From 64117e059b79236c7345bc9afc1cc707162411de Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Thu, 12 Sep 2019 13:46:37 +0200 Subject: bpo-38134: Remove PKBDF2_HMAC_fast from _hashopenssl (GH-16028) Signed-off-by: Christian Heimes --- .../2019-09-12-13-18-55.bpo-38134.gXJTbP.rst | 2 + Modules/_hashopenssl.c | 114 --------------------- Modules/clinic/_hashopenssl.c.h | 10 +- 3 files changed, 3 insertions(+), 123 deletions(-) create mode 100644 Misc/NEWS.d/next/Library/2019-09-12-13-18-55.bpo-38134.gXJTbP.rst diff --git a/Misc/NEWS.d/next/Library/2019-09-12-13-18-55.bpo-38134.gXJTbP.rst b/Misc/NEWS.d/next/Library/2019-09-12-13-18-55.bpo-38134.gXJTbP.rst new file mode 100644 index 0000000..fc134c2 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2019-09-12-13-18-55.bpo-38134.gXJTbP.rst @@ -0,0 +1,2 @@ +Remove obsolete copy of PBKDF2_HMAC_fast. All supported OpenSSL versions +contain a fast implementation. diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c index a806241..5e76853 100644 --- a/Modules/_hashopenssl.c +++ b/Modules/_hashopenssl.c @@ -28,18 +28,6 @@ #define MUNCH_SIZE INT_MAX -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) -/* OpenSSL < 1.1.0 */ -#define EVP_MD_CTX_new EVP_MD_CTX_create -#define EVP_MD_CTX_free EVP_MD_CTX_destroy -#define HAS_FAST_PKCS5_PBKDF2_HMAC 0 -#include -#else -/* OpenSSL >= 1.1.0 */ -#define HAS_FAST_PKCS5_PBKDF2_HMAC 1 -#endif - - typedef struct { PyObject_HEAD PyObject *name; /* name of this hash algorithm */ @@ -481,97 +469,6 @@ EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj) return ret_obj; } -#if (OPENSSL_VERSION_NUMBER >= 0x10000000 && !defined(OPENSSL_NO_HMAC) \ - && !defined(OPENSSL_NO_SHA)) - -#define PY_PBKDF2_HMAC 1 - -#if !HAS_FAST_PKCS5_PBKDF2_HMAC -/* Improved implementation of PKCS5_PBKDF2_HMAC() - * - * PKCS5_PBKDF2_HMAC_fast() hashes the password exactly one time instead of - * `iter` times. Today (2013) the iteration count is typically 100,000 or - * more. The improved algorithm is not subject to a Denial-of-Service - * vulnerability with overly large passwords. - * - * Also OpenSSL < 1.0 don't provide PKCS5_PBKDF2_HMAC(), only - * PKCS5_PBKDF2_SHA1. - */ -static int -PKCS5_PBKDF2_HMAC_fast(const char *pass, int passlen, - const unsigned char *salt, int saltlen, - int iter, const EVP_MD *digest, - int keylen, unsigned char *out) -{ - unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; - int cplen, j, k, tkeylen, mdlen; - unsigned long i = 1; - HMAC_CTX hctx_tpl, hctx; - - mdlen = EVP_MD_size(digest); - if (mdlen < 0) - return 0; - - HMAC_CTX_init(&hctx_tpl); - HMAC_CTX_init(&hctx); - p = out; - tkeylen = keylen; - if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) { - HMAC_CTX_cleanup(&hctx_tpl); - return 0; - } - while (tkeylen) { - if (tkeylen > mdlen) - cplen = mdlen; - else - cplen = tkeylen; - /* We are unlikely to ever use more than 256 blocks (5120 bits!) - * but just in case... - */ - itmp[0] = (unsigned char)((i >> 24) & 0xff); - itmp[1] = (unsigned char)((i >> 16) & 0xff); - itmp[2] = (unsigned char)((i >> 8) & 0xff); - itmp[3] = (unsigned char)(i & 