diff options
Diffstat (limited to 'Modules/_hashopenssl.c')
-rw-r--r-- | Modules/_hashopenssl.c | 165 |
1 files changed, 106 insertions, 59 deletions
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c index 44765ac..986c10b 100644 --- a/Modules/_hashopenssl.c +++ b/Modules/_hashopenssl.c @@ -21,7 +21,6 @@ /* EVP is the preferred interface to hashing in OpenSSL */ #include <openssl/evp.h> -#include <openssl/hmac.h> /* We use the object interface to discover what hashes OpenSSL supports. */ #include <openssl/objects.h> #include "openssl/err.h" @@ -32,11 +31,22 @@ #define HASH_OBJ_CONSTRUCTOR 0 #endif +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) +/* OpenSSL < 1.1.0 */ +#define EVP_MD_CTX_new EVP_MD_CTX_create +#define EVP_MD_CTX_free EVP_MD_CTX_destroy +#define HAS_FAST_PKCS5_PBKDF2_HMAC 0 +#include <openssl/hmac.h> +#else +/* OpenSSL >= 1.1.0 */ +#define HAS_FAST_PKCS5_PBKDF2_HMAC 1 +#endif + typedef struct { PyObject_HEAD PyObject *name; /* name of this hash algorithm */ - EVP_MD_CTX ctx; /* OpenSSL message digest context */ + EVP_MD_CTX *ctx; /* OpenSSL message digest context */ #ifdef WITH_THREAD PyThread_type_lock lock; /* OpenSSL context lock */ #endif @@ -48,7 +58,6 @@ static PyTypeObject EVPtype; #define DEFINE_CONSTS_FOR_NEW(Name) \ static PyObject *CONST_ ## Name ## _name_obj = NULL; \ - static EVP_MD_CTX CONST_new_ ## Name ## _ctx; \ static EVP_MD_CTX *CONST_new_ ## Name ## _ctx_p = NULL; DEFINE_CONSTS_FOR_NEW(md5) @@ -59,19 +68,57 @@ DEFINE_CONSTS_FOR_NEW(sha384) DEFINE_CONSTS_FOR_NEW(sha512) +/* LCOV_EXCL_START */ +static PyObject * +_setException(PyObject *exc) +{ + unsigned long errcode; + const char *lib, *func, *reason; + + errcode = ERR_peek_last_error(); + if (!errcode) { + PyErr_SetString(exc, "unknown reasons"); + return NULL; + } + ERR_clear_error(); + + lib = ERR_lib_error_string(errcode); + func = ERR_func_error_string(errcode); + reason = ERR_reason_error_string(errcode); + + if (lib && func) { + PyErr_Format(exc, "[%s: %s] %s", lib, func, reason); + } + else if (lib) { + PyErr_Format(exc, "[%s] %s", lib, reason); + } + else { + PyErr_SetString(exc, reason); + } + return NULL; +} +/* LCOV_EXCL_STOP */ + static EVPobject * newEVPobject(PyObject *name) { EVPobject *retval = (EVPobject *)PyObject_New(EVPobject, &EVPtype); + if (retval == NULL) { + return NULL; + } + + retval->ctx = EVP_MD_CTX_new(); + if (retval->ctx == NULL) { + PyErr_NoMemory(); + return NULL; + } /* save the name for .name to return */ - if (retval != NULL) { - Py_INCREF(name); - retval->name = name; + Py_INCREF(name); + retval->name = name; #ifdef WITH_THREAD - retval->lock = NULL; + retval->lock = NULL; #endif - } return retval; } @@ -86,7 +133,7 @@ EVP_hash(EVPobject *self, const void *vp, Py_ssize_t len) process = MUNCH_SIZE; else process = Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int); - EVP_DigestUpdate(&self->ctx, (const void*)cp, process); + EVP_DigestUpdate(self->ctx, (const void*)cp, process); len -= process; cp += process; } @@ -101,16 +148,19 @@ EVP_dealloc(EVPobject *self) if (self->lock != NULL) PyThread_free_lock(self->lock); #endif - EVP_MD_CTX_cleanup(&self->ctx); + EVP_MD_CTX_free(self->ctx); Py_XDECREF(self->name); PyObject_Del(self); } -static void locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self) +static int +locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self) { + int result; ENTER_HASHLIB(self); - EVP_MD_CTX_copy(new_ctx_p, &self->ctx); + result = EVP_MD_CTX_copy(new_ctx_p, self->ctx); LEAVE_HASHLIB(self); + return result; } /* External methods for a hash object */ @@ -126,7 +176,9 @@ EVP_copy(EVPobject *self, PyObject *unused) if ( (newobj = newEVPobject(self->name))==NULL) return NULL; - locked_EVP_MD_CTX_copy(&newobj->ctx, self); + if (!locked_EVP_MD_CTX_copy(newobj->ctx, self)) { + return _setException(PyExc_ValueError); + } return (PyObject *)newobj; } @@ -137,16 +189,24 @@ static PyObject * EVP_digest(EVPobject *self, PyObject *unused) { unsigned char digest[EVP_MAX_MD_SIZE]; - EVP_MD_CTX temp_ctx; + EVP_MD_CTX *temp_ctx; PyObject *retval; unsigned int digest_size; - locked_EVP_MD_CTX_copy(&temp_ctx, self); - digest_size = EVP_MD_CTX_size(&temp_ctx); - EVP_DigestFinal(&temp_ctx, digest, NULL); + temp_ctx = EVP_MD_CTX_new(); + if (temp_ctx == NULL) { + PyErr_NoMemory(); + return NULL; + } + + if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { + return _setException(PyExc_ValueError); + } + digest_size = EVP_MD_CTX_size(temp_ctx); + EVP_DigestFinal(temp_ctx, digest, NULL); retval = PyBytes_FromStringAndSize((const char *)digest, digest_size); - EVP_MD_CTX_cleanup(&temp_ctx); + EVP_MD_CTX_free(temp_ctx); return retval; } @@ -157,15 +217,23 @@ static PyObject * EVP_hexdigest(EVPobject *self, PyObject *unused) { unsigned char digest[EVP_MAX_MD_SIZE]; - EVP_MD_CTX temp_ctx; + EVP_MD_CTX *temp_ctx; unsigned int digest_size; + temp_ctx = EVP_MD_CTX_new(); + if (temp_ctx == NULL) { + PyErr_NoMemory(); + return NULL; + } + /* Get the raw (binary) digest value */ - locked_EVP_MD_CTX_copy(&temp_ctx, self); - digest_size = EVP_MD_CTX_size(&temp_ctx); - EVP_DigestFinal(&temp_ctx, digest, NULL); + if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { + return _setException(PyExc_ValueError); + } + digest_size = EVP_MD_CTX_size(temp_ctx); + EVP_DigestFinal(temp_ctx, digest, NULL); - EVP_MD_CTX_cleanup(&temp_ctx); + EVP_MD_CTX_free(temp_ctx); return _Py_strhex((const char *)digest, digest_size); } @@ -219,7 +287,7 @@ static PyObject * EVP_get_block_size(EVPobject *self, void *closure) { long block_size; - block_size = EVP_MD_CTX_block_size(&self->ctx); + block_size = EVP_MD_CTX_block_size(self->ctx); return PyLong_FromLong(block_size); } @@ -227,7 +295,7 @@ static PyObject * EVP_get_digest_size(EVPobject *self, void *closure) { long size; - size = EVP_MD_CTX_size(&self->ctx); + size = EVP_MD_CTX_size(self->ctx); return PyLong_FromLong(size); } @@ -288,7 +356,7 @@ EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds) PyBuffer_Release(&view); return -1; } - EVP_DigestInit(&self->ctx, digest); + EVP_DigestInit(self->ctx, digest); self->name = name_obj; Py_INCREF(self->name); @@ -385,9 +453,9 @@ EVPnew(PyObject *name_obj, return NULL; if (initial_ctx) { - EVP_MD_CTX_copy(&self->ctx, initial_ctx); + EVP_MD_CTX_copy(self->ctx, initial_ctx); } else { - EVP_DigestInit(&self->ctx, digest); + EVP_DigestInit(self->ctx, digest); } if (cp && len) { @@ -453,6 +521,7 @@ EVP_new(PyObject *self, PyObject *args, PyObject *kwdict) #define PY_PBKDF2_HMAC 1 +#if !HAS_FAST_PKCS5_PBKDF2_HMAC /* Improved implementation of PKCS5_PBKDF2_HMAC() * * PKCS5_PBKDF2_HMAC_fast() hashes the password exactly one time instead of @@ -534,37 +603,8 @@ PKCS5_PBKDF2_HMAC_fast(const char *pass, int passlen, HMAC_CTX_cleanup(&hctx_tpl); return 1; } +#endif -/* LCOV_EXCL_START */ -static PyObject * -_setException(PyObject *exc) -{ - unsigned long errcode; - const char *lib, *func, *reason; - - errcode = ERR_peek_last_error(); - if (!errcode) { - PyErr_SetString(exc, "unknown reasons"); - return NULL; - } - ERR_clear_error(); - - lib = ERR_lib_error_string(errcode); - func = ERR_func_error_string(errcode); - reason = ERR_reason_error_string(errcode); - - if (lib && func) { - PyErr_Format(exc, "[%s: %s] %s", lib, func, reason); - } - else if (lib) { - PyErr_Format(exc, "[%s] %s", lib, reason); - } - else { - PyErr_SetString(exc, reason); - } - return NULL; -} -/* LCOV_EXCL_STOP */ PyDoc_STRVAR(pbkdf2_hmac__doc__, "pbkdf2_hmac(hash_name, password, salt, iterations, dklen=None) -> key\n\ @@ -646,10 +686,17 @@ pbkdf2_hmac(PyObject *self, PyObject *args, PyObject *kwdict) key = PyBytes_AS_STRING(key_obj); Py_BEGIN_ALLOW_THREADS +#if HAS_FAST_PKCS5_PBKDF2_HMAC + retval = PKCS5_PBKDF2_HMAC((char*)password.buf, (int)password.len, + (unsigned char *)salt.buf, (int)salt.len, + iterations, digest, dklen, + (unsigned char *)key); +#else retval = PKCS5_PBKDF2_HMAC_fast((char*)password.buf, (int)password.len, (unsigned char *)salt.buf, (int)salt.len, iterations, digest, dklen, (unsigned char *)key); +#endif Py_END_ALLOW_THREADS if (!retval) { @@ -768,7 +815,7 @@ generate_hash_name_list(void) if (CONST_ ## NAME ## _name_obj == NULL) { \ CONST_ ## NAME ## _name_obj = PyUnicode_FromString(#NAME); \ if (EVP_get_digestbyname(#NAME)) { \ - CONST_new_ ## NAME ## _ctx_p = &CONST_new_ ## NAME ## _ctx; \ + CONST_new_ ## NAME ## _ctx_p = EVP_MD_CTX_new(); \ EVP_DigestInit(CONST_new_ ## NAME ## _ctx_p, EVP_get_digestbyname(#NAME)); \ } \ } \ |