1 /* Module that wraps all OpenSSL hash algorithms */
4 * Copyright (C) 2005-2010 Gregory P. Smith (greg@krypto.org)
5 * Licensed to PSF under a Contributor Agreement.
7 * Derived from a skeleton of shamodule.c containing work performed by:
9 * Andrew Kuchling (amk@amk.ca)
10 * Greg Stein (gstein@lyra.org)
14 #define PY_SSIZE_T_CLEAN
17 #include "structmember.h"
21 #define ENTER_HASHLIB(obj) \
23 if (!PyThread_acquire_lock((obj)->lock, 0)) { \
24 Py_BEGIN_ALLOW_THREADS \
25 PyThread_acquire_lock((obj)->lock, 1); \
26 Py_END_ALLOW_THREADS \
29 #define LEAVE_HASHLIB(obj) \
31 PyThread_release_lock((obj)->lock); \
34 #define ENTER_HASHLIB(obj)
35 #define LEAVE_HASHLIB(obj)
38 /* EVP is the preferred interface to hashing in OpenSSL */
39 #include <openssl/evp.h>
41 #define MUNCH_SIZE INT_MAX
43 /* TODO(gps): We should probably make this a module or EVPobject attribute
44 * to allow the user to optimize based on the platform they're using. */
45 #define HASHLIB_GIL_MINSIZE 2048
47 #ifndef HASH_OBJ_CONSTRUCTOR
48 #define HASH_OBJ_CONSTRUCTOR 0
51 /* Minimum OpenSSL version needed to support sha224 and higher. */
52 #if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x00908000)
53 #define _OPENSSL_SUPPORTS_SHA2
58 PyObject
*name
; /* name of this hash algorithm */
59 EVP_MD_CTX ctx
; /* OpenSSL message digest context */
61 PyThread_type_lock lock
; /* OpenSSL context lock */
66 static PyTypeObject EVPtype
;
69 #define DEFINE_CONSTS_FOR_NEW(Name) \
70 static PyObject *CONST_ ## Name ## _name_obj; \
71 static EVP_MD_CTX CONST_new_ ## Name ## _ctx; \
72 static EVP_MD_CTX *CONST_new_ ## Name ## _ctx_p = NULL;
74 DEFINE_CONSTS_FOR_NEW(md5
)
75 DEFINE_CONSTS_FOR_NEW(sha1
)
76 #ifdef _OPENSSL_SUPPORTS_SHA2
77 DEFINE_CONSTS_FOR_NEW(sha224
)
78 DEFINE_CONSTS_FOR_NEW(sha256
)
79 DEFINE_CONSTS_FOR_NEW(sha384
)
80 DEFINE_CONSTS_FOR_NEW(sha512
)
85 newEVPobject(PyObject
*name
)
87 EVPobject
*retval
= (EVPobject
*)PyObject_New(EVPobject
, &EVPtype
);
89 /* save the name for .name to return */
102 EVP_hash(EVPobject
*self
, const void *vp
, Py_ssize_t len
)
104 unsigned int process
;
105 const unsigned char *cp
= (const unsigned char *)vp
;
108 if (len
> (Py_ssize_t
)MUNCH_SIZE
)
109 process
= MUNCH_SIZE
;
111 process
= Py_SAFE_DOWNCAST(len
, Py_ssize_t
, unsigned int);
112 EVP_DigestUpdate(&self
->ctx
, (const void*)cp
, process
);
118 /* Internal methods for a hash object */
121 EVP_dealloc(EVPobject
*self
)
124 if (self
->lock
!= NULL
)
125 PyThread_free_lock(self
->lock
);
127 EVP_MD_CTX_cleanup(&self
->ctx
);
128 Py_XDECREF(self
->name
);
132 static void locked_EVP_MD_CTX_copy(EVP_MD_CTX
*new_ctx_p
, EVPobject
*self
)
135 EVP_MD_CTX_copy(new_ctx_p
, &self
->ctx
);
139 /* External methods for a hash object */
141 PyDoc_STRVAR(EVP_copy__doc__
, "Return a copy of the hash object.");
145 EVP_copy(EVPobject
*self
, PyObject
*unused
)
149 if ( (newobj
= newEVPobject(self
->name
))==NULL
)
152 locked_EVP_MD_CTX_copy(&newobj
->ctx
, self
);
153 return (PyObject
*)newobj
;
156 PyDoc_STRVAR(EVP_digest__doc__
,
