_hashopenssl.c source code [python/Modules/_hashopenssl.c]

1	/ Module that wraps all OpenSSL hash algorithms /
2
3	/*
4	* Copyright (C) 2005-2010 Gregory P. Smith ([email protected])
5	* Licensed to PSF under a Contributor Agreement.
6	*
7	* Derived from a skeleton of shamodule.c containing work performed by:
8	*
9	* Andrew Kuchling ([email protected])
10	* Greg Stein ([email protected])
11	*
12	*/
13
14	/ Don't warn about deprecated functions, /
15	#ifndef OPENSSL_API_COMPAT
16	// 0x10101000L == 1.1.1, 30000 == 3.0.0
17	#define OPENSSL_API_COMPAT 0x10101000L
18	#endif
19	#define OPENSSL_NO_DEPRECATED 1
20
21	#ifndef Py_BUILD_CORE_BUILTIN
22	# define Py_BUILD_CORE_MODULE 1
23	#endif
24
25	#define PY_SSIZE_T_CLEAN
26
27	#include "Python.h"
28	#include "pycore_hashtable.h"
29	#include "hashlib.h"
30	#include "pystrhex.h"
31
32	/ EVP is the preferred interface to hashing in OpenSSL /
33	#include <openssl/evp.h>
34	#include <openssl/hmac.h>
35	#include <openssl/crypto.h>
36	/ We use the object interface to discover what hashes OpenSSL supports. /
37	#include <openssl/objects.h>
38	#include <openssl/err.h>
39
40	#include <openssl/crypto.h> // FIPS_mode()
41
42	#ifndef OPENSSL_THREADS
43	# error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL"
44	#endif
45
46	#define MUNCH_SIZE INT_MAX
47
48	#define PY_OPENSSL_HAS_SCRYPT 1
49	#define PY_OPENSSL_HAS_SHA3 1
50	#define PY_OPENSSL_HAS_SHAKE 1
51	#define PY_OPENSSL_HAS_BLAKE2 1
52
53	#if OPENSSL_VERSION_NUMBER >= 0x30000000L
54	#define PY_EVP_MD EVP_MD
55	#define PY_EVP_MD_fetch(algorithm, properties) EVP_MD_fetch(NULL, algorithm, properties)
56	#define PY_EVP_MD_up_ref(md) EVP_MD_up_ref(md)
57	#define PY_EVP_MD_free(md) EVP_MD_free(md)
58	#else
59	#define PY_EVP_MD const EVP_MD
60	#define PY_EVP_MD_fetch(algorithm, properties) EVP_get_digestbyname(algorithm)
61	#define PY_EVP_MD_up_ref(md) do {} while(0)
62	#define PY_EVP_MD_free(md) do {} while(0)
63	#endif
64
65	/ hash alias map and fast lookup*
66	*
67	* Map between Python's preferred names and OpenSSL internal names. Maintain
68	* cache of fetched EVP MD objects. The EVP_get_digestbyname() and
69	* EVP_MD_fetch() API calls have a performance impact.
70	*
71	* The py_hashentry_t items are stored in a _Py_hashtable_t with py_name and
72	* py_alias as keys.
73	*/
74
75	enum Py_hash_type {
76	Py_ht_evp, // usedforsecurity=True / default
77	Py_ht_evp_nosecurity, // usedforsecurity=False
78	Py_ht_mac, // HMAC
79	Py_ht_pbkdf2, // PKBDF2
80	};
81
82	typedef struct {
83	const char *py_name;
84	const char *py_alias;
85	const char *ossl_name;
86	int ossl_nid;
87	int refcnt;
88	PY_EVP_MD *evp;
89	PY_EVP_MD *evp_nosecurity;
90	} py_hashentry_t;
91
92	#define Py_hash_md5 "md5"
93	#define Py_hash_sha1 "sha1"
94	#define Py_hash_sha224 "sha224"
95	#define Py_hash_sha256 "sha256"
96	#define Py_hash_sha384 "sha384"
97	#define Py_hash_sha512 "sha512"
98	#define Py_hash_sha512_224 "sha512_224"
99	#define Py_hash_sha512_256 "sha512_256"
100	#define Py_hash_sha3_224 "sha3_224"
101	#define Py_hash_sha3_256 "sha3_256"
102	#define Py_hash_sha3_384 "sha3_384"
103	#define Py_hash_sha3_512 "sha3_512"
104	#define Py_hash_shake_128 "shake_128"
105	#define Py_hash_shake_256 "shake_256"
106	#define Py_hash_blake2s "blake2s"
107	#define Py_hash_blake2b "blake2b"
108
109	#define PY_HASH_ENTRY(py_name, py_alias, ossl_name, ossl_nid) \
110	{py_name, py_alias, ossl_name, ossl_nid, 0, NULL, NULL}
111
112	static const py_hashentry_t py_hashes[] = {
113	/ md5 /
114	PY_HASH_ENTRY(Py_hash_md5, "MD5", SN_md5, NID_md5),
115	/ sha1 /
116	PY_HASH_ENTRY(Py_hash_sha1, "SHA1", SN_sha1, NID_sha1),
117	/ sha2 family /
118	PY_HASH_ENTRY(Py_hash_sha224, "SHA224", SN_sha224, NID_sha224),
119	PY_HASH_ENTRY(Py_hash_sha256, "SHA256", SN_sha256, NID_sha256),
120	PY_HASH_ENTRY(Py_hash_sha384, "SHA384", SN_sha384, NID_sha384),
121	PY_HASH_ENTRY(Py_hash_sha512, "SHA512", SN_sha512, NID_sha512),
122	/ truncated sha2 /
123	PY_HASH_ENTRY(Py_hash_sha512_224, "SHA512_224", SN_sha512_224, NID_sha512_224),
124	PY_HASH_ENTRY(Py_hash_sha512_256, "SHA512_256", SN_sha512_256, NID_sha512_256),
125	/ sha3 /
126	PY_HASH_ENTRY(Py_hash_sha3_224, NULL, SN_sha3_224, NID_sha3_224),
127	PY_HASH_ENTRY(Py_hash_sha3_256, NULL, SN_sha3_256, NID_sha3_256),
128	PY_HASH_ENTRY(Py_hash_sha3_384, NULL, SN_sha3_384, NID_sha3_384),
129	PY_HASH_ENTRY(Py_hash_sha3_512, NULL, SN_sha3_512, NID_sha3_512),
130	/ sha3 shake /
131	PY_HASH_ENTRY(Py_hash_shake_128, NULL, SN_shake128, NID_shake128),
132	PY_HASH_ENTRY(Py_hash_shake_256, NULL, SN_shake256, NID_shake256),
133	/ blake2 digest /
134	PY_HASH_ENTRY(Py_hash_blake2s, "blake2s256", SN_blake2s256, NID_blake2s256),
135	PY_HASH_ENTRY(Py_hash_blake2b, "blake2b512", SN_blake2b512, NID_blake2b512),
136	PY_HASH_ENTRY(NULL, NULL, NULL, `0`),
137	};
138
139	static Py_uhash_t
140	py_hashentry_t_hash_name(const void *key) {
141	return _Py_HashBytes(key, strlen((const char *)key));
142	}
143
144	static int
145	py_hashentry_t_compare_name(const void key1, const* void *key2) {
146	return strcmp((const char )key1, (const* char *)key2) == `0`;
147	}
148
149	static void
150	py_hashentry_t_destroy_value(void *entry) {
151	py_hashentry_t h = (py_hashentry_t )entry;
152	if (--(h->refcnt) == `0`) {
153	if (h->evp != NULL) {
154	PY_EVP_MD_free(h->evp);
155	h->evp = NULL;
156	}
157	if (h->evp_nosecurity != NULL) {
158	PY_EVP_MD_free(h->evp_nosecurity);
159	h->evp_nosecurity = NULL;
160	}
161	PyMem_Free(entry);
162	}
163	}
164
165	static _Py_hashtable_t *
166	py_hashentry_table_new(void) {
167	_Py_hashtable_t *ht = _Py_hashtable_new_full(
168	py_hashentry_t_hash_name,
169	py_hashentry_t_compare_name,
170	NULL,
171	py_hashentry_t_destroy_value,
172	NULL
173	);
174	if (ht == NULL) {
175	return NULL;
176	}
177
178	for (const py_hashentry_t *h = py_hashes; h->py_name != NULL; h++) {
179	py_hashentry_t entry = (py_hashentry_t )PyMem_Malloc(sizeof(py_hashentry_t));
180	if (entry == NULL) {
181	goto error;
182	}
183	memcpy(entry, h, sizeof(py_hashentry_t));
184
185	if (_Py_hashtable_set(ht, (const void)entry->py_name, (void**)entry) < `0`) {
186	PyMem_Free(entry);
187	goto error;
188	}
189	entry->refcnt = `1`;
190
191	if (h->py_alias != NULL) {
192	if (_Py_hashtable_set(ht, (const void)entry->py_alias, (void**)entry) < `0`) {
193	PyMem_Free(entry);
194	goto error;
195	}
196	entry->refcnt++;
197	}
198	}
199
200	return ht;
201	error:
202	_Py_hashtable_destroy(ht);
203	return NULL;
204	}
205
206	/ Module state /
207	static PyModuleDef _hashlibmodule;
208
209	typedef struct {
210	PyTypeObject *EVPtype;
211	PyTypeObject *HMACtype;
212	#ifdef PY_OPENSSL_HAS_SHAKE
213	PyTypeObject *EVPXOFtype;
214	#endif
215	PyObject *constructs;
216	PyObject *unsupported_digestmod_error;
217	_Py_hashtable_t *hashtable;
218	} _hashlibstate;
219
220	static inline _hashlibstate*
221	get_hashlib_state(PyObject *module)
222	{
223	void *state = PyModule_GetState(module);
224	assert(state != NULL);
225	return (_hashlibstate *)state;
226	}
227
228	typedef struct {
229	PyObject_HEAD
230	EVP_MD_CTX ctx; /* OpenSSL message digest context /
231	PyThread_type_lock lock; / OpenSSL context lock /
232	} EVPobject;
233
234	typedef struct {
235	PyObject_HEAD
236	HMAC_CTX ctx; /* OpenSSL hmac context /
237	PyThread_type_lock lock; / HMAC context lock /
238	} HMACobject;
239
240	#include "clinic/_hashopenssl.c.h"
241	/[clinic input]*
242	module _hashlib
243	class _hashlib.HASH "EVPobject " "((_hashlibstate )PyModule_GetState(module))->EVPtype"
244	class _hashlib.HASHXOF "EVPobject " "((_hashlibstate )PyModule_GetState(module))->EVPXOFtype"
245	class _hashlib.HMAC "HMACobject " "((_hashlibstate )PyModule_GetState(module))->HMACtype"
246	[clinic start generated code]/*
247	/[clinic end generated code: output=da39a3ee5e6b4b0d input=7df1bcf6f75cb8ef]/
248
249
250	/ LCOV_EXCL_START /
251	static PyObject *
252	_setException(PyObject exc, const* char* altmsg, ...)
