULL; + } + + retval->lock = NULL; + + retval->ctx = EVP_MD_CTX_new(); + if (retval->ctx == NULL) { + Py_DECREF(retval); + PyErr_NoMemory(); + return NULL; + } + + return retval; +} + static int -EVP_hash(EVPobject *self, const void *vp, Py_ssize_t len) -{ - unsigned int process; - const unsigned char *cp = (const unsigned char *)vp; - while (0 < len) { - if (len > (Py_ssize_t)MUNCH_SIZE) - process = MUNCH_SIZE; - else - process = Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int); - if (!EVP_DigestUpdate(self->ctx, (const void*)cp, process)) { +EVP_hash(EVPobject *self, const void *vp, Py_ssize_t len) +{ + unsigned int process; + const unsigned char *cp = (const unsigned char *)vp; + while (0 < len) { + if (len > (Py_ssize_t)MUNCH_SIZE) + process = MUNCH_SIZE; + else + process = Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int); + if (!EVP_DigestUpdate(self->ctx, (const void*)cp, process)) { _setException(PyExc_ValueError, NULL); return -1; - } - len -= process; - cp += process; - } + } + len -= process; + cp += process; + } return 0; -} - -/* Internal methods for a hash object */ - -static void -EVP_dealloc(EVPobject *self) -{ +} + +/* Internal methods for a hash object */ + +static void +EVP_dealloc(EVPobject *self) +{ PyTypeObject *tp = Py_TYPE(self); - if (self->lock != NULL) - PyThread_free_lock(self->lock); - EVP_MD_CTX_free(self->ctx); - PyObject_Del(self); + if (self->lock != NULL) + PyThread_free_lock(self->lock); + EVP_MD_CTX_free(self->ctx); + PyObject_Del(self); Py_DECREF(tp); -} - -static int -locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self) -{ - int result; - ENTER_HASHLIB(self); - result = EVP_MD_CTX_copy(new_ctx_p, self->ctx); - LEAVE_HASHLIB(self); - return result; -} - -/* External methods for a hash object */ - +} + +static int +locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self) +{ + int result; + ENTER_HASHLIB(self); + result = EVP_MD_CTX_copy(new_ctx_p, self->ctx); + LEAVE_HASHLIB(self); + return result; +} + +/* External methods for a hash object */ + /*[clinic input] _hashlib.HASH.copy as EVP_copy - + Return a copy of the hash object. [clinic start generated code]*/ - -static PyObject * + +static PyObject * EVP_copy_impl(EVPobject *self) /*[clinic end generated code: output=b370c21cdb8ca0b4 input=31455b6a3e638069]*/ -{ - EVPobject *newobj; - +{ + EVPobject *newobj; + if ((newobj = newEVPobject(Py_TYPE(self))) == NULL) - return NULL; - - if (!locked_EVP_MD_CTX_copy(newobj->ctx, self)) { - Py_DECREF(newobj); + return NULL; + + if (!locked_EVP_MD_CTX_copy(newobj->ctx, self)) { + Py_DECREF(newobj); return _setException(PyExc_ValueError, NULL); - } - return (PyObject *)newobj; -} - + } + return (PyObject *)newobj; +} + /*[clinic input] _hashlib.HASH.digest as EVP_digest - + Return the digest value as a bytes object. [clinic start generated code]*/ -static PyObject * +static PyObject * EVP_digest_impl(EVPobject *self) /*[clinic end generated code: output=0f6a3a0da46dc12d input=03561809a419bf00]*/ -{ - unsigned char digest[EVP_MAX_MD_SIZE]; - EVP_MD_CTX *temp_ctx; - PyObject *retval; - unsigned int digest_size; - - temp_ctx = EVP_MD_CTX_new(); - if (temp_ctx == NULL) { - PyErr_NoMemory(); - return NULL; - } - - if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { +{ + unsigned char digest[EVP_MAX_MD_SIZE]; + EVP_MD_CTX *temp_ctx; + PyObject *retval; + unsigned int digest_size; + + temp_ctx = EVP_MD_CTX_new(); + if (temp_ctx == NULL) { + PyErr_NoMemory(); + return NULL; + } + + if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { return _setException(PyExc_ValueError, NULL); - } - digest_size = EVP_MD_CTX_size(temp_ctx); - if (!EVP_DigestFinal(temp_ctx, digest, NULL)) { + } + digest_size = EVP_MD_CTX_size(temp_ctx); + if (!EVP_DigestFinal(temp_ctx, digest, NULL)) { _setException(PyExc_ValueError, NULL); - return NULL; - } - - retval = PyBytes_FromStringAndSize((const char *)digest, digest_size); - EVP_MD_CTX_free(temp_ctx); - return retval; -} - + return NULL; + } + + retval = PyBytes_FromStringAndSize((const char *)digest, digest_size); + EVP_MD_CTX_free(temp_ctx); + return retval; +} + /*[clinic input] _hashlib.HASH.hexdigest as EVP_hexdigest - + Return the digest value as a string of hexadecimal digits. [clinic start generated code]*/ -static PyObject * +static PyObject * EVP_hexdigest_impl(EVPobject *self) /*[clinic end generated code: output=18e6decbaf197296 input=aff9cf0e4c741a9a]*/ -{ - unsigned char digest[EVP_MAX_MD_SIZE]; - EVP_MD_CTX *temp_ctx; - unsigned int digest_size; - - temp_ctx = EVP_MD_CTX_new(); - if (temp_ctx == NULL) { - PyErr_NoMemory(); - return NULL; - } - - /* Get the raw (binary) digest value */ - if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { +{ + unsigned char digest[EVP_MAX_MD_SIZE]; + EVP_MD_CTX *temp_ctx; + unsigned int digest_size; + + temp_ctx = EVP_MD_CTX_new(); + if (temp_ctx == NULL) { + PyErr_NoMemory(); + return NULL; + } + + /* Get the raw (binary) digest value */ + if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { return _setException(PyExc_ValueError, NULL); - } - digest_size = EVP_MD_CTX_size(temp_ctx); - if (!EVP_DigestFinal(temp_ctx, digest, NULL)) { + } + digest_size = EVP_MD_CTX_size(temp_ctx); + if (!EVP_DigestFinal(temp_ctx, digest, NULL)) { _setException(PyExc_ValueError, NULL); - return NULL; - } - - EVP_MD_CTX_free(temp_ctx); - + return NULL; + } + + EVP_MD_CTX_free(temp_ctx); + return _Py_strhex((const char *)digest, (Py_ssize_t)digest_size); -} - +} + /*[clinic input] _hashlib.HASH.update as EVP_update - + obj: object / Update this hash object's state with the provided string. [clinic start generated code]*/ -static PyObject * +static PyObject * EVP_update(EVPobject *self, PyObject *obj) /*[clinic end generated code: output=ec1d55ed2432e966 input=9b30ec848f015501]*/ -{ +{ int result; - Py_buffer view; - - GET_BUFFER_VIEW_OR_ERROUT(obj, &view); - - if (self->lock == NULL && view.len >= HASHLIB_GIL_MINSIZE) { - self->lock = PyThread_allocate_lock(); - /* fail? lock = NULL and we fail over to non-threaded code. */ - } - - if (self->lock != NULL) { - Py_BEGIN_ALLOW_THREADS - PyThread_acquire_lock(self->lock, 1); + Py_buffer view; + + GET_BUFFER_VIEW_OR_ERROUT(obj, &view); + + if (self->lock == NULL && view.len >= HASHLIB_GIL_MINSIZE) { + self->lock = PyThread_allocate_lock(); + /* fail? lock = NULL and we fail over to non-threaded code. */ + } + + if (self->lock != NULL) { + Py_BEGIN_ALLOW_THREADS + PyThread_acquire_lock(self->lock, 1); result = EVP_hash(self, view.buf, view.len); - PyThread_release_lock(self->lock); - Py_END_ALLOW_THREADS - } else { + PyThread_release_lock(self->lock); + Py_END_ALLOW_THREADS + } else { result = EVP_hash(self, view.buf, view.len); - } - - PyBuffer_Release(&view); + } + + PyBuffer_Release(&view); if (result == -1) return NULL; - Py_RETURN_NONE; -} - -static PyMethodDef EVP_methods[] = { + Py_RETURN_NONE; +} + +static PyMethodDef EVP_methods[] = { EVP_UPDATE_METHODDEF EVP_DIGEST_METHODDEF EVP_HEXDIGEST_METHODDEF EVP_COPY_METHODDEF - {NULL, NULL} /* sentinel */ -}; - -static PyObject * -EVP_get_block_size(EVPobject *self, void *closure) -{ - long block_size; - block_size = EVP_MD_CTX_block_size(self->ctx); - return PyLong_FromLong(block_size); -} - -static PyObject * -EVP_get_digest_size(EVPobject *self, void *closure) -{ - long size; - size = EVP_MD_CTX_size(self->ctx); - return PyLong_FromLong(size); -} - + {NULL, NULL} /* sentinel */ +}; + +static PyObject * +EVP_get_block_size(EVPobject *self, void *closure) +{ + long block_size; + block_size = EVP_MD_CTX_block_size(self->ctx); + return PyLong_FromLong(block_size); +} + +static PyObject * +EVP_get_digest_size(EVPobject *self, void *closure) +{ + long size; + size = EVP_MD_CTX_size(self->ctx); + return PyLong_FromLong(size); +} + static PyObject * EVP_get_name(EVPobject *self, void *closure) { return py_digest_name(EVP_MD_CTX_md(self->ctx)); } - -static PyGetSetDef EVP_getseters[] = { - {"digest_size", - (getter)EVP_get_digest_size, NULL, - NULL, - NULL}, - {"block_size", - (getter)EVP_get_block_size, NULL, - NULL, - NULL}, + +static PyGetSetDef EVP_getseters[] = { + {"digest_size", + (getter)EVP_get_digest_size, NULL, + NULL, + NULL}, + {"block_size", + (getter)EVP_get_block_size, NULL, + NULL, + NULL}, {"name", (getter)EVP_get_name, NULL, NULL, PyDoc_STR("algorithm name.")}, - {NULL} /* Sentinel */ -}; - - -static PyObject * -EVP_repr(EVPobject *self) -{ + {NULL} /* Sentinel */ +}; + + +static PyObject * +EVP_repr(EVPobject *self) +{ PyObject *name_obj, *repr; name_obj = py_digest_name(EVP_MD_CTX_md(self->ctx)); if (!name_obj) { return NULL; - } + } repr = PyUnicode_FromFormat("<%U %s object @ %p>", name_obj, Py_TYPE(self)->tp_name, self); Py_DECREF(name_obj); return repr; -} - -PyDoc_STRVAR(hashtype_doc, +} + +PyDoc_STRVAR(hashtype_doc, "HASH(name, string=b\'\')\n" "--\n" "\n" @@ -694,7 +694,7 @@ PyDoc_STRVAR(hashtype_doc, "\n" "name -- the hash algorithm being used by this object\n" "digest_size -- number of bytes in this hashes output"); - + static PyType_Slot EVPtype_slots[] = { {Py_tp_dealloc, EVP_dealloc}, {Py_tp_repr, EVP_repr}, @@ -706,13 +706,13 @@ static PyType_Slot EVPtype_slots[] = { }; static PyType_Spec EVPtype_spec = { - "_hashlib.HASH", /*tp_name*/ - sizeof(EVPobject), /*tp_basicsize*/ - 0, /*tp_itemsize*/ + "_hashlib.HASH", /*tp_name*/ + sizeof(EVPobject), /*tp_basicsize*/ + 0, /*tp_itemsize*/ Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, EVPtype_slots -}; - +}; + #ifdef PY_OPENSSL_HAS_SHAKE /*[clinic input] @@ -723,10 +723,10 @@ _hashlib.HASHXOF.digest as EVPXOF_digest Return the digest value as a bytes object. [clinic start generated code]*/ -static PyObject * +static PyObject * EVPXOF_digest_impl(EVPobject *self, Py_ssize_t length) /*[clinic end generated code: output=ef9320c23280efad input=816a6537cea3d1db]*/ -{ +{ EVP_MD_CTX *temp_ctx; PyObject *retval = PyBytes_FromStringAndSize(NULL, length); @@ -874,11 +874,11 @@ py_evp_fromname(PyObject *module, const char *digestname, PyObject *data_obj, PY_EVP_MD *digest = NULL; PyTypeObject *type; EVPobject *self = NULL; - + if (data_obj != NULL) { GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view); - } - + } + digest = py_digest_by_name( module, digestname, usedforsecurity ? Py_ht_evp : Py_ht_evp_nosecurity ); @@ -899,7 +899,7 @@ py_evp_fromname(PyObject *module, const char *digestname, PyObject *data_obj, if (self == NULL) { goto exit; } - + #if defined(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) && OPENSSL_VERSION_NUMBER < 0x30000000L // In OpenSSL 1.1.1 the non FIPS allowed flag is context specific while // in 3.0.0 it is a different EVP_MD provider. @@ -913,22 +913,22 @@ py_evp_fromname(PyObject *module, const char *digestname, PyObject *data_obj, _setException(PyExc_ValueError, NULL); Py_CLEAR(self); goto exit; - } - + } + if (view.buf && view.len) { if (view.len >= HASHLIB_GIL_MINSIZE) { - Py_BEGIN_ALLOW_THREADS + Py_BEGIN_ALLOW_THREADS result = EVP_hash(self, view.buf, view.len); - Py_END_ALLOW_THREADS - } else { + Py_END_ALLOW_THREADS + } else { result = EVP_hash(self, view.buf, view.len); - } + } if (result == -1) { Py_CLEAR(self); goto exit; } - } - + } + exit: if (data_obj != NULL) { PyBuffer_Release(&view); @@ -937,15 +937,15 @@ py_evp_fromname(PyObject *module, const char *digestname, PyObject *data_obj, PY_EVP_MD_free(digest); } - return (PyObject *)self; -} - - -/* The module-level function: new() */ - + return (PyObject *)self; +} + + +/* The module-level function: new() */ + /*[clinic input] _hashlib.new as EVP_new - + name as name_obj: object string as data_obj: object(c_default="NULL") = b'' * @@ -959,20 +959,20 @@ automatically hashed. The MD5 and SHA1 algorithms are always supported. [clinic start generated code]*/ -static PyObject * +static PyObject * EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj, int usedforsecurity) /*[clinic end generated code: output=ddd5053f92dffe90 input=c24554d0337be1b0]*/ -{ - char *name; - if (!PyArg_Parse(name_obj, "s", &name)) { - PyErr_SetString(PyExc_TypeError, "name must be a string"); - return NULL; - } +{ + char *name; + if (!PyArg_Parse(name_obj, "s", &name)) { + PyErr_SetString(PyExc_TypeError, "name must be a string"); + return NULL; + } return py_evp_fromname(module, name, data_obj, usedforsecurity); -} - - +} + + /*[clinic input] _hashlib.openssl_md5 @@ -988,11 +988,11 @@ static PyObject * _hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj, int usedforsecurity) /*[clinic end generated code: output=87b0186440a44f8c input=990e36d5e689b16e]*/ -{ +{ return py_evp_fromname(module, Py_hash_md5, data_obj, usedforsecurity); } - - + + /*[clinic input] _hashlib.openssl_sha1 @@ -1010,12 +1010,12 @@ _hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj, /*[clinic end generated code: output=6813024cf690670d input=948f2f4b6deabc10]*/ { return py_evp_fromname(module, Py_hash_sha1, data_obj, usedforsecurity); -} - - +} + + /*[clinic input] _hashlib.openssl_sha224 - + string as data_obj: object(py_default="b''") = NULL * usedforsecurity: bool = True @@ -1024,11 +1024,11 @@ Returns a sha224 hash object; optionally initialized with a string [clinic start generated code]*/ -static PyObject * +static PyObject * _hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj, int usedforsecurity) /*[clinic end generated code: output=a2dfe7cc4eb14ebb input=f9272821fadca505]*/ -{ +{ return py_evp_fromname(module, Py_hash_sha224, data_obj, usedforsecurity); } @@ -1233,267 +1233,267 @@ pbkdf2_hmac_impl(PyObject *module, const char *hash_name, PyObject *key_obj = NULL; char *key; long dklen; - int retval; - + int retval; + PY_EVP_MD *digest = py_digest_by_name(module, hash_name, Py_ht_pbkdf2); - if (digest == NULL) { - PyErr_SetString(PyExc_ValueError, "unsupported hash type"); - goto end; - } - + if (digest == NULL) { + PyErr_SetString(PyExc_ValueError, "unsupported hash type"); + goto end; + } + if (password->len > INT_MAX) { - PyErr_SetString(PyExc_OverflowError, - "password is too long."); - goto end; - } - + PyErr_SetString(PyExc_OverflowError, + "password is too long."); + goto end; + } + if (salt->len > INT_MAX) { - PyErr_SetString(PyExc_OverflowError, - "salt is too long."); - goto end; - } - - if (iterations < 1) { - PyErr_SetString(PyExc_ValueError, - "iteration value must be greater than 0."); - goto end; - } - if (iterations > INT_MAX) { - PyErr_SetString(PyExc_OverflowError, - "iteration value is too great."); - goto end; - } - - if (dklen_obj == Py_None) { - dklen = EVP_MD_size(digest); - } else { - dklen = PyLong_AsLong(dklen_obj); - if ((dklen == -1) && PyErr_Occurred()) { - goto end; - } - } - if (dklen < 1) { - PyErr_SetString(PyExc_ValueError, - "key length must be greater than 0."); - goto end; - } - if (dklen > INT_MAX) { - /* INT_MAX is always smaller than dkLen max (2^32 - 1) * hLen */ - PyErr_SetString(PyExc_OverflowError, - "key length is too great."); - goto end; - } - - key_obj = PyBytes_FromStringAndSize(NULL, dklen); - if (key_obj == NULL) { - goto end; - } - key = PyBytes_AS_STRING(key_obj); - - Py_BEGIN_ALLOW_THREADS + PyErr_SetString(PyExc_OverflowError, + "salt is too long."); + goto end; + } + + if (iterations < 1) { + PyErr_SetString(PyExc_ValueError, + "iteration value must be greater than 0."); + goto end; + } + if (iterations > INT_MAX) { + PyErr_SetString(PyExc_OverflowError, + "iteration value is too great."); + goto end; + } + + if (dklen_obj == Py_None) { + dklen = EVP_MD_size(digest); + } else { + dklen = PyLong_AsLong(dklen_obj); + if ((dklen == -1) && PyErr_Occurred()) { + goto end; + } + } + if (dklen < 1) { + PyErr_SetString(PyExc_ValueError, + "key length must be greater than 0."); + goto end; + } + if (dklen > INT_MAX) { + /* INT_MAX is always smaller than dkLen max (2^32 - 1) * hLen */ + PyErr_SetString(PyExc_OverflowError, + "key length is too great."); + goto end; + } + + key_obj = PyBytes_FromStringAndSize(NULL, dklen); + if (key_obj == NULL) { + goto end; + } + key = PyBytes_AS_STRING(key_obj); + + Py_BEGIN_ALLOW_THREADS retval = PKCS5_PBKDF2_HMAC((char*)password->buf, (int)password->len, (unsigned char *)salt->buf, (int)salt->len, - iterations, digest, dklen, - (unsigned char *)key); - Py_END_ALLOW_THREADS - - if (!retval) { - Py_CLEAR(key_obj); + iterations, digest, dklen, + (unsigned char *)key); + Py_END_ALLOW_THREADS + + if (!retval) { + Py_CLEAR(key_obj); _setException(PyExc_ValueError, NULL); - goto end; - } - - end: + goto end; + } + + end: if (digest != NULL) { PY_EVP_MD_free(digest); } - return key_obj; -} - -#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_SCRYPT) && !defined(LIBRESSL_VERSION_NUMBER) -#define PY_SCRYPT 1 - -/* XXX: Parameters salt, n, r and p should be required keyword-only parameters. - They are optional in the Argument Clinic declaration only due to a - limitation of PyArg_ParseTupleAndKeywords. */ - -/*[clinic input] -_hashlib.scrypt - - password: Py_buffer - * - salt: Py_buffer = None - n as n_obj: object(subclass_of='&PyLong_Type') = None - r as r_obj: object(subclass_of='&PyLong_Type') = None - p as p_obj: object(subclass_of='&PyLong_Type') = None - maxmem: long = 0 - dklen: long = 64 - - -scrypt password-based key derivation function. -[clinic start generated code]*/ - -static PyObject * -_hashlib_scrypt_impl(PyObject *module, Py_buffer *password, Py_buffer *salt, - PyObject *n_obj, PyObject *r_obj, PyObject *p_obj, - long maxmem, long dklen) -/*[clinic end generated code: output=14849e2aa2b7b46c input=48a7d63bf3f75c42]*/ -{ - PyObject *key_obj = NULL; - char *key; - int retval; - unsigned long n, r, p; - - if (password->len > INT_MAX) { - PyErr_SetString(PyExc_OverflowError, - "password is too long."); - return NULL; - } - - if (salt->buf == NULL) { - PyErr_SetString(PyExc_TypeError, - "salt is required"); - return NULL; - } - if (salt->len > INT_MAX) { - PyErr_SetString(PyExc_OverflowError, - "salt is too long."); - return NULL; - } - - n = PyLong_AsUnsignedLong(n_obj); - if (n == (unsigned long) -1 && PyErr_Occurred()) { - PyErr_SetString(PyExc_TypeError, - "n is required and must be an unsigned int"); - return NULL; - } - if (n < 2 || n & (n - 1)) { - PyErr_SetString(PyExc_ValueError, - "n must be a power of 2."); - return NULL; - } - - r = PyLong_AsUnsignedLong(r_obj); - if (r == (unsigned long) -1 && PyErr_Occurred()) { - PyErr_SetString(PyExc_TypeError, - "r is required and must be an unsigned int"); - return NULL; - } - - p = PyLong_AsUnsignedLong(p_obj); - if (p == (unsigned long) -1 && PyErr_Occurred()) { - PyErr_SetString(PyExc_TypeError, - "p is required and must be an unsigned int"); - return NULL; - } - - if (maxmem < 0 || maxmem > INT_MAX) { - /* OpenSSL 1.1.0 restricts maxmem to 32 MiB. It