diff options
Diffstat (limited to 'Modules/operator.c')
| -rw-r--r-- | Modules/operator.c | 166 |
1 files changed, 155 insertions, 11 deletions
diff --git a/Modules/operator.c b/Modules/operator.c index 866ec3a..12fdad5 100644 --- a/Modules/operator.c +++ b/Modules/operator.c @@ -159,6 +159,143 @@ is_not(PyObject *s, PyObject *a) #undef spam2 #undef spam1o #undef spam1o + +/* compare_digest **********************************************************/ + +/* + * timing safe compare + * + * Returns 1 of the strings are equal. + * In case of len(a) != len(b) the function tries to keep the timing + * dependent on the length of b. CPU cache locally may still alter timing + * a bit. + */ +static int +_tscmp(const unsigned char *a, const unsigned char *b, + Py_ssize_t len_a, Py_ssize_t len_b) +{ + /* The volatile type declarations make sure that the compiler has no + * chance to optimize and fold the code in any way that may change + * the timing. + */ + volatile Py_ssize_t length; + volatile const unsigned char *left; + volatile const unsigned char *right; + Py_ssize_t i; + unsigned char result; + + /* loop count depends on length of b */ + length = len_b; + left = NULL; + right = b; + + /* don't use else here to keep the amount of CPU instructions constant, + * volatile forces re-evaluation + * */ + if (len_a == length) { + left = *((volatile const unsigned char**)&a); + result = 0; + } + if (len_a != length) { + left = b; + result = 1; + } + + for (i=0; i < length; i++) { + result |= *left++ ^ *right++; + } + + return (result == 0); +} + +PyDoc_STRVAR(compare_digest__doc__, +"compare_digest(a, b) -> bool\n" +"\n" +"Return 'a == b'. This function uses an approach designed to prevent\n" +"timing analysis, making it appropriate for cryptography.\n" +"a and b must both be of the same type: either str (ASCII only),\n" +"or any type that supports the buffer protocol (e.g. bytes).\n" +"\n" +"Note: If a and b are of different lengths, or if an error occurs,\n" +"a timing attack could theoretically reveal information about the\n" +"types and lengths of a and b--but not their values.\n"); + +static PyObject* +compare_digest(PyObject *self, PyObject *args) +{ + PyObject *a, *b; + int rc; + + if (!PyArg_ParseTuple(args, "OO:compare_digest", &a, &b)) { + return NULL; + } + + /* ASCII unicode string */ + if(PyUnicode_Check(a) && PyUnicode_Check(b)) { + if (PyUnicode_READY(a) == -1 || PyUnicode_READY(b) == -1) { + return NULL; + } + if (!PyUnicode_IS_ASCII(a) || !PyUnicode_IS_ASCII(b)) { + PyErr_SetString(PyExc_TypeError, + "comparing strings with non-ASCII characters is " + "not supported"); + return NULL; + } + + rc = _tscmp(PyUnicode_DATA(a), + PyUnicode_DATA(b), + PyUnicode_GET_LENGTH(a), + PyUnicode_GET_LENGTH(b)); + } + /* fallback to buffer interface for bytes, bytesarray and other */ + else { + Py_buffer view_a; + Py_buffer view_b; + + if ((PyObject_CheckBuffer(a) == 0) & (PyObject_CheckBuffer(b) == 0)) { + PyErr_Format(PyExc_TypeError, + "unsupported operand types(s) or combination of types: " + "'%.100s' and '%.100s'", + Py_TYPE(a)->tp_name, Py_TYPE(b)->tp_name); + return NULL; + } + + if (PyObject_GetBuffer(a, &view_a, PyBUF_SIMPLE) == -1) { + return NULL; + } + if (view_a.ndim > 1) { + PyErr_SetString(PyExc_BufferError, + "Buffer must be single dimension"); + PyBuffer_Release(&view_a); + return NULL; + } + + if (PyObject_GetBuffer(b, &view_b, PyBUF_SIMPLE) == -1) { + PyBuffer_Release(&view_a); + return NULL; + } + if (view_b.ndim > 1) { + PyErr_SetString(PyExc_BufferError, + "Buffer must be single dimension"); + PyBuffer_Release(&view_a); + PyBuffer_Release(&view_b); + return NULL; + } + + rc = _tscmp((const unsigned char*)view_a.buf, + (const unsigned char*)view_b.buf, + view_a.len, + view_b.len); + + PyBuffer_Release(&view_a); + PyBuffer_Release(&view_b); + } + + return PyBool_FromLong(rc); +} + +/* operator methods **********************************************************/ + #define spam1(OP,DOC) {#OP, OP, METH_VARARGS, PyDoc_STR(DOC)}, #define spam2(OP,ALTOP,DOC) {#OP, op_##OP, METH_VARARGS, PyDoc_STR(DOC)}, \ {#ALTOP, op_##OP, METH_VARARGS, PyDoc_STR(DOC)}, @@ -227,6 +364,8 @@ spam2(ne,__ne__, "ne(a, b) -- Same as a!=b.") spam2(gt,__gt__, "gt(a, b) -- Same as a>b.") spam2(ge,__ge__, "ge(a, b) -- Same as a>=b.") + {"_compare_digest", (PyCFunction)compare_digest, METH_VARARGS, + compare_digest__doc__}, {NULL, NULL} /* sentinel */ }; @@ -402,7 +541,8 @@ attrgetter_new(PyTypeObject *type, PyObject *args, PyObject *kwds) for (idx = 0; idx < nattrs; ++idx) { PyObject *item = PyTuple_GET_ITEM(args, idx); Py_ssize_t item_len; - Py_UNICODE *item_buffer; + void *data; + unsigned int kind; int dot_count; if (!PyUnicode_Check(item)) { @@ -411,13 +551,18 @@ attrgetter_new(PyTypeObject *type, PyObject *args, PyObject *kwds) Py_DECREF(attr); return NULL; } - item_len = PyUnicode_GET_SIZE(item); - item_buffer = PyUnicode_AS_UNICODE(item); + if (PyUnicode_READY(item)) { + Py_DECREF(attr); + return NULL; + } + item_len = PyUnicode_GET_LENGTH(item); + kind = PyUnicode_KIND(item); + data = PyUnicode_DATA(item); /* check whethere the string is dotted */ dot_count = 0; for (char_idx = 0; char_idx < item_len; ++char_idx) { - if (item_buffer[char_idx] == (Py_UNICODE)'.') + if (PyUnicode_READ(kind, data, char_idx) == '.') ++dot_count; } @@ -438,12 +583,12 @@ attrgetter_new(PyTypeObject *type, PyObject *args, PyObject *kwds) } for (; dot_count > 0; --dot_count) { - while (item_buffer[unibuff_till] != (Py_UNICODE)'.') { + while (PyUnicode_READ(kind, data, unibuff_till) != '.') { ++unibuff_till; } - attr_chain_item = PyUnicode_FromUnicode( - item_buffer + unibuff_from, - unibuff_till - unibuff_from); + attr_chain_item = PyUnicode_Substring(item, + unibuff_from, + unibuff_till); if (attr_chain_item == NULL) { Py_DECREF(attr_chain); Py_DECREF(attr); @@ -456,9 +601,8 @@ attrgetter_new(PyTypeObject *type, PyObject *args, PyObject *kwds) } /* now add the last dotless name */ - attr_chain_item = PyUnicode_FromUnicode( - item_buffer + unibuff_from, - item_len - unibuff_from); + attr_chain_item = PyUnicode_Substring(item, + unibuff_from, item_len); if (attr_chain_item == NULL) { Py_DECREF(attr_chain); Py_DECREF(attr); |