253	{
254	unsigned long errcode = ERR_peek_last_error();
255	const char lib, func, *reason;
256	va_list vargs;
257
258	#ifdef HAVE_STDARG_PROTOTYPES
259	va_start(vargs, altmsg);
260	#else
261	va_start(vargs);
262	#endif
263	if (!errcode) {
264	if (altmsg == NULL) {
265	PyErr_SetString(exc, "no reason supplied");
266	} else {
267	PyErr_FormatV(exc, altmsg, vargs);
268	}
269	va_end(vargs);
270	return NULL;
271	}
272	va_end(vargs);
273	ERR_clear_error();
274
275	lib = ERR_lib_error_string(errcode);
276	func = ERR_func_error_string(errcode);
277	reason = ERR_reason_error_string(errcode);
278
279	if (lib && func) {
280	PyErr_Format(exc, "[%s: %s] %s", lib, func, reason);
281	}
282	else if (lib) {
283	PyErr_Format(exc, "[%s] %s", lib, reason);
284	}
285	else {
286	PyErr_SetString(exc, reason);
287	}
288	return NULL;
289	}
290	/ LCOV_EXCL_STOP /
291
292	static PyObject*
293	py_digest_name(const EVP_MD *md)
294	{
295	int nid = EVP_MD_nid(md);
296	const char *name = NULL;
297	const py_hashentry_t *h;
298
299	for (h = py_hashes; h->py_name != NULL; h++) {
300	if (h->ossl_nid == nid) {
301	name = h->py_name;
302	break;
303	}
304	}
305	if (name == NULL) {
306	/ Ignore aliased names and only use long, lowercase name. The aliases*
307	* pollute the list and OpenSSL appears to have its own definition of
308	* alias as the resulting list still contains duplicate and alternate
309	* names for several algorithms.
310	*/
311	name = OBJ_nid2ln(nid);
312	if (name == NULL)
313	name = OBJ_nid2sn(nid);
314	}
315
316	return PyUnicode_FromString(name);
317	}
318
319	/ Get EVP_MD by HID and purpose /
320	static PY_EVP_MD*
321	py_digest_by_name(PyObject module, const* char name, enum* Py_hash_type py_ht)
322	{
323	PY_EVP_MD *digest = NULL;
324	_hashlibstate *state = get_hashlib_state(module);
325	py_hashentry_t entry = (py_hashentry_t )_Py_hashtable_get(
326	state->hashtable, (const void*)name
327	);
328
329	if (entry != NULL) {
330	switch (py_ht) {
331	case Py_ht_evp:
332	case Py_ht_mac:
333	case Py_ht_pbkdf2:
334	if (entry->evp == NULL) {
335	entry->evp = PY_EVP_MD_fetch(entry->ossl_name, NULL);
336	}
337	digest = entry->evp;
338	break;
339	case Py_ht_evp_nosecurity:
340	if (entry->evp_nosecurity == NULL) {
341	entry->evp_nosecurity = PY_EVP_MD_fetch(entry->ossl_name, "-fips");
342	}
343	digest = entry->evp_nosecurity;
344	break;
345	}
346	if (digest != NULL) {
347	PY_EVP_MD_up_ref(digest);
348	}
349	} else {
350	// Fall back for looking up an unindexed OpenSSL specific name.
351	switch (py_ht) {
352	case Py_ht_evp:
353	case Py_ht_mac:
354	case Py_ht_pbkdf2:
355	digest = PY_EVP_MD_fetch(name, NULL);
356	break;
357	case Py_ht_evp_nosecurity:
358	digest = PY_EVP_MD_fetch(name, "-fips");
359	break;
360	}
361	}
362	if (digest == NULL) {
363	_setException(PyExc_ValueError, "unsupported hash type %s", name);
364	return NULL;
365	}
366	return digest;
367	}
368
369	/ Get digest EVP from object*
370	*
371	* * string
372	* * _hashopenssl builtin function
373	*
374	* on error returns NULL with exception set.
375	*/
376	static PY_EVP_MD*
377	py_digest_by_digestmod(PyObject module, PyObject digestmod, enum Py_hash_type py_ht) {
378	PY_EVP_MD* evp;
379	PyObject *name_obj = NULL;
380	const char *name;
381
382	if (PyUnicode_Check(digestmod)) {
383	name_obj = digestmod;
384	} else {
385	_hashlibstate *state = get_hashlib_state(module);
386	// borrowed ref
387	name_obj = PyDict_GetItem(state->constructs, digestmod);
388	}
389	if (name_obj == NULL) {
390	_hashlibstate *state = get_hashlib_state(module);
391	PyErr_Clear();
392	PyErr_Format(
393	state->unsupported_digestmod_error,
394	"Unsupported digestmod %R", digestmod);
395	return NULL;
396	}
397
398	name = PyUnicode_AsUTF8(name_obj);
399	if (name == NULL) {
400	return NULL;
401	}
402
403	evp = py_digest_by_name(module, name, py_ht);
404	if (evp == NULL) {
405	return NULL;
406	}
407
408	return evp;
409	}
410
411	static EVPobject *
412	newEVPobject(PyTypeObject *type)
413	{
414	EVPobject retval = (EVPobject )PyObject_New(EVPobject, type);
415	if (retval == NULL) {
416	return NULL;
417	}
418
419	retval->lock = NULL;
420
421	retval->ctx = EVP_MD_CTX_new();
422	if (retval->ctx == NULL) {
423	Py_DECREF(retval);
424	PyErr_NoMemory();
425	return NULL;
426	}
427
428	return retval;
429	}
430
431	static int
432	EVP_hash(EVPobject self, const* void *vp, Py_ssize_t len)
433	{
434	unsigned int process;
435	const unsigned char cp = (const* unsigned char *)vp;
436	while (`0` < len) {
437	if (len > (Py_ssize_t)MUNCH_SIZE)
438	process = MUNCH_SIZE;
439	else
440	process = Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int);
441	if (!EVP_DigestUpdate(self->ctx, (const void*)cp, process)) {
442	_setException(PyExc_ValueError, NULL);
443	return -`1`;
444	}
445	len -= process;
446	cp += process;
447	}
448	return `0`;
449	}
450
451	/ Internal methods for a hash object /
452
453	static void
454	EVP_dealloc(EVPobject *self)
455	{
456	PyTypeObject *tp = Py_TYPE(self);
457	if (self->lock != NULL)
458	PyThread_free_lock(self->lock);
459	EVP_MD_CTX_free(self->ctx);
460	PyObject_Free(self);
461	Py_DECREF(tp);
462	}
463
464	static int
465	locked_EVP_MD_CTX_copy(EVP_MD_CTX new_ctx_p, EVPobject self)
466	{
467	int result;
468	ENTER_HASHLIB(self);
469	result = EVP_MD_CTX_copy(new_ctx_p, self->ctx);
470	LEAVE_HASHLIB(self);
471	return result;