may change in the - future. The maxmem constant is private to OpenSSL. */ - PyErr_Format(PyExc_ValueError, - "maxmem must be positive and smaller than %d", - INT_MAX); - return NULL; - } - - if (dklen < 1 || dklen > INT_MAX) { - PyErr_Format(PyExc_ValueError, - "dklen must be greater than 0 and smaller than %d", - INT_MAX); - return NULL; - } - - /* let OpenSSL validate the rest */ - retval = EVP_PBE_scrypt(NULL, 0, NULL, 0, n, r, p, maxmem, NULL, 0); - if (!retval) { + return key_obj; +} + +#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_SCRYPT) && !defined(LIBRESSL_VERSION_NUMBER) +#define PY_SCRYPT 1 + +/* XXX: Parameters salt, n, r and p should be required keyword-only parameters. + They are optional in the Argument Clinic declaration only due to a + limitation of PyArg_ParseTupleAndKeywords. */ + +/*[clinic input] +_hashlib.scrypt + + password: Py_buffer + * + salt: Py_buffer = None + n as n_obj: object(subclass_of='&PyLong_Type') = None + r as r_obj: object(subclass_of='&PyLong_Type') = None + p as p_obj: object(subclass_of='&PyLong_Type') = None + maxmem: long = 0 + dklen: long = 64 + + +scrypt password-based key derivation function. +[clinic start generated code]*/ + +static PyObject * +_hashlib_scrypt_impl(PyObject *module, Py_buffer *password, Py_buffer *salt, + PyObject *n_obj, PyObject *r_obj, PyObject *p_obj, + long maxmem, long dklen) +/*[clinic end generated code: output=14849e2aa2b7b46c input=48a7d63bf3f75c42]*/ +{ + PyObject *key_obj = NULL; + char *key; + int retval; + unsigned long n, r, p; + + if (password->len > INT_MAX) { + PyErr_SetString(PyExc_OverflowError, + "password is too long."); + return NULL; + } + + if (salt->buf == NULL) { + PyErr_SetString(PyExc_TypeError, + "salt is required"); + return NULL; + } + if (salt->len > INT_MAX) { + PyErr_SetString(PyExc_OverflowError, + "salt is too long."); + return NULL; + } + + n = PyLong_AsUnsignedLong(n_obj); + if (n == (unsigned long) -1 && PyErr_Occurred()) { + PyErr_SetString(PyExc_TypeError, + "n is required and must be an unsigned int"); + return NULL; + } + if (n < 2 || n & (n - 1)) { + PyErr_SetString(PyExc_ValueError, + "n must be a power of 2."); + return NULL; + } + + r = PyLong_AsUnsignedLong(r_obj); + if (r == (unsigned long) -1 && PyErr_Occurred()) { + PyErr_SetString(PyExc_TypeError, + "r is required and must be an unsigned int"); + return NULL; + } + + p = PyLong_AsUnsignedLong(p_obj); + if (p == (unsigned long) -1 && PyErr_Occurred()) { + PyErr_SetString(PyExc_TypeError, + "p is required and must be an unsigned int"); + return NULL; + } + + if (maxmem < 0 || maxmem > INT_MAX) { + /* OpenSSL 1.1.0 restricts maxmem to 32 MiB. It may change in the + future. The maxmem constant is private to OpenSSL. */ + PyErr_Format(PyExc_ValueError, + "maxmem must be positive and smaller than %d", + INT_MAX); + return NULL; + } + + if (dklen < 1 || dklen > INT_MAX) { + PyErr_Format(PyExc_ValueError, + "dklen must be greater than 0 and smaller than %d", + INT_MAX); + return NULL; + } + + /* let OpenSSL validate the rest */ + retval = EVP_PBE_scrypt(NULL, 0, NULL, 0, n, r, p, maxmem, NULL, 0); + if (!retval) { _setException(PyExc_ValueError, "Invalid parameter combination for n, r, p, maxmem."); - return NULL; - } - - key_obj = PyBytes_FromStringAndSize(NULL, dklen); - if (key_obj == NULL) { - return NULL; - } - key = PyBytes_AS_STRING(key_obj); - - Py_BEGIN_ALLOW_THREADS - retval = EVP_PBE_scrypt( - (const char*)password->buf, (size_t)password->len, - (const unsigned char *)salt->buf, (size_t)salt->len, - n, r, p, maxmem, - (unsigned char *)key, (size_t)dklen - ); - Py_END_ALLOW_THREADS - - if (!retval) { - Py_CLEAR(key_obj); + return NULL; + } + + key_obj = PyBytes_FromStringAndSize(NULL, dklen); + if (key_obj == NULL) { + return NULL; + } + key = PyBytes_AS_STRING(key_obj); + + Py_BEGIN_ALLOW_THREADS + retval = EVP_PBE_scrypt( + (const char*)password->buf, (size_t)password->len, + (const unsigned char *)salt->buf, (size_t)salt->len, + n, r, p, maxmem, + (unsigned char *)key, (size_t)dklen + ); + Py_END_ALLOW_THREADS + + if (!retval) { + Py_CLEAR(key_obj); _setException(PyExc_ValueError, NULL); - return NULL; - } - return key_obj; -} -#endif - -/* Fast HMAC for hmac.digest() - */ - -/*[clinic input] + return NULL; + } + return key_obj; +} +#endif + +/* Fast HMAC for hmac.digest() + */ + +/*[clinic input] _hashlib.hmac_digest as _hashlib_hmac_singleshot - - key: Py_buffer - msg: Py_buffer - digest: str - -Single-shot HMAC. -[clinic start generated code]*/ - -static PyObject * + + key: Py_buffer + msg: Py_buffer + digest: str + +Single-shot HMAC. +[clinic start generated code]*/ + +static PyObject * _hashlib_hmac_singleshot_impl(PyObject *module, Py_buffer *key, Py_buffer *msg, const char *digest) /*[clinic end generated code: output=15658ede5ab98185 input=019dffc571909a46]*/ -{ - unsigned char md[EVP_MAX_MD_SIZE] = {0}; - unsigned int md_len = 0; - unsigned char *result; +{ + unsigned char md[EVP_MAX_MD_SIZE] = {0}; + unsigned int md_len = 0; + unsigned char *result; PY_EVP_MD *evp; - + evp = py_digest_by_name(module, digest, Py_ht_mac); - if (evp == NULL) { - return NULL; - } - if (key->len > INT_MAX) { - PyErr_SetString(PyExc_OverflowError, - "key is too long."); - return NULL; - } - if (msg->len > INT_MAX) { - PyErr_SetString(PyExc_OverflowError, - "msg is too long."); - return NULL; - } - + if (evp == NULL) { + return NULL; + } + if (key->len > INT_MAX) { + PyErr_SetString(PyExc_OverflowError, + "key is too long."); + return NULL; + } + if (msg->len > INT_MAX) { + PyErr_SetString(PyExc_OverflowError, + "msg is too long."); + return NULL; + } + evp = py_digest_by_name(module, digest, Py_ht_mac); if (evp == NULL) { return NULL; } - Py_BEGIN_ALLOW_THREADS - result = HMAC( - evp, - (const void*)key->buf, (int)key->len, - (const unsigned char*)msg->buf, (int)msg->len, - md, &md_len - ); - Py_END_ALLOW_THREADS + Py_BEGIN_ALLOW_THREADS + result = HMAC( + evp, + (const void*)key->buf, (int)key->len, + (const unsigned char*)msg->buf, (int)msg->len, + md, &md_len + ); + Py_END_ALLOW_THREADS PY_EVP_MD_free(evp); - - if (result == NULL) { + + if (result == NULL) { _setException(PyExc_ValueError, NULL); - return NULL; - } - return PyBytes_FromStringAndSize((const char*)md, md_len); -} - + return NULL; + } + return PyBytes_FromStringAndSize((const char*)md, md_len); +} + /* OpenSSL-based HMAC implementation */ @@ -1850,41 +1850,41 @@ PyType_Spec HMACtype_spec = { }; -/* State for our callback function so that it can accumulate a result. */ -typedef struct _internal_name_mapper_state { - PyObject *set; - int error; -} _InternalNameMapperState; - - -/* A callback function to pass to OpenSSL's OBJ_NAME_do_all(...) */ -static void +/* State for our callback function so that it can accumulate a result. */ +typedef struct _internal_name_mapper_state { + PyObject *set; + int error; +} _InternalNameMapperState; + + +/* A callback function to pass to OpenSSL's OBJ_NAME_do_all(...) */ +static void _openssl_hash_name_mapper(const EVP_MD *md, const char *from, const char *to, void *arg) -{ - _InternalNameMapperState *state = (_InternalNameMapperState *)arg; - PyObject *py_name; - - assert(state != NULL); +{ + _InternalNameMapperState *state = (_InternalNameMapperState *)arg; + PyObject *py_name; + + assert(state != NULL); if (md == NULL) - return; - + return; + py_name = py_digest_name(md); - if (py_name == NULL) { - state->error = 1; - } else { - if (PySet_Add(state->set, py_name) != 