157 "Return the digest value as a string of binary data.");
160 EVP_digest(EVPobject
*self
, PyObject
*unused
)
162 unsigned char digest
[EVP_MAX_MD_SIZE
];
165 unsigned int digest_size
;
167 locked_EVP_MD_CTX_copy(&temp_ctx
, self
);
168 digest_size
= EVP_MD_CTX_size(&temp_ctx
);
169 EVP_DigestFinal(&temp_ctx
, digest
, NULL
);
171 retval
= PyString_FromStringAndSize((const char *)digest
, digest_size
);
172 EVP_MD_CTX_cleanup(&temp_ctx
);
176 PyDoc_STRVAR(EVP_hexdigest__doc__
,
177 "Return the digest value as a string of hexadecimal digits.");
180 EVP_hexdigest(EVPobject
*self
, PyObject
*unused
)
182 unsigned char digest
[EVP_MAX_MD_SIZE
];
186 unsigned int i
, j
, digest_size
;
188 /* Get the raw (binary) digest value */
189 locked_EVP_MD_CTX_copy(&temp_ctx
, self
);
190 digest_size
= EVP_MD_CTX_size(&temp_ctx
);
191 EVP_DigestFinal(&temp_ctx
, digest
, NULL
);
193 EVP_MD_CTX_cleanup(&temp_ctx
);
195 /* Create a new string */
196 /* NOTE: not thread safe! modifying an already created string object */
197 /* (not a problem because we hold the GIL by default) */
198 retval
= PyString_FromStringAndSize(NULL
, digest_size
* 2);
201 hex_digest
= PyString_AsString(retval
);
207 /* Make hex version of the digest */
208 for(i
=j
=0; i
<digest_size
; i
++) {
210 c
= (digest
[i
] >> 4) & 0xf;
211 c
= (c
>9) ? c
+'a'-10 : c
+ '0';
213 c
= (digest
[i
] & 0xf);
214 c
= (c
>9) ? c
+'a'-10 : c
+ '0';
220 PyDoc_STRVAR(EVP_update__doc__
,
221 "Update this hash object's state with the provided string.");
224 EVP_update(EVPobject
*self
, PyObject
*args
)
228 if (!PyArg_ParseTuple(args
, "s*:update", &view
))
232 if (self
->lock
== NULL
&& view
.len
>= HASHLIB_GIL_MINSIZE
) {
233 self
->lock
= PyThread_allocate_lock();
234 /* fail? lock = NULL and we fail over to non-threaded code. */
237 if (self
->lock
!= NULL
) {
238 Py_BEGIN_ALLOW_THREADS
239 PyThread_acquire_lock(self
->lock
, 1);
240 EVP_hash(self
, view
.buf
, view
.len
);
241 PyThread_release_lock(self
->lock
);
247 EVP_hash(self
, view
.buf
, view
.len
);
250 PyBuffer_Release(&view
);
255 static PyMethodDef EVP_methods
[] = {
256 {"update", (PyCFunction
)EVP_update
, METH_VARARGS
, EVP_update__doc__
},
257 {"digest", (PyCFunction
)EVP_digest
, METH_NOARGS
, EVP_digest__doc__
},
258 {"hexdigest", (PyCFunction
)EVP_hexdigest
, METH_NOARGS
, EVP_hexdigest__doc__
},
259 {"copy", (PyCFunction
)EVP_copy
, METH_NOARGS
, EVP_copy__doc__
},
260 {NULL
, NULL
} /* sentinel */
264 EVP_get_block_size(EVPobject
*self
, void *closure
)
267 block_size
= EVP_MD_CTX_block_size(&self
->ctx
);
268 return PyLong_FromLong(block_size
);
272 EVP_get_digest_size(EVPobject
*self
, void *closure
)
275 size
= EVP_MD_CTX_size(&self
->ctx
);
276 return PyLong_FromLong(size
);
279 static PyMemberDef EVP_members
[] = {
280 {"name", T_OBJECT
, offsetof(EVPobject
, name
), READONLY
, PyDoc_STR("algorithm name.")},
281 {NULL
} /* Sentinel */
284 static PyGetSetDef EVP_getseters
[] = {
286 (getter
)EVP_get_digest_size
, NULL
,
290 (getter
)EVP_get_block_size
, NULL
,
293 /* the old md5 and sha modules support 'digest_size' as in PEP 247.