472	}
473
474	/ External methods for a hash object /
475
476	/[clinic input]*
477	_hashlib.HASH.copy as EVP_copy
478
479	Return a copy of the hash object.
480	[clinic start generated code]/*
481
482	static PyObject *
483	EVP_copy_impl(EVPobject *self)
484	/[clinic end generated code: output=b370c21cdb8ca0b4 input=31455b6a3e638069]/
485	{
486	EVPobject *newobj;
487
488	if ((newobj = newEVPobject(Py_TYPE(self))) == NULL)
489	return NULL;
490
491	if (!locked_EVP_MD_CTX_copy(newobj->ctx, self)) {
492	Py_DECREF(newobj);
493	return _setException(PyExc_ValueError, NULL);
494	}
495	return (PyObject *)newobj;
496	}
497
498	/[clinic input]*
499	_hashlib.HASH.digest as EVP_digest
500
501	Return the digest value as a bytes object.
502	[clinic start generated code]/*
503
504	static PyObject *
505	EVP_digest_impl(EVPobject *self)
506	/[clinic end generated code: output=0f6a3a0da46dc12d input=03561809a419bf00]/
507	{
508	unsigned char digest[EVP_MAX_MD_SIZE];
509	EVP_MD_CTX *temp_ctx;
510	PyObject *retval;
511	unsigned int digest_size;
512
513	temp_ctx = EVP_MD_CTX_new();
514	if (temp_ctx == NULL) {
515	PyErr_NoMemory();
516	return NULL;
517	}
518
519	if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) {
520	return _setException(PyExc_ValueError, NULL);
521	}
522	digest_size = EVP_MD_CTX_size(temp_ctx);
523	if (!EVP_DigestFinal(temp_ctx, digest, NULL)) {
524	_setException(PyExc_ValueError, NULL);
525	return NULL;
526	}
527
528	retval = PyBytes_FromStringAndSize((const char *)digest, digest_size);
529	EVP_MD_CTX_free(temp_ctx);
530	return retval;
531	}
532
533	/[clinic input]*
534	_hashlib.HASH.hexdigest as EVP_hexdigest
535
536	Return the digest value as a string of hexadecimal digits.
537	[clinic start generated code]/*
538
539	static PyObject *
540	EVP_hexdigest_impl(EVPobject *self)
541	/[clinic end generated code: output=18e6decbaf197296 input=aff9cf0e4c741a9a]/
542	{
543	unsigned char digest[EVP_MAX_MD_SIZE];
544	EVP_MD_CTX *temp_ctx;
545	unsigned int digest_size;
546
547	temp_ctx = EVP_MD_CTX_new();
548	if (temp_ctx == NULL) {
549	PyErr_NoMemory();
550	return NULL;
551	}
552
553	/ Get the raw (binary) digest value /
554	if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) {
555	return _setException(PyExc_ValueError, NULL);
556	}
557	digest_size = EVP_MD_CTX_size(temp_ctx);
558	if (!EVP_DigestFinal(temp_ctx, digest, NULL)) {
559	_setException(PyExc_ValueError, NULL);
560	return NULL;
561	}
562
563	EVP_MD_CTX_free(temp_ctx);
564
565	return _Py_strhex((const char *)digest, (Py_ssize_t)digest_size);
566	}
567
568	/[clinic input]*
569	_hashlib.HASH.update as EVP_update
570
571	obj: object
572	/
573
574	Update this hash object's state with the provided string.
575	[clinic start generated code]/*
576
577	static PyObject *
578	EVP_update(EVPobject self, PyObject obj)
579	/[clinic end generated code: output=ec1d55ed2432e966 input=9b30ec848f015501]/
580	{
581	int result;
582	Py_buffer view;
583
584	GET_BUFFER_VIEW_OR_ERROUT(obj, &view);
585
586	if (self->lock == NULL && view.len >= HASHLIB_GIL_MINSIZE) {
587	self->lock = PyThread_allocate_lock();
588	/ fail? lock = NULL and we fail over to non-threaded code. /
589	}
590
591	if (self->lock != NULL) {
592	Py_BEGIN_ALLOW_THREADS
593	PyThread_acquire_lock(self->lock, `1`);
594	result = EVP_hash(self, view.buf, view.len);
595	PyThread_release_lock(self->lock);
596	Py_END_ALLOW_THREADS
597	} else {
598	result = EVP_hash(self, view.buf, view.len);
599	}
600
601	PyBuffer_Release(&view);
602
603	if (result == -`1`)
604	return NULL;
605	Py_RETURN_NONE;
606	}
607
608	static PyMethodDef EVP_methods[] = {
609	EVP_UPDATE_METHODDEF
610	EVP_DIGEST_METHODDEF
611	EVP_HEXDIGEST_METHODDEF
612	EVP_COPY_METHODDEF
613	{NULL, NULL} / sentinel /
614	};
615
616	static PyObject *
617	EVP_get_block_size(EVPobject self, void* *closure)
618	{
619	long block_size;
620	block_size = EVP_MD_CTX_block_size(self->ctx);
621	return PyLong_FromLong(block_size);
622	}
623
624	static PyObject *
625	EVP_get_digest_size(EVPobject self, void* *closure)
626	{
627	long size;
628	size = EVP_MD_CTX_size(self->ctx);
629	return PyLong_FromLong(size);
630	}
631
632	static PyObject *
633	EVP_get_name(EVPobject self, void* *closure)
634	{
635	return py_digest_name(EVP_MD_CTX_md(self->ctx));
636	}
637
638	static PyGetSetDef EVP_getseters[] = {
639	{"digest_size",
640	(getter)EVP_get_digest_size, NULL,
641	NULL,
642	NULL},
643	{"block_size",
644	(getter)EVP_get_block_size, NULL,
645	NULL,
646	NULL},
647	{"name",
648	(getter)EVP_get_name, NULL,
649	NULL,
650	PyDoc_STR("algorithm name.")},
651	{NULL} / Sentinel /
652	};
653
654
655	static PyObject *
656	EVP_repr(EVPobject *self)
657	{
658	PyObject name_obj, repr;
659	name_obj = py_digest_name(EVP_MD_CTX_md(self->ctx));
660	if (!name_obj) {
661	return NULL;
662	}
663	repr = PyUnicode_FromFormat("<%U %s object @ %p>",
664	name_obj, Py_TYPE(self)->tp_name, self);
665	Py_DECREF(name_obj);
666	return repr;
667	}
668
669	PyDoc_STRVAR(hashtype_doc,
670	"HASH(name, string=b\'\')\n"
671	"--\n"
672	"\n"
673	"A hash is an object used to calculate a checksum of a string of information.\n"
674	"\n"
675	"Methods:\n"
676	"\n"
677	"update() -- updates the current digest with an additional string\n"
678	"digest() -- return the current digest value\n"
679	"hexdigest() -- return the current digest as a string of hexadecimal digits\n"
680	"copy() -- return a copy of the current hash object\n"
681	"\n"
682	"Attributes:\n"
683	"\n"
684	"name -- the hash algorithm being used by this object\n"
685	"digest_size -- number of bytes in this hashes output");
686
687	static PyType_Slot EVPtype_slots[] = {
688	{Py_tp_dealloc, EVP_dealloc},
689	{Py_tp_repr, EVP_repr},
690	{Py_tp_doc, (char *)hashtype_doc},
691	{Py_tp_methods, EVP_methods},
692	{Py_tp_getset, EVP_getseters},
693	{`0`, `0`},
694	};
695
696	static PyType_Spec EVPtype_spec = {
697	"_hashlib.HASH", /tp_name/
698	sizeof(EVPobject), /tp_basicsize/
699	`0`, /tp_itemsize/
700	Py_TPFLAGS_DEFAULT \| Py_TPFLAGS_BASETYPE \| Py_TPFLAGS_DISALLOW_INSTANTIATION \| Py_TPFLAGS_IMMUTABLETYPE,
701	EVPtype_slots
702	};
703
704	#ifdef PY_OPENSSL_HAS_SHAKE
705
706	/[clinic input]*
707	_hashlib.HASHXOF.digest as EVPXOF_digest
708
709	length: Py_ssize_t
710
711	Return the digest value as a bytes object.
712	[clinic start generated code]/*
713
714	static PyObject *
715	EVPXOF_digest_impl(EVPobject *self, Py_ssize_t length)
716	/[clinic end generated code: output=ef9320c23280efad input=816a6537cea3d1db]/
717	{
718	EVP_MD_CTX *temp_ctx;
719	PyObject *retval = PyBytes_FromStringAndSize(NULL, length);
720
721	if (retval == NULL) {
722	return NULL;
723	}
724
725	temp_ctx = EVP_MD_CTX_new();
726	if (temp_ctx == NULL) {
727	Py_DECREF(retval);
728	PyErr_NoMemory();
729	return NULL;
730	}
731
732	if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) {
733	Py_DECREF(retval);
734	EVP_MD_CTX_free(temp_ctx);
735	return _setException(PyExc_ValueError, NULL);
736	}
737	if (!EVP_DigestFinalXOF(temp_ctx,
738	(unsigned char*)PyBytes_AS_STRING(retval),
739	length)) {
740	Py_DECREF(retval);
741	EVP_MD_CTX_free(temp_ctx);
742	_setException(PyExc_ValueError, NULL);
743	return NULL;
744	}
745
746	EVP_MD_CTX_free(temp_ctx);
747	return retval;