0) { - state->error = 1; - } - Py_DECREF(py_name); - } -} - - -/* Ask OpenSSL for a list of supported ciphers, filling in a Python set. */ + if (py_name == NULL) { + state->error = 1; + } else { + if (PySet_Add(state->set, py_name) != 0) { + state->error = 1; + } + Py_DECREF(py_name); + } +} + + +/* Ask OpenSSL for a list of supported ciphers, filling in a Python set. */ static int hashlib_md_meth_names(PyObject *module) -{ +{ _InternalNameMapperState state = { .set = PyFrozenSet_New(NULL), .error = 0 @@ -1892,13 +1892,13 @@ hashlib_md_meth_names(PyObject *module) if (state.set == NULL) { return -1; } - + EVP_MD_do_all(&_openssl_hash_name_mapper, &state); - - if (state.error) { - Py_DECREF(state.set); + + if (state.error) { + Py_DECREF(state.set); return -1; - } + } if (PyModule_AddObject(module, "openssl_md_meth_names", state.set) < 0) { Py_DECREF(state.set); @@ -1906,8 +1906,8 @@ hashlib_md_meth_names(PyObject *module) } return 0; -} - +} + /* LibreSSL doesn't support FIPS: https://marc.info/?l=openbsd-misc&m=139819485423701&w=2 @@ -2068,12 +2068,12 @@ _hashlib_compare_digest_impl(PyObject *module, PyObject *a, PyObject *b) return PyBool_FromLong(rc); } -/* List of functions exported by this module */ - -static struct PyMethodDef EVP_functions[] = { +/* List of functions exported by this module */ + +static struct PyMethodDef EVP_functions[] = { EVP_NEW_METHODDEF PBKDF2_HMAC_METHODDEF - _HASHLIB_SCRYPT_METHODDEF + _HASHLIB_SCRYPT_METHODDEF _HASHLIB_GET_FIPS_MODE_METHODDEF _HASHLIB_COMPARE_DIGEST_METHODDEF _HASHLIB_HMAC_SINGLESHOT_METHODDEF @@ -2090,12 +2090,12 @@ static struct PyMethodDef EVP_functions[] = { _HASHLIB_OPENSSL_SHA3_512_METHODDEF _HASHLIB_OPENSSL_SHAKE_128_METHODDEF _HASHLIB_OPENSSL_SHAKE_256_METHODDEF - {NULL, NULL} /* Sentinel */ -}; - - -/* Initialize this module. */ - + {NULL, NULL} /* Sentinel */ +}; + + +/* Initialize this module. */ + static int hashlib_traverse(PyObject *m, visitproc visit, void *arg) { @@ -2107,7 +2107,7 @@ hashlib_traverse(PyObject *m, visitproc visit, void *arg) #endif return 0; } - + static int hashlib_clear(PyObject *m) { @@ -2123,25 +2123,25 @@ hashlib_clear(PyObject *m) } return 0; } - + static void hashlib_free(void *m) -{ +{ hashlib_clear((PyObject *)m); } - + /* Py_mod_exec functions */ static int hashlib_openssl_legacy_init(PyObject *module) { #if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) - /* Load all digest algorithms and initialize cpuid */ - OPENSSL_add_all_algorithms_noconf(); - ERR_load_crypto_strings(); -#endif + /* Load all digest algorithms and initialize cpuid */ + OPENSSL_add_all_algorithms_noconf(); + ERR_load_crypto_strings(); +#endif return 0; } - + static int hashlib_init_hashtable(PyObject *module) { @@ -2159,7 +2159,7 @@ static int hashlib_init_evptype(PyObject *module) { _hashlibstate *state = get_hashlib_state(module); - + state->EVPtype = (PyTypeObject *)PyType_FromSpec(&EVPtype_spec); if (state->EVPtype == NULL) { return -1; @@ -2169,7 +2169,7 @@ hashlib_init_evptype(PyObject *module) } return 0; } - + static int hashlib_init_evpxoftype(PyObject *module) { @@ -2249,23 +2249,23 @@ PyInit__hashlib(void) return m; } - m = PyModule_Create(&_hashlibmodule); + m = PyModule_Create(&_hashlibmodule); if (m == NULL) { - return NULL; + return NULL; } - + if (hashlib_openssl_legacy_init(m) < 0) { - Py_DECREF(m); - return NULL; - } + Py_DECREF(m); + return NULL; + } if (hashlib_init_hashtable(m) < 0) { Py_DECREF(m); return NULL; } if (hashlib_init_evptype(m) < 0) { - Py_DECREF(m); - return NULL; - } + Py_DECREF(m); + return NULL; + } if (hashlib_init_evpxoftype(m) < 0) { Py_DECREF(m); return NULL; @@ -2278,6 +2278,6 @@ PyInit__hashlib(void) Py_DECREF(m); return NULL; } - - return m; -} + + return m; +} |