294 * the old sha module also supported 'digestsize'. ugh. */
296 (getter
)EVP_get_digest_size
, NULL
,
299 {NULL
} /* Sentinel */
304 EVP_repr(PyObject
*self
)
307 PyOS_snprintf(buf
, sizeof(buf
), "<%s HASH object @ %p>",
308 PyString_AsString(((EVPobject
*)self
)->name
), self
);
309 return PyString_FromString(buf
);
312 #if HASH_OBJ_CONSTRUCTOR
314 EVP_tp_init(EVPobject
*self
, PyObject
*args
, PyObject
*kwds
)
316 static char *kwlist
[] = {"name", "string", NULL
};
317 PyObject
*name_obj
= NULL
;
318 Py_buffer view
= { 0 };
320 const EVP_MD
*digest
;
322 if (!PyArg_ParseTupleAndKeywords(args
, kwds
, "O|s*:HASH", kwlist
,
327 if (!PyArg_Parse(name_obj
, "s", &nameStr
)) {
328 PyErr_SetString(PyExc_TypeError
, "name must be a string");
329 PyBuffer_Release(&view
);
333 digest
= EVP_get_digestbyname(nameStr
);
335 PyErr_SetString(PyExc_ValueError
, "unknown hash function");
336 PyBuffer_Release(&view
);
339 EVP_DigestInit(&self
->ctx
, digest
);
341 self
->name
= name_obj
;
342 Py_INCREF(self
->name
);
345 if (view
.len
>= HASHLIB_GIL_MINSIZE
) {
346 Py_BEGIN_ALLOW_THREADS
347 EVP_hash(self
, view
.buf
, view
.len
);
350 EVP_hash(self
, view
.buf
, view
.len
);
352 PyBuffer_Release(&view
);
360 PyDoc_STRVAR(hashtype_doc
,
361 "A hash represents the object used to calculate a checksum of a\n\
362 string of information.\n\
366 update() -- updates the current digest with an additional string\n\
367 digest() -- return the current digest value\n\
368 hexdigest() -- return the current digest as a string of hexadecimal digits\n\
369 copy() -- return a copy of the current hash object\n\
373 name -- the hash algorithm being used by this object\n\
374 digest_size -- number of bytes in this hashes output\n");
376 static PyTypeObject EVPtype
= {
377 PyVarObject_HEAD_INIT(NULL
, 0)
378 "_hashlib.HASH", /*tp_name*/
379 sizeof(EVPobject
), /*tp_basicsize*/
382 (destructor
)EVP_dealloc
, /*tp_dealloc*/
387 EVP_repr
, /*tp_repr*/
389 0, /*tp_as_sequence*/
397 Py_TPFLAGS_DEFAULT
| Py_TPFLAGS_BASETYPE
, /*tp_flags*/
398 hashtype_doc
, /*tp_doc*/
401 0, /*tp_richcompare*/
402 0, /*tp_weaklistoffset*/
405 EVP_methods
, /* tp_methods */
406 EVP_members
, /* tp_members */
407 EVP_getseters
, /* tp_getset */
411 0, /* tp_descr_get */
412 0, /* tp_descr_set */
413 0, /* tp_dictoffset */
415 #if HASH_OBJ_CONSTRUCTOR
416 (initproc
)EVP_tp_init
, /* tp_init */
421 EVPnew(PyObject
*name_obj
,
422 const EVP_MD
*digest
, const EVP_MD_CTX
*initial_ctx
,
423 const unsigned char *cp
, Py_ssize_t len
)
427 if (!digest
&& !initial_ctx
) {
428 PyErr_SetString(PyExc_ValueError
, "unsupported hash type");
432 if ((self
= newEVPobject(name_obj
)) == NULL
)
436 EVP_MD_CTX_copy(&self
->ctx
, initial_ctx
);
438 EVP_DigestInit(&self
->ctx
, digest
);
442 if (len
>= HASHLIB_GIL_MINSIZE
) {
443 Py_BEGIN_ALLOW_THREADS
444 EVP_hash(self
, cp
, len
);
447 EVP_hash(self
, cp
, len
);
451 return (PyObject
*)self
;
455 /* The module-level function: new() */
457 PyDoc_STRVAR(EVP_new__doc__
,
458 "Return a new hash object using the named algorithm.\n\
459 An optional string argument may be provided and will be\n\
460 automatically hashed.\n\
462 The MD5 and SHA1 algorithms are always supported.\n");
465 EVP_new(PyObject
*self
, PyObject
*args
, PyObject
*kwdict
)
467 static char *kwlist
[] = {"name", "string", NULL
};
468 PyObject
*name_obj
= NULL
;
469 Py_buffer view
= { 0 };
472 const EVP_MD
*digest
;
474 if (!PyArg_ParseTupleAndKeywords(args
, kwdict
, "O|s*:new", kwlist
,
479 if (!PyArg_Parse(name_obj
, "s", &name
)) {
480 PyErr_SetString(PyExc_TypeError
, "name must be a string");
484 digest
= EVP_get_digestbyname(name
);
486 ret_obj
= EVPnew(name_obj
, digest
, NULL
, (unsigned char*)view
.buf
,
488 PyBuffer_Release(&view
);
494 * This macro generates constructor function definitions for specific
495 * hash algorithms. These constructors are much faster than calling
496 * the generic one passing it a python string and are noticably
497 * faster than calling a python new() wrapper. Thats important for
498 * code that wants to make hashes of a bunch of small strings.