748	}
749
750	/[clinic input]*
751	_hashlib.HASHXOF.hexdigest as EVPXOF_hexdigest
752
753	length: Py_ssize_t
754
755	Return the digest value as a string of hexadecimal digits.
756	[clinic start generated code]/*
757
758	static PyObject *
759	EVPXOF_hexdigest_impl(EVPobject *self, Py_ssize_t length)
760	/[clinic end generated code: output=eb3e6ee7788bf5b2 input=5f9d6a8f269e34df]/
761	{
762	unsigned char *digest;
763	EVP_MD_CTX *temp_ctx;
764	PyObject *retval;
765
766	digest = (unsigned char*)PyMem_Malloc(length);
767	if (digest == NULL) {
768	PyErr_NoMemory();
769	return NULL;
770	}
771
772	temp_ctx = EVP_MD_CTX_new();
773	if (temp_ctx == NULL) {
774	PyMem_Free(digest);
775	PyErr_NoMemory();
776	return NULL;
777	}
778
779	/ Get the raw (binary) digest value /
780	if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) {
781	PyMem_Free(digest);
782	EVP_MD_CTX_free(temp_ctx);
783	return _setException(PyExc_ValueError, NULL);
784	}
785	if (!EVP_DigestFinalXOF(temp_ctx, digest, length)) {
786	PyMem_Free(digest);
787	EVP_MD_CTX_free(temp_ctx);
788	_setException(PyExc_ValueError, NULL);
789	return NULL;
790	}
791
792	EVP_MD_CTX_free(temp_ctx);
793
794	retval = _Py_strhex((const char *)digest, length);
795	PyMem_Free(digest);
796	return retval;
797	}
798
799	static PyMethodDef EVPXOF_methods[] = {
800	EVPXOF_DIGEST_METHODDEF
801	EVPXOF_HEXDIGEST_METHODDEF
802	{NULL, NULL} / sentinel /
803	};
804
805
806	static PyObject *
807	EVPXOF_get_digest_size(EVPobject self, void* *closure)
808	{
809	return PyLong_FromLong(`0`);
810	}
811
812	static PyGetSetDef EVPXOF_getseters[] = {
813	{"digest_size",
814	(getter)EVPXOF_get_digest_size, NULL,
815	NULL,
816	NULL},
817	{NULL} / Sentinel /
818	};
819
820	PyDoc_STRVAR(hashxoftype_doc,
821	"HASHXOF(name, string=b\'\')\n"
822	"--\n"
823	"\n"
824	"A hash is an object used to calculate a checksum of a string of information.\n"
825	"\n"
826	"Methods:\n"
827	"\n"
828	"update() -- updates the current digest with an additional string\n"
829	"digest(length) -- return the current digest value\n"
830	"hexdigest(length) -- return the current digest as a string of hexadecimal digits\n"
831	"copy() -- return a copy of the current hash object\n"
832	"\n"
833	"Attributes:\n"
834	"\n"
835	"name -- the hash algorithm being used by this object\n"
836	"digest_size -- number of bytes in this hashes output");
837
838	static PyType_Slot EVPXOFtype_slots[] = {
839	{Py_tp_doc, (char *)hashxoftype_doc},
840	{Py_tp_methods, EVPXOF_methods},
841	{Py_tp_getset, EVPXOF_getseters},
842	{`0`, `0`},
843	};
844
845	static PyType_Spec EVPXOFtype_spec = {
846	"_hashlib.HASHXOF", /tp_name/
847	sizeof(EVPobject), /tp_basicsize/
848	`0`, /tp_itemsize/
849	Py_TPFLAGS_DEFAULT \| Py_TPFLAGS_BASETYPE \| Py_TPFLAGS_DISALLOW_INSTANTIATION \| Py_TPFLAGS_IMMUTABLETYPE,
850	EVPXOFtype_slots
851	};
852
853
854	#endif
855
856	static PyObject*
857	py_evp_fromname(PyObject module, const* char digestname, PyObject data_obj,
858	int usedforsecurity)
859	{
860	Py_buffer view = { `0` };
861	PY_EVP_MD *digest = NULL;
862	PyTypeObject *type;
863	EVPobject *self = NULL;
864
865	if (data_obj != NULL) {
866	GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view);
867	}
868
869	digest = py_digest_by_name(
870	module, digestname, usedforsecurity ? Py_ht_evp : Py_ht_evp_nosecurity
871	);
872	if (digest == NULL) {
873	goto exit;
874	}
875
876	if ((EVP_MD_flags(digest) & EVP_MD_FLAG_XOF) == EVP_MD_FLAG_XOF) {
877	type = get_hashlib_state(module)->EVPXOFtype;
878	} else {
879	type = get_hashlib_state(module)->EVPtype;
880	}
881
882	self = newEVPobject(type);
883	if (self == NULL) {
884	goto exit;
885	}
886
887	#if defined(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) && OPENSSL_VERSION_NUMBER < 0x30000000L
888	// In OpenSSL 1.1.1 the non FIPS allowed flag is context specific while
889	// in 3.0.0 it is a different EVP_MD provider.
890	if (!usedforsecurity) {
891	EVP_MD_CTX_set_flags(self->ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
892	}
893	#endif
894
895	int result = EVP_DigestInit_ex(self->ctx, digest, NULL);
896	if (!result) {
897	_setException(PyExc_ValueError, NULL);
898	Py_CLEAR(self);
899	goto exit;
900	}
901
902	if (view.buf && view.len) {
903	if (view.len >= HASHLIB_GIL_MINSIZE) {
904	Py_BEGIN_ALLOW_THREADS
905	result = EVP_hash(self, view.buf, view.len);
906	Py_END_ALLOW_THREADS
907	} else {
908	result = EVP_hash(self, view.buf, view.len);
909	}
910	if (result == -`1`) {
911	Py_CLEAR(self);
912	goto exit;
913	}
914	}
915
916	exit:
917	if (data_obj != NULL) {
918	PyBuffer_Release(&view);
919	}
920	if (digest != NULL) {
921	PY_EVP_MD_free(digest);
922	}
923
924	return (PyObject *)self;
925	}
926
927
928	/ The module-level function: new() /
929
930	/[clinic input]*
931	_hashlib.new as EVP_new
932
933	name as name_obj: object
934	string as data_obj: object(c_default="NULL") = b''
935	*
936	usedforsecurity: bool = True
937
938	Return a new hash object using the named algorithm.
939
940	An optional string argument may be provided and will be
941	automatically hashed.
942
943	The MD5 and SHA1 algorithms are always supported.
944	[clinic start generated code]/*
945
946	static PyObject *
947	EVP_new_impl(PyObject module, PyObject name_obj, PyObject *data_obj,
948	int usedforsecurity)
949	/[clinic end generated code: output=ddd5053f92dffe90 input=c24554d0337be1b0]/
950	{
951	char *name;
952	if (!PyArg_Parse(name_obj, "s", &name)) {
953	PyErr_SetString(PyExc_TypeError, "name must be a string");
954	return NULL;
955	}
956	return py_evp_fromname(module, name, data_obj, usedforsecurity);
957	}
958
959
960	/[clinic input]*
961	_hashlib.openssl_md5
962
963	string as data_obj: object(py_default="b''") = NULL
964	*
965	usedforsecurity: bool = True
966
967	Returns a md5 hash object; optionally initialized with a string
968
969	[clinic start generated code]/*
970
971	static PyObject *
972	_hashlib_openssl_md5_impl(PyObject module, PyObject data_obj,
973	int usedforsecurity)
974	/[clinic end generated code: output=87b0186440a44f8c input=990e36d5e689b16e]/
975	{
976	return py_evp_fromname(module, Py_hash_md5, data_obj, usedforsecurity);
977	}
978
979
980	/[clinic input]*
981	_hashlib.openssl_sha1
982
983	string as data_obj: object(py_default="b''") = NULL
984	*
985	usedforsecurity: bool = True
986
987	Returns a sha1 hash object; optionally initialized with a string
988
989	[clinic start generated code]/*
990
991	static PyObject *
992	_hashlib_openssl_sha1_impl(PyObject module, PyObject data_obj,
993	int usedforsecurity)
994	/[clinic end generated code: output=6813024cf690670d input=948f2f4b6deabc10]/
995	{
996	return py_evp_fromname(module, Py_hash_sha1, data_obj, usedforsecurity);
997	}
998
999
1000	/[clinic input]*
1001	_hashlib.openssl_sha224
1002
1003	string as data_obj: object(py_default="b''") = NULL
1004	*
1005	usedforsecurity: bool = True
1006
1007	Returns a sha224 hash object; optionally initialized with a string
1008
1009	[clinic start generated code]/*
1010
1011	static PyObject *
1012	_hashlib_openssl_sha224_impl(PyObject module, PyObject data_obj,
1013	int usedforsecurity)
1014	/[clinic end generated code: output=a2dfe7cc4eb14ebb input=f9272821fadca505]/
1015	{
1016	return py_evp_fromname(module, Py_hash_sha224, data_obj, usedforsecurity);
1017	}
1018
1019
1020	/[clinic input]*
1021	_hashlib.openssl_sha256
1022
1023	string as data_obj: object(py_default="b''") = NULL
1024	*
1025	usedforsecurity: bool = True
1026
1027	Returns a sha256 hash object; optionally initialized with a string
1028
1029	[clinic start generated code]/*
1030
1031	static PyObject *
1032	_hashlib_openssl_sha256_impl(PyObject module, PyObject data_obj,
1033	int usedforsecurity)
1034	/[clinic end generated code: output=1f874a34870f0a68 input=549fad9d2930d4c5]/
1035	{
1036	return py_evp_fromname(module, Py_hash_sha256, data_obj, usedforsecurity);
1037	}
1038
1039
1040	/[clinic input]*
1041	_hashlib.openssl_sha384
1042