0xff); - if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { - HMAC_CTX_cleanup(&hctx_tpl); - return 0; - } - if (!HMAC_Update(&hctx, salt, saltlen) - || !HMAC_Update(&hctx, itmp, 4) - || !HMAC_Final(&hctx, digtmp, NULL)) { - HMAC_CTX_cleanup(&hctx_tpl); - HMAC_CTX_cleanup(&hctx); - return 0; - } - HMAC_CTX_cleanup(&hctx); - memcpy(p, digtmp, cplen); - for (j = 1; j < iter; j++) { - if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { - HMAC_CTX_cleanup(&hctx_tpl); - return 0; - } - if (!HMAC_Update(&hctx, digtmp, mdlen) - || !HMAC_Final(&hctx, digtmp, NULL)) { - HMAC_CTX_cleanup(&hctx_tpl); - HMAC_CTX_cleanup(&hctx); - return 0; - } - HMAC_CTX_cleanup(&hctx); - for (k = 0; k < cplen; k++) { - p[k] ^= digtmp[k]; - } - } - tkeylen-= cplen; - i++; - p+= cplen; - } - HMAC_CTX_cleanup(&hctx_tpl); - return 1; -} -#endif - - - /*[clinic input] _hashlib.pbkdf2_hmac as pbkdf2_hmac @@ -652,17 +549,10 @@ pbkdf2_hmac_impl(PyObject *module, const char *hash_name, key = PyBytes_AS_STRING(key_obj); Py_BEGIN_ALLOW_THREADS -#if HAS_FAST_PKCS5_PBKDF2_HMAC retval = PKCS5_PBKDF2_HMAC((char*)password->buf, (int)password->len, (unsigned char *)salt->buf, (int)salt->len, iterations, digest, dklen, (unsigned char *)key); -#else - retval = PKCS5_PBKDF2_HMAC_fast((char*)password->buf, (int)password->len, - (unsigned char *)salt->buf, (int)salt->len, - iterations, digest, dklen, - (unsigned char *)key); -#endif Py_END_ALLOW_THREADS if (!retval) { @@ -675,8 +565,6 @@ pbkdf2_hmac_impl(PyObject *module, const char *hash_name, return key_obj; } -#endif - #if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_SCRYPT) && !defined(LIBRESSL_VERSION_NUMBER) #define PY_SCRYPT 1 @@ -986,9 +874,7 @@ GEN_CONSTRUCTOR(sha512) static struct PyMethodDef EVP_functions[] = { EVP_NEW_METHODDEF -#ifdef PY_PBKDF2_HMAC PBKDF2_HMAC_METHODDEF -#endif _HASHLIB_SCRYPT_METHODDEF _HASHLIB_HMAC_DIGEST_METHODDEF CONSTRUCTOR_METH_DEF(md5), diff --git a/Modules/clinic/_hashopenssl.c.h b/Modules/clinic/_hashopenssl.c.h index 6377e18..854d925 100644 --- a/Modules/clinic/_hashopenssl.c.h +++ b/Modules/clinic/_hashopenssl.c.h @@ -109,8 +109,6 @@ exit: return return_value; } -#if ((OPENSSL_VERSION_NUMBER >= 0x10000000 && !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA))) - PyDoc_STRVAR(pbkdf2_hmac__doc__, "pbkdf2_hmac($module, /, hash_name, password, salt, iterations,\n" " dklen=None)\n" @@ -200,8 +198,6 @@ exit: return return_value; } -#endif /* ((OPENSSL_VERSION_NUMBER >= 0x10000000 && !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA))) */ - #if (OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_SCRYPT) && !defined(LIBRESSL_VERSION_NUMBER)) PyDoc_STRVAR(_hashlib_scrypt__doc__, @@ -402,11 +398,7 @@ exit: return return_value; } -#ifndef PBKDF2_HMAC_METHODDEF - #define PBKDF2_HMAC_METHODDEF -#endif /* !defined(PBKDF2_HMAC_METHODDEF) */ - #ifndef _HASHLIB_SCRYPT_METHODDEF #define _HASHLIB_SCRYPT_METHODDEF #endif /* !defined(_HASHLIB_SCRYPT_METHODDEF) */ -/*[clinic end generated code: output=565dcbe3452e71f4 input=a9049054013a1b77]*/ +/*[clinic end generated code: output=cfe686cb2fa042e1 input=a9049054013a1b77]*/ -- cgit v0.12