summaryrefslogtreecommitdiffstats
path: root/Modules/_hashopenssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'Modules/_hashopenssl.c')
-rw-r--r--Modules/_hashopenssl.c167
1 files changed, 146 insertions, 21 deletions
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
index c65c698..29ebec7 100644
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -34,6 +34,14 @@
#define MUNCH_SIZE INT_MAX
+#if defined(NID_sha3_224) && defined(EVP_MD_FLAG_XOF)
+#define PY_OPENSSL_HAS_SHA3 1
+#endif
+
+#ifdef NID_blake2b512
+#define PY_OPENSSL_HAS_BLAKE2 1
+#endif
+
typedef struct {
PyObject_HEAD
EVP_MD_CTX *ctx; /* OpenSSL message digest context */
@@ -82,6 +90,135 @@ _setException(PyObject *exc)
}
/* LCOV_EXCL_STOP */
+static PyObject*
+py_digest_name(const EVP_MD *md)
+{
+ int nid = EVP_MD_nid(md);
+ const char *name = NULL;
+
+ /* Hard-coded names for well-known hashing algorithms.
+ * OpenSSL uses slightly different names algorithms like SHA3.
+ */
+ switch (nid) {
+ case NID_md5:
+ name = "md5";
+ break;
+ case NID_sha1:
+ name = "sha1";
+ break;
+ case NID_sha224:
+ name ="sha224";
+ break;
+ case NID_sha256:
+ name ="sha256";
+ break;
+ case NID_sha384:
+ name ="sha384";
+ break;
+ case NID_sha512:
+ name ="sha512";
+ break;
+#ifdef NID_sha512_224
+ case NID_sha512_224:
+ name ="sha512_224";
+ break;
+ case NID_sha512_256:
+ name ="sha512_256";
+ break;
+#endif
+#ifdef PY_OPENSSL_HAS_SHA3
+ case NID_sha3_224:
+ name ="sha3_224";
+ break;
+ case NID_sha3_256:
+ name ="sha3_256";
+ break;
+ case NID_sha3_384:
+ name ="sha3_384";
+ break;
+ case NID_sha3_512:
+ name ="sha3_512";
+ break;
+ case NID_shake128:
+ name ="shake_128";
+ break;
+ case NID_shake256:
+ name ="shake_256";
+ break;
+#endif
+#ifdef PY_OPENSSL_HAS_BLAKE2
+ case NID_blake2s256:
+ name ="blake2s";
+ break;
+ case NID_blake2b512:
+ name ="blake2b";
+ break;
+#endif
+ default:
+ /* Ignore aliased names and only use long, lowercase name. The aliases
+ * pollute the list and OpenSSL appears to have its own definition of
+ * alias as the resulting list still contains duplicate and alternate
+ * names for several algorithms.
+ */
+ name = OBJ_nid2ln(nid);
+ if (name == NULL)
+ name = OBJ_nid2sn(nid);
+ break;
+ }
+
+ return PyUnicode_FromString(name);
+}
+
+static const EVP_MD*
+py_digest_by_name(const char *name)
+{
+ const EVP_MD *digest = EVP_get_digestbyname(name);
+
+ /* OpenSSL uses dash instead of underscore in names of some algorithms
+ * like SHA3 and SHAKE. Detect different spellings. */
+ if (digest == NULL) {
+#ifdef NID_sha512_224
+ if (!strcmp(name, "sha512_224") || !strcmp(name, "SHA512_224")) {
+ digest = EVP_sha512_224();
+ }
+ else if (!strcmp(name, "sha512_256") || !strcmp(name, "SHA512_256")) {
+ digest = EVP_sha512_256();
+ }
+#endif
+#ifdef PY_OPENSSL_HAS_SHA3
+ /* could be sha3_ or shake_, Python never defined upper case */
+ else if (!strcmp(name, "sha3_224")) {
+ digest = EVP_sha3_224();
+ }
+ else if (!strcmp(name, "sha3_256")) {
+ digest = EVP_sha3_256();
+ }
+ else if (!strcmp(name, "sha3_384")) {
+ digest = EVP_sha3_384();
+ }
+ else if (!strcmp(name, "sha3_512")) {
+ digest = EVP_sha3_512();
+ }
+ else if (!strcmp(name, "shake_128")) {
+ digest = EVP_shake128();
+ }
+ else if (!strcmp(name, "shake_256")) {
+ digest = EVP_shake256();
+ }
+#endif
+#ifdef PY_OPENSSL_HAS_BLAKE2
+ else if (!strcmp(name, "blake2s256")) {
+ digest = EVP_blake2s256();
+ }
+ else if (!strcmp(name, "blake2b512")) {
+ digest = EVP_blake2b512();
+ }
+#endif
+ }
+
+ return digest;
+}
+
static EVPobject *
newEVPobject(void)
{
@@ -304,16 +441,7 @@ EVP_get_digest_size(EVPobject *self, void *closure)
static PyObject *
EVP_get_name(EVPobject *self, void *closure)
{
- const char *name = EVP_MD_name(EVP_MD_CTX_md(self->ctx));
- PyObject *name_obj, *name_lower;
-
- name_obj = PyUnicode_FromString(name);
- if (!name_obj) {
- return NULL;
- }
- name_lower = PyObject_CallMethod(name_obj, "lower", NULL);
- Py_DECREF(name_obj);
- return name_lower;
+ return py_digest_name(EVP_MD_CTX_md(self->ctx));
}
static PyGetSetDef EVP_getseters[] = {
@@ -337,7 +465,7 @@ static PyObject *
EVP_repr(EVPobject *self)
{
PyObject *name_obj, *repr;
- name_obj = EVP_get_name(self, NULL);
+ name_obj = py_digest_name(EVP_MD_CTX_md(self->ctx));
if (!name_obj) {
return NULL;
}
@@ -403,6 +531,7 @@ static PyTypeObject EVPtype = {
0, /* tp_dictoffset */
};
+\
static PyObject *
EVPnew(const EVP_MD *digest,
const unsigned char *cp, Py_ssize_t len, int usedforsecurity)
@@ -485,7 +614,7 @@ EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj,
if (data_obj)
GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view);
- digest = EVP_get_digestbyname(name);
+ digest = py_digest_by_name(name);
ret_obj = EVPnew(digest,
(unsigned char*)view.buf, view.len,
@@ -922,21 +1051,17 @@ typedef struct _internal_name_mapper_state {
/* A callback function to pass to OpenSSL's OBJ_NAME_do_all(...) */
static void
-_openssl_hash_name_mapper(const OBJ_NAME *openssl_obj_name, void *arg)
+_openssl_hash_name_mapper(const EVP_MD *md, const char *from,
+ const char *to, void *arg)
{
_InternalNameMapperState *state = (_InternalNameMapperState *)arg;
PyObject *py_name;
assert(state != NULL);
- if (openssl_obj_name == NULL)
- return;
- /* Ignore aliased names, they pollute the list and OpenSSL appears to
- * have its own definition of alias as the resulting list still
- * contains duplicate and alternate names for several algorithms. */
- if (openssl_obj_name->alias)
+ if (md == NULL)
return;
- py_name = PyUnicode_FromString(openssl_obj_name->name);
+ py_name = py_digest_name(md);
if (py_name == NULL) {
state->error = 1;
} else {
@@ -958,7 +1083,7 @@ generate_hash_name_list(void)
return NULL;
state.error = 0;
- OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, &_openssl_hash_name_mapper, &state);
+ EVP_MD_do_all(&_openssl_hash_name_mapper, &state);
if (state.error) {
Py_DECREF(state.set);