1043	string as data_obj: object(py_default="b''") = NULL
1044	*
1045	usedforsecurity: bool = True
1046
1047	Returns a sha384 hash object; optionally initialized with a string
1048
1049	[clinic start generated code]/*
1050
1051	static PyObject *
1052	_hashlib_openssl_sha384_impl(PyObject module, PyObject data_obj,
1053	int usedforsecurity)
1054	/[clinic end generated code: output=58529eff9ca457b2 input=48601a6e3bf14ad7]/
1055	{
1056	return py_evp_fromname(module, Py_hash_sha384, data_obj, usedforsecurity);
1057	}
1058
1059
1060	/[clinic input]*
1061	_hashlib.openssl_sha512
1062
1063	string as data_obj: object(py_default="b''") = NULL
1064	*
1065	usedforsecurity: bool = True
1066
1067	Returns a sha512 hash object; optionally initialized with a string
1068
1069	[clinic start generated code]/*
1070
1071	static PyObject *
1072	_hashlib_openssl_sha512_impl(PyObject module, PyObject data_obj,
1073	int usedforsecurity)
1074	/[clinic end generated code: output=2c744c9e4a40d5f6 input=c5c46a2a817aa98f]/
1075	{
1076	return py_evp_fromname(module, Py_hash_sha512, data_obj, usedforsecurity);
1077	}
1078
1079
1080	#ifdef PY_OPENSSL_HAS_SHA3
1081
1082	/[clinic input]*
1083	_hashlib.openssl_sha3_224
1084
1085	string as data_obj: object(py_default="b''") = NULL
1086	*
1087	usedforsecurity: bool = True
1088
1089	Returns a sha3-224 hash object; optionally initialized with a string
1090
1091	[clinic start generated code]/*
1092
1093	static PyObject *
1094	_hashlib_openssl_sha3_224_impl(PyObject module, PyObject data_obj,
1095	int usedforsecurity)
1096	/[clinic end generated code: output=144641c1d144b974 input=e3a01b2888916157]/
1097	{
1098	return py_evp_fromname(module, Py_hash_sha3_224, data_obj, usedforsecurity);
1099	}
1100
1101	/[clinic input]*
1102	_hashlib.openssl_sha3_256
1103
1104	string as data_obj: object(py_default="b''") = NULL
1105	*
1106	usedforsecurity: bool = True
1107
1108	Returns a sha3-256 hash object; optionally initialized with a string
1109
1110	[clinic start generated code]/*
1111
1112	static PyObject *
1113	_hashlib_openssl_sha3_256_impl(PyObject module, PyObject data_obj,
1114	int usedforsecurity)
1115	/[clinic end generated code: output=c61f1ab772d06668 input=e2908126c1b6deed]/
1116	{
1117	return py_evp_fromname(module, Py_hash_sha3_256, data_obj , usedforsecurity);
1118	}
1119
1120	/[clinic input]*
1121	_hashlib.openssl_sha3_384
1122
1123	string as data_obj: object(py_default="b''") = NULL
1124	*
1125	usedforsecurity: bool = True
1126
1127	Returns a sha3-384 hash object; optionally initialized with a string
1128
1129	[clinic start generated code]/*
1130
1131	static PyObject *
1132	_hashlib_openssl_sha3_384_impl(PyObject module, PyObject data_obj,
1133	int usedforsecurity)
1134	/[clinic end generated code: output=f68e4846858cf0ee input=ec0edf5c792f8252]/
1135	{
1136	return py_evp_fromname(module, Py_hash_sha3_384, data_obj , usedforsecurity);
1137	}
1138
1139	/[clinic input]*
1140	_hashlib.openssl_sha3_512
1141
1142	string as data_obj: object(py_default="b''") = NULL
1143	*
1144	usedforsecurity: bool = True
1145
1146	Returns a sha3-512 hash object; optionally initialized with a string
1147
1148	[clinic start generated code]/*
1149
1150	static PyObject *
1151	_hashlib_openssl_sha3_512_impl(PyObject module, PyObject data_obj,
1152	int usedforsecurity)
1153	/[clinic end generated code: output=2eede478c159354a input=64e2cc0c094d56f4]/
1154	{
1155	return py_evp_fromname(module, Py_hash_sha3_512, data_obj , usedforsecurity);
1156	}
1157	#endif /* PY_OPENSSL_HAS_SHA3 */
1158
1159	#ifdef PY_OPENSSL_HAS_SHAKE
1160	/[clinic input]*
1161	_hashlib.openssl_shake_128
1162
1163	string as data_obj: object(py_default="b''") = NULL
1164	*
1165	usedforsecurity: bool = True
1166
1167	Returns a shake-128 variable hash object; optionally initialized with a string
1168
1169	[clinic start generated code]/*
1170
1171	static PyObject *
1172	_hashlib_openssl_shake_128_impl(PyObject module, PyObject data_obj,
1173	int usedforsecurity)
1174	/[clinic end generated code: output=bc49cdd8ada1fa97 input=6c9d67440eb33ec8]/
1175	{
1176	return py_evp_fromname(module, Py_hash_shake_128, data_obj , usedforsecurity);
1177	}
1178
1179	/[clinic input]*
1180	_hashlib.openssl_shake_256
1181
1182	string as data_obj: object(py_default="b''") = NULL
1183	*
1184	usedforsecurity: bool = True
1185
1186	Returns a shake-256 variable hash object; optionally initialized with a string
1187
1188	[clinic start generated code]/*
1189
1190	static PyObject *
1191	_hashlib_openssl_shake_256_impl(PyObject module, PyObject data_obj,
1192	int usedforsecurity)
1193	/[clinic end generated code: output=358d213be8852df7 input=479cbe9fefd4a9f8]/
1194	{
1195	return py_evp_fromname(module, Py_hash_shake_256, data_obj , usedforsecurity);
1196	}
1197	#endif /* PY_OPENSSL_HAS_SHAKE */
1198
1199	/[clinic input]*
1200	_hashlib.pbkdf2_hmac as pbkdf2_hmac
1201
1202	hash_name: str
1203	password: Py_buffer
1204	salt: Py_buffer
1205	iterations: long
1206	dklen as dklen_obj: object = None
1207
1208	Password based key derivation function 2 (PKCS #5 v2.0) with HMAC as pseudorandom function.
1209	[clinic start generated code]/*
1210
1211	static PyObject *
1212	pbkdf2_hmac_impl(PyObject module, const* char *hash_name,
1213	Py_buffer password, Py_buffer salt, long iterations,
1214	PyObject *dklen_obj)
1215	/[clinic end generated code: output=144b76005416599b input=ed3ab0d2d28b5d5c]/
1216	{
1217	PyObject *key_obj = NULL;
1218	char *key;
1219	long dklen;
1220	int retval;
1221
1222	PY_EVP_MD *digest = py_digest_by_name(module, hash_name, Py_ht_pbkdf2);
1223	if (digest == NULL) {
1224	goto end;
1225	}
1226
1227	if (password->len > INT_MAX) {
1228	PyErr_SetString(PyExc_OverflowError,
1229	"password is too long.");
1230	goto end;
1231	}
1232
1233	if (salt->len > INT_MAX) {
1234	PyErr_SetString(PyExc_OverflowError,
1235	"salt is too long.");
1236	goto end;
1237	}
1238
1239	if (iterations < `1`) {
1240	PyErr_SetString(PyExc_ValueError,
1241	"iteration value must be greater than 0.");
1242	goto end;
1243	}
1244	if (iterations > INT_MAX) {
1245	PyErr_SetString(PyExc_OverflowError,
1246	"iteration value is too great.");
1247	goto end;
1248	}
1249
1250	if (dklen_obj == Py_None) {
1251	dklen = EVP_MD_size(digest);
1252	} else {
1253	dklen = PyLong_AsLong(dklen_obj);
1254	if ((dklen == -`1`) && PyErr_Occurred()) {
1255	goto end;
1256	}
1257	}
1258	if (dklen < `1`) {
1259	PyErr_SetString(PyExc_ValueError,
1260	"key length must be greater than 0.");
1261	goto end;
1262	}
1263	if (dklen > INT_MAX) {
1264	/ INT_MAX is always smaller than dkLen max (2^32 - 1) * hLen /
1265	PyErr_SetString(PyExc_OverflowError,
1266	"key length is too great.");
1267	goto end;
1268	}
1269
1270	key_obj = PyBytes_FromStringAndSize(NULL, dklen);
1271	if (key_obj == NULL) {
1272	goto end;
1273	}
1274	key = PyBytes_AS_STRING(key_obj);
1275
1276	Py_BEGIN_ALLOW_THREADS
1277	retval = PKCS5_PBKDF2_HMAC((char)password->buf, (int*)password->len,
1278	(unsigned char )salt->buf, (int*)salt->len,
1279	iterations, digest, dklen,
1280	(unsigned char *)key);
1281	Py_END_ALLOW_THREADS
1282
1283	if (!retval) {
1284	Py_CLEAR(key_obj);
1285	_setException(PyExc_ValueError, NULL);
1286	goto end;
1287	}
1288
1289	end:
1290	if (digest != NULL) {
1291	PY_EVP_MD_free(digest);
1292	}
1293	return key_obj;
1294	}
1295
1296	#ifdef PY_OPENSSL_HAS_SCRYPT
1297
1298	/ XXX: Parameters salt, n, r and p should be required keyword-only parameters.*
1299	They are optional in the Argument Clinic declaration only due to a
1300	limitation of PyArg_ParseTupleAndKeywords. /*
1301
1302	/[clinic input]*
1303	_hashlib.scrypt
1304
1305	password: Py_buffer
1306	*
1307	salt: Py_buffer = None
1308	n as n_obj: object(subclass_of='&PyLong_Type') = None
1309	r as r_obj: object(subclass_of='&PyLong_Type') = None
1310	p as p_obj: object(subclass_of='&PyLong_Type') = None
1311	maxmem: long = 0
1312	dklen: long = 64
1313
1314
1315	scrypt password-based key derivation function.