500 #define GEN_CONSTRUCTOR(NAME) \
502 EVP_new_ ## NAME (PyObject *self, PyObject *args) \
504 Py_buffer view = { 0 }; \
507 if (!PyArg_ParseTuple(args, "|s*:" #NAME , &view)) { \
512 CONST_ ## NAME ## _name_obj, \
514 CONST_new_ ## NAME ## _ctx_p, \
515 (unsigned char*)view.buf, view.len); \
516 PyBuffer_Release(&view); \
520 /* a PyMethodDef structure for the constructor */
521 #define CONSTRUCTOR_METH_DEF(NAME) \
522 {"openssl_" #NAME, (PyCFunction)EVP_new_ ## NAME, METH_VARARGS, \
523 PyDoc_STR("Returns a " #NAME \
524 " hash object; optionally initialized with a string") \
527 /* used in the init function to setup a constructor */
528 #define INIT_CONSTRUCTOR_CONSTANTS(NAME) do { \
529 CONST_ ## NAME ## _name_obj = PyString_FromString(#NAME); \
530 if (EVP_get_digestbyname(#NAME)) { \
531 CONST_new_ ## NAME ## _ctx_p = &CONST_new_ ## NAME ## _ctx; \
532 EVP_DigestInit(CONST_new_ ## NAME ## _ctx_p, EVP_get_digestbyname(#NAME)); \
537 GEN_CONSTRUCTOR(sha1
)
538 #ifdef _OPENSSL_SUPPORTS_SHA2
539 GEN_CONSTRUCTOR(sha224
)
540 GEN_CONSTRUCTOR(sha256
)
541 GEN_CONSTRUCTOR(sha384
)
542 GEN_CONSTRUCTOR(sha512
)
545 /* List of functions exported by this module */
547 static struct PyMethodDef EVP_functions
[] = {
548 {"new", (PyCFunction
)EVP_new
, METH_VARARGS
|METH_KEYWORDS
, EVP_new__doc__
},
549 CONSTRUCTOR_METH_DEF(md5
),
550 CONSTRUCTOR_METH_DEF(sha1
),
551 #ifdef _OPENSSL_SUPPORTS_SHA2
552 CONSTRUCTOR_METH_DEF(sha224
),
553 CONSTRUCTOR_METH_DEF(sha256
),
554 CONSTRUCTOR_METH_DEF(sha384
),
555 CONSTRUCTOR_METH_DEF(sha512
),
557 {NULL
, NULL
} /* Sentinel */
561 /* Initialize this module. */
568 OpenSSL_add_all_digests();
570 /* TODO build EVP_functions openssl_* entries dynamically based
571 * on what hashes are supported rather than listing many
572 * but having some be unsupported. Only init appropriate
575 Py_TYPE(&EVPtype
) = &PyType_Type
;
576 if (PyType_Ready(&EVPtype
) < 0)
579 m
= Py_InitModule("_hashlib", EVP_functions
);
583 #if HASH_OBJ_CONSTRUCTOR
585 PyModule_AddObject(m
, "HASH", (PyObject
*)&EVPtype
);
588 /* these constants are used by the convenience constructors */
589 INIT_CONSTRUCTOR_CONSTANTS(md5
);
590 INIT_CONSTRUCTOR_CONSTANTS(sha1
);
591 #ifdef _OPENSSL_SUPPORTS_SHA2
592 INIT_CONSTRUCTOR_CONSTANTS(sha224
);
593 INIT_CONSTRUCTOR_CONSTANTS(sha256
);
594 INIT_CONSTRUCTOR_CONSTANTS(sha384
);
595 INIT_CONSTRUCTOR_CONSTANTS(sha512
);