1316	[clinic start generated code]/*
1317
1318	static PyObject *
1319	_hashlib_scrypt_impl(PyObject module, Py_buffer password, Py_buffer *salt,
1320	PyObject n_obj, PyObject r_obj, PyObject *p_obj,
1321	long maxmem, long dklen)
1322	/[clinic end generated code: output=14849e2aa2b7b46c input=48a7d63bf3f75c42]/
1323	{
1324	PyObject *key_obj = NULL;
1325	char *key;
1326	int retval;
1327	unsigned long n, r, p;
1328
1329	if (password->len > INT_MAX) {
1330	PyErr_SetString(PyExc_OverflowError,
1331	"password is too long.");
1332	return NULL;
1333	}
1334
1335	if (salt->buf == NULL) {
1336	PyErr_SetString(PyExc_TypeError,
1337	"salt is required");
1338	return NULL;
1339	}
1340	if (salt->len > INT_MAX) {
1341	PyErr_SetString(PyExc_OverflowError,
1342	"salt is too long.");
1343	return NULL;
1344	}
1345
1346	n = PyLong_AsUnsignedLong(n_obj);
1347	if (n == (unsigned long) -`1` && PyErr_Occurred()) {
1348	PyErr_SetString(PyExc_TypeError,
1349	"n is required and must be an unsigned int");
1350	return NULL;
1351	}
1352	if (n < `2` \|\| n & (n - `1`)) {
1353	PyErr_SetString(PyExc_ValueError,
1354	"n must be a power of 2.");
1355	return NULL;
1356	}
1357
1358	r = PyLong_AsUnsignedLong(r_obj);
1359	if (r == (unsigned long) -`1` && PyErr_Occurred()) {
1360	PyErr_SetString(PyExc_TypeError,
1361	"r is required and must be an unsigned int");
1362	return NULL;
1363	}
1364
1365	p = PyLong_AsUnsignedLong(p_obj);
1366	if (p == (unsigned long) -`1` && PyErr_Occurred()) {
1367	PyErr_SetString(PyExc_TypeError,
1368	"p is required and must be an unsigned int");
1369	return NULL;
1370	}
1371
1372	if (maxmem < `0` \|\| maxmem > INT_MAX) {
1373	/ OpenSSL 1.1.0 restricts maxmem to 32 MiB. It may change in the*
1374	future. The maxmem constant is private to OpenSSL. /*
1375	PyErr_Format(PyExc_ValueError,
1376	"maxmem must be positive and smaller than %d",
1377	INT_MAX);
1378	return NULL;
1379	}
1380
1381	if (dklen < `1` \|\| dklen > INT_MAX) {
1382	PyErr_Format(PyExc_ValueError,
1383	"dklen must be greater than 0 and smaller than %d",
1384	INT_MAX);
1385	return NULL;
1386	}
1387
1388	/ let OpenSSL validate the rest /
1389	retval = EVP_PBE_scrypt(NULL, `0`, NULL, `0`, n, r, p, maxmem, NULL, `0`);
1390	if (!retval) {
1391	_setException(PyExc_ValueError, "Invalid parameter combination for n, r, p, maxmem.");
1392	return NULL;
1393	}
1394
1395	key_obj = PyBytes_FromStringAndSize(NULL, dklen);
1396	if (key_obj == NULL) {
1397	return NULL;
1398	}
1399	key = PyBytes_AS_STRING(key_obj);
1400
1401	Py_BEGIN_ALLOW_THREADS
1402	retval = EVP_PBE_scrypt(
1403	(const char*)password->buf, (size_t)password->len,
1404	(const unsigned char *)salt->buf, (size_t)salt->len,
1405	n, r, p, maxmem,
1406	(unsigned char *)key, (size_t)dklen
1407	);
1408	Py_END_ALLOW_THREADS
1409
1410	if (!retval) {
1411	Py_CLEAR(key_obj);
1412	_setException(PyExc_ValueError, NULL);
1413	return NULL;
1414	}
1415	return key_obj;
1416	}
1417	#endif /* PY_OPENSSL_HAS_SCRYPT */
1418
1419	/ Fast HMAC for hmac.digest()*
1420	*/
1421
1422	/[clinic input]*
1423	_hashlib.hmac_digest as _hashlib_hmac_singleshot
1424
1425	key: Py_buffer
1426	msg: Py_buffer
1427	digest: object
1428
1429	Single-shot HMAC.
1430	[clinic start generated code]/*
1431
1432	static PyObject *
1433	_hashlib_hmac_singleshot_impl(PyObject module, Py_buffer key,
1434	Py_buffer msg, PyObject digest)
1435	/[clinic end generated code: output=82f19965d12706ac input=0a0790cc3db45c2e]/
1436	{
1437	unsigned char md[EVP_MAX_MD_SIZE] = {`0`};
1438	unsigned int md_len = `0`;
1439	unsigned char *result;
1440	PY_EVP_MD *evp;
1441
1442	if (key->len > INT_MAX) {
1443	PyErr_SetString(PyExc_OverflowError,
1444	"key is too long.");
1445	return NULL;
1446	}
1447	if (msg->len > INT_MAX) {
1448	PyErr_SetString(PyExc_OverflowError,
1449	"msg is too long.");
1450	return NULL;
1451	}
1452
1453	evp = py_digest_by_digestmod(module, digest, Py_ht_mac);
1454	if (evp == NULL) {
1455	return NULL;
1456	}
1457
1458	Py_BEGIN_ALLOW_THREADS
1459	result = HMAC(
1460	evp,
1461	(const void)key->buf, (int*)key->len,
1462	(const unsigned char)msg->buf, (int*)msg->len,
1463	md, &md_len
1464	);
1465	Py_END_ALLOW_THREADS
1466	PY_EVP_MD_free(evp);
1467
1468	if (result == NULL) {
1469	_setException(PyExc_ValueError, NULL);
1470	return NULL;
1471	}
1472	return PyBytes_FromStringAndSize((const char*)md, md_len);
1473	}
1474
1475	/ OpenSSL-based HMAC implementation*
1476	*/
1477
1478	static int _hmac_update(HMACobject, PyObject);
1479
1480	/[clinic input]*
1481	_hashlib.hmac_new
1482
1483	key: Py_buffer
1484	msg as msg_obj: object(c_default="NULL") = b''
1485	digestmod: object(c_default="NULL") = None
1486
1487	Return a new hmac object.
1488	[clinic start generated code]/*
1489
1490	static PyObject *
1491	_hashlib_hmac_new_impl(PyObject module, Py_buffer key, PyObject *msg_obj,
1492	PyObject *digestmod)
1493	/[clinic end generated code: output=c20d9e4d9ed6d219 input=5f4071dcc7f34362]/
1494	{
1495	PyTypeObject *type = get_hashlib_state(module)->HMACtype;
1496	PY_EVP_MD *digest;
1497	HMAC_CTX *ctx = NULL;
1498	HMACobject *self = NULL;
1499	int r;
1500
1501	if (key->len > INT_MAX) {
1502	PyErr_SetString(PyExc_OverflowError,
1503	"key is too long.");
1504	return NULL;
1505	}
1506
1507	if (digestmod == NULL) {
1508	PyErr_SetString(
1509	PyExc_TypeError, "Missing required parameter 'digestmod'.");
1510	return NULL;
1511	}
1512
1513	digest = py_digest_by_digestmod(module, digestmod, Py_ht_mac);
1514	if (digest == NULL) {
1515	return NULL;
1516	}
1517
1518	ctx = HMAC_CTX_new();
1519	if (ctx == NULL) {
1520	_setException(PyExc_ValueError, NULL);
1521	goto error;
1522	}
1523
1524	r = HMAC_Init_ex(
1525	ctx,
1526	(const char*)key->buf,
1527	(int)key->len,
1528	digest,
1529	NULL /impl/);
1530	PY_EVP_MD_free(digest);
1531	if (r == `0`) {
1532	_setException(PyExc_ValueError, NULL);
1533	goto error;
1534	}
1535
1536	self = (HMACobject *)PyObject_New(HMACobject, type);
1537	if (self == NULL) {
1538	goto error;
1539	}
1540
1541	self->ctx = ctx;
1542	self->lock = NULL;
1543
1544	if ((msg_obj != NULL) && (msg_obj != Py_None)) {
1545	if (!_hmac_update(self, msg_obj))
1546	goto error;
1547	}
1548
1549	return (PyObject*)self;
1550
1551	error:
1552	if (ctx) HMAC_CTX_free(ctx);
1553	if (self) PyObject_Free(self);
1554	return NULL;
1555	}
1556
1557	/ helper functions /
1558	static int
1559	locked_HMAC_CTX_copy(HMAC_CTX new_ctx_p, HMACobject self)
1560	{
1561	int result;
1562	ENTER_HASHLIB(self);
1563	result = HMAC_CTX_copy(new_ctx_p, self->ctx);
1564	LEAVE_HASHLIB(self);
1565	return result;
1566	}
1567
1568	static unsigned int
1569	_hmac_digest_size(HMACobject *self)
1570	{
1571	unsigned int digest_size = EVP_MD_size(HMAC_CTX_get_md(self->ctx));
1572	assert(digest_size <= EVP_MAX_MD_SIZE);
1573	return digest_size;
1574	}
1575
1576	static int
1577	_hmac_update(HMACobject self, PyObject obj)
1578	{
1579	int r;
1580	Py_buffer view = {`0`};
1581
1582	GET_BUFFER_VIEW_OR_ERROR(obj, &view, return `0`);
1583
1584	if (self->lock == NULL && view.len >= HASHLIB_GIL_MINSIZE) {
1585	self->lock = PyThread_allocate_lock();
1586	/ fail? lock = NULL and we fail over to non-threaded code. /
1587	}
1588
1589	if (self->lock != NULL) {
1590	Py_BEGIN_ALLOW_THREADS
1591	PyThread_acquire_lock(self->lock, `1`);
1592	r = HMAC_Update(self->ctx, (const unsigned char*)view.buf, view.len);
1593	PyThread_release_lock(self->lock);
1594	Py_END_ALLOW_THREADS
1595	} else {
1596	r = HMAC_Update(self->ctx, (const unsigned char*)view.buf, view.len);
1597	}
1598
1599	PyBuffer_Release(&view);
1600
1601	if (r == `0`) {
1602	_setException(PyExc_ValueError, NULL);
1603	return `0`;
1604	}
1605	return `1`;
1606	}
1607
1608	/[clinic input]*
1609	_hashlib.HMAC.copy
1610
1611	Return a copy ("clone") of the HMAC object.
1612	[clinic start generated code]/*
1613
1614	static PyObject *
1615	_hashlib_HMAC_copy_impl(HMACobject *self)
1616	/[clinic end generated code: output=29aa28b452833127 input=e2fa6a05db61a4d6]/
1617	{
1618	HMACobject *retval;
1619
1620	HMAC_CTX *ctx = HMAC_CTX_new();
1621	if (ctx == NULL) {
1622	return _setException(PyExc_ValueError, NULL);
1623	}
1624	if (!locked_HMAC_CTX_copy(ctx, self)) {
1625	HMAC_CTX_free(ctx);
1626	return _setException(PyExc_ValueError, NULL);
1627	}
1628
1629	retval = (HMACobject *)PyObject_New(HMACobject, Py_TYPE(self));
1630	if (retval == NULL) {
1631	HMAC_CTX_free(ctx);
1632	return NULL;
1633	}
1634	retval->ctx = ctx;
1635	retval->lock = NULL;
1636
1637	return (PyObject *)retval;
1638	}
1639
1640	static void
1641	_hmac_dealloc(HMACobject *self)
1642	{
1643	PyTypeObject *tp = Py_TYPE(self);
1644	if (self->lock != NULL) {
1645	PyThread_free_lock(self->lock);
1646	}
1647	HMAC_CTX_free(self->ctx);
1648	PyObject_Free(self);
1649	Py_DECREF(tp);
1650	}
1651
1652	static PyObject *
1653	_hmac_repr(HMACobject *self)
1654	{
1655	PyObject *digest_name = py_digest_name(HMAC_CTX_get_md(self->ctx));
1656	if (digest_name == NULL) {
1657	return NULL;
1658	}
1659	PyObject *repr = PyUnicode_FromFormat(
1660	"<%U HMAC object @ %p>", digest_name, self
1661	);
1662	Py_DECREF(digest_name);
1663	return repr;
1664	}
1665
1666	/[clinic input]*
1667	_hashlib.HMAC.update
1668	msg: object
1669
1670	Update the HMAC object with msg.
1671	[clinic start generated code]/*
1672
1673	static PyObject *
1674	_hashlib_HMAC_update_impl(HMACobject self, PyObject msg)
1675	/[clinic end generated code: output=f31f0ace8c625b00 input=1829173bb3cfd4e6]/
1676	{
1677	if (!_hmac_update(self, msg)) {
1678	return NULL;
1679	}
1680	Py_RETURN_NONE;
1681	}
1682
1683	static int
1684	_hmac_digest(HMACobject self, unsigned* char buf, unsigned* int len)
1685	{
1686	HMAC_CTX *temp_ctx = HMAC_CTX_new();
1687	if (temp_ctx == NULL) {
1688	PyErr_NoMemory();
1689	return `0`;
1690	}
1691	if (!locked_HMAC_CTX_copy(temp_ctx, self)) {
1692	_setException(PyExc_ValueError, NULL);
1693	return `0`;
1694	}
1695	int r = HMAC_Final(temp_ctx, buf, &len);
1696	HMAC_CTX_free(temp_ctx);
1697	if (r == `0`) {
1698	_setException(PyExc_ValueError, NULL);
1699	return `0`;
1700	}
1701	return `1`;
1702	}
1703
1704	/[clinic input]*
1705	_hashlib.HMAC.digest
1706	Return the digest of the bytes passed to the update() method so far.
1707	[clinic start generated code]/*
1708
1709	static PyObject *
1710	_hashlib_HMAC_digest_impl(HMACobject *self)
1711	/[clinic end generated code: output=1b1424355af7a41e input=bff07f74da318fb4]/
1712	{
1713	unsigned char digest[EVP_MAX_MD_SIZE];
1714	unsigned int digest_size = _hmac_digest_size(self);
1715	if (digest_size == `0`) {
1716	return _setException(PyExc_ValueError, NULL);
1717	}
1718	int r = _hmac_digest(self, digest, digest_size);
1719	if (r == `0`) {
1720	return NULL;
1721	}
1722	return PyBytes_FromStringAndSize((const char *)digest, digest_size);
1723	}
1724
1725	/[clinic input]*
1726	_hashlib.HMAC.hexdigest
1727
1728	Return hexadecimal digest of the bytes passed to the update() method so far.
1729
1730	This may be used to exchange the value safely in email or other non-binary
1731	environments.
1732	[clinic start generated code]/*
1733
1734	static PyObject *
1735	_hashlib_HMAC_hexdigest_impl(HMACobject *self)
1736	/[clinic end generated code: output=80d825be1eaae6a7 input=5abc42702874ddcf]/
1737	{
1738	unsigned char digest[EVP_MAX_MD_SIZE];
1739	unsigned int digest_size = _hmac_digest_size(self);
1740	if (digest_size == `0`) {
1741	return _setException(PyExc_ValueError, NULL);
1742	}
1743	int r = _hmac_digest(self, digest, digest_size);
1744	if (r == `0`) {
1745	return NULL;
1746	}
1747	return _Py_strhex((const char *)digest, digest_size);
1748	}
1749
1750	static PyObject *
1751	_hashlib_hmac_get_digest_size(HMACobject self, void* *closure)
1752	{
1753	unsigned int digest_size = _hmac_digest_size(self);
1754	if (digest_size == `0`) {
1755	return _setException(PyExc_ValueError, NULL);
1756	}
1757	return PyLong_FromLong(digest_size);
1758	}
1759
1760	static PyObject *
1761	_hashlib_hmac_get_block_size(HMACobject self, void* *closure)
1762	{
1763	const EVP_MD *md = HMAC_CTX_get_md(self->ctx);
1764	if (md == NULL) {
1765	return _setException(PyExc_ValueError, NULL);
1766	}
1767	return PyLong_FromLong(EVP_MD_block_size(md));
1768	}
1769
1770	static PyObject *
1771	_hashlib_hmac_get_name(HMACobject self, void* *closure)
1772	{
1773	PyObject *digest_name = py_digest_name(HMAC_CTX_get_md(self->ctx));
1774	if (digest_name == NULL) {
1775	return NULL;
1776	}
1777	PyObject *name = PyUnicode_FromFormat("hmac-%U", digest_name);
1778	Py_DECREF(digest_name);
1779	return name;
1780	}
1781
1782	static PyMethodDef HMAC_methods[] = {
1783	_HASHLIB_HMAC_UPDATE_METHODDEF
1784	_HASHLIB_HMAC_DIGEST_METHODDEF
1785	_HASHLIB_HMAC_HEXDIGEST_METHODDEF
1786	_HASHLIB_HMAC_COPY_METHODDEF
1787	{NULL, NULL} / sentinel /
1788	};
1789
1790	static PyGetSetDef HMAC_getset[] = {
1791	{"digest_size", (getter)_hashlib_hmac_get_digest_size, NULL, NULL, NULL},
1792	{"block_size", (getter)_hashlib_hmac_get_block_size, NULL, NULL, NULL},
1793	{"name", (getter)_hashlib_hmac_get_name, NULL, NULL, NULL},
1794	{NULL} / Sentinel /
1795	};
1796
1797
1798	PyDoc_STRVAR(hmactype_doc,
1799	"The object used to calculate HMAC of a message.\n\
1800	\n\
1801	Methods:\n\
1802	\n\
1803	update() -- updates the current digest with an additional string\n\
1804	digest() -- return the current digest value\n\
1805	hexdigest() -- return the current digest as a string of hexadecimal digits\n\
1806	copy() -- return a copy of the current hash object\n\
1807	\n\
1808	Attributes:\n\
1809	\n\
1810	name -- the name, including the hash algorithm used by this object\n\
1811	digest_size -- number of bytes in digest() output\n");
1812
1813	static PyType_Slot HMACtype_slots[] = {
1814	{Py_tp_doc, (char *)hmactype_doc},
1815	{Py_tp_repr, (reprfunc)_hmac_repr},
1816	{Py_tp_dealloc,(destructor)_hmac_dealloc},
1817	{Py_tp_methods, HMAC_methods},
1818	{Py_tp_getset, HMAC_getset},
1819	{`0`, NULL}
1820	};
1821
1822	PyType_Spec HMACtype_spec = {
1823	"_hashlib.HMAC", / name /
1824	sizeof(HMACobject), / basicsize /
1825	.flags = Py_TPFLAGS_DEFAULT \| Py_TPFLAGS_DISALLOW_INSTANTIATION \| Py_TPFLAGS_IMMUTABLETYPE,
1826	.slots = HMACtype_slots,
1827	};
1828
1829
1830	/ State for our callback function so that it can accumulate a result. /
1831	typedef struct _internal_name_mapper_state {
1832	PyObject *set;
1833	int error;
1834	} _InternalNameMapperState;
1835
1836
1837	/ A callback function to pass to OpenSSL's OBJ_NAME_do_all(...) /
1838	static void
1839	#if OPENSSL_VERSION_NUMBER >= 0x30000000L
1840	_openssl_hash_name_mapper(EVP_MD md, void* *arg)
1841	#else
1842	_openssl_hash_name_mapper(const EVP_MD md, const* char *from,
1843	const char to, void* *arg)
1844	#endif
1845	{
1846	_InternalNameMapperState state = (_InternalNameMapperState )arg;
1847	PyObject *py_name;
1848
1849	assert(state != NULL);
1850	// ignore all undefined providers
1851	if ((md == NULL) \|\| (EVP_MD_nid(md) == NID_undef)) {
1852	return;
1853	}
1854
1855	py_name = py_digest_name(md);
1856	if (py_name == NULL) {
1857	state->error = `1`;
1858	} else {
1859	if (PySet_Add(state->set, py_name) != `0`) {
1860	state->error = `1`;
1861	}
1862	Py_DECREF(py_name);
1863	}
1864	}
1865
1866
1867	/ Ask OpenSSL for a list of supported ciphers, filling in a Python set. /
1868	static int
1869	hashlib_md_meth_names(PyObject *module)
1870	{
1871	_InternalNameMapperState state = {
1872	.set = PyFrozenSet_New(NULL),
1873	.error = `0`
1874	};
1875	if (state.set == NULL) {
1876	return -`1`;
1877	}
1878
1879	#if OPENSSL_VERSION_NUMBER >= 0x30000000L
1880	// get algorithms from all activated providers in default context
1881	EVP_MD_do_all_provided(NULL, &_openssl_hash_name_mapper, &state);
1882	#else
1883	EVP_MD_do_all(&_openssl_hash_name_mapper, &state);
1884	#endif
1885
1886	if (state.error) {
1887	Py_DECREF(state.set);
1888	return -`1`;
1889	}
1890
1891	if (PyModule_AddObject(module, "openssl_md_meth_names", state.set) < `0`) {
1892	Py_DECREF(state.set);
1893	return -`1`;
1894	}
1895
1896	return `0`;
1897	}
1898
1899	/[clinic input]*
1900	_hashlib.get_fips_mode -> int
1901
1902	Determine the OpenSSL FIPS mode of operation.
1903
1904	For OpenSSL 3.0.0 and newer it returns the state of the default provider
1905	in the default OSSL context. It's not quite the same as FIPS_mode() but good
1906	enough for unittests.
1907
1908	Effectively any non-zero return value indicates FIPS mode;
1909	values other than 1 may have additional significance.
1910	[clinic start generated code]/*
1911
1912	static int
1913	_hashlib_get_fips_mode_impl(PyObject *module)
1914	/[clinic end generated code: output=87eece1bab4d3fa9 input=2db61538c41c6fef]/
1915
1916	{
1917	#if OPENSSL_VERSION_NUMBER >= 0x30000000L
1918	return EVP_default_properties_is_fips_enabled(NULL);
1919	#else
1920	ERR_clear_error();
1921	int result = FIPS_mode();
1922	if (result == `0`) {
1923	// "If the library was built without support of the FIPS Object Module,
1924	// then the function will return 0 with an error code of
1925	// CRYPTO_R_FIPS_MODE_NOT_SUPPORTED (0x0f06d065)."
1926	// But 0 is also a valid result value.
1927	unsigned long errcode = ERR_peek_last_error();
1928	if (errcode) {
1929	_setException(PyExc_ValueError, NULL);
1930	return -`1`;
1931	}
1932	}
1933	return result;
1934	#endif
1935	}
1936
1937
1938	static int
1939	_tscmp(const unsigned char a, const* unsigned char *b,
1940	Py_ssize_t len_a, Py_ssize_t len_b)
1941	{
1942	/ loop count depends on length of b. Might leak very little timing*
1943	* information if sizes are different.
1944	*/
1945	Py_ssize_t length = len_b;
1946	const void *left = a;
1947	const void *right = b;
1948	int result = `0`;
1949
1950	if (len_a != length) {
1951	left = b;
1952	result = `1`;
1953	}
1954
1955	result \|= CRYPTO_memcmp(left, right, length);
1956
1957	return (result == `0`);
1958	}
1959
1960	/ NOTE: Keep in sync with _operator.c implementation. /
1961
1962	/[clinic input]*
1963	_hashlib.compare_digest
1964
1965	a: object
1966	b: object
1967	/
1968
1969	Return 'a == b'.
1970
1971	This function uses an approach designed to prevent
1972	timing analysis, making it appropriate for cryptography.
1973
1974	a and b must both be of the same type: either str (ASCII only),
1975	or any bytes-like object.
1976
1977	Note: If a and b are of different lengths, or if an error occurs,
1978	a timing attack could theoretically reveal information about the
1979	types and lengths of a and b--but not their values.
1980	[clinic start generated code]/*
1981
1982	static PyObject *
1983	_hashlib_compare_digest_impl(PyObject module, PyObject a, PyObject *b)
1984	/[clinic end generated code: output=6f1c13927480aed9 input=9c40c6e566ca12f5]/
1985	{
1986	int rc;
1987
1988	/ ASCII unicode string /
1989	if(PyUnicode_Check(a) && PyUnicode_Check(b)) {
1990	if (PyUnicode_READY(a) == -`1` \|\| PyUnicode_READY(b) == -`1`) {
1991	return NULL;
1992	}
1993	if (!PyUnicode_IS_ASCII(a) \|\| !PyUnicode_IS_ASCII(b)) {
1994	PyErr_SetString(PyExc_TypeError,
1995	"comparing strings with non-ASCII characters is "
1996	"not supported");
1997	return NULL;
1998	}
1999
2000	rc = _tscmp(PyUnicode_DATA(a),
2001	PyUnicode_DATA(b),
2002	PyUnicode_GET_LENGTH(a),
2003	PyUnicode_GET_LENGTH(b));
2004	}
2005	/ fallback to buffer interface for bytes, bytesarray and other /
2006	else {
2007	Py_buffer view_a;
2008	Py_buffer view_b;
2009
2010	if (PyObject_CheckBuffer(a) == `0` && PyObject_CheckBuffer(b) == `0`) {
2011	PyErr_Format(PyExc_TypeError,
2012	"unsupported operand types(s) or combination of types: "
2013	"'%.100s' and '%.100s'",
2014	Py_TYPE(a)->tp_name, Py_TYPE(b)->tp_name);
2015	return NULL;
2016	}
2017
2018	if (PyObject_GetBuffer(a, &view_a, PyBUF_SIMPLE) == -`1`) {
2019	return NULL;
2020	}
2021	if (view_a.ndim > `1`) {
2022	PyErr_SetString(PyExc_BufferError,
2023	"Buffer must be single dimension");
2024	PyBuffer_Release(&view_a);
2025	return NULL;
2026	}
2027
2028	if (PyObject_GetBuffer(b, &view_b, PyBUF_SIMPLE) == -`1`) {
2029	PyBuffer_Release(&view_a);
2030	return NULL;
2031	}
2032	if (view_b.ndim > `1`) {
2033	PyErr_SetString(PyExc_BufferError,
2034	"Buffer must be single dimension");
2035	PyBuffer_Release(&view_a);
2036	PyBuffer_Release(&view_b);
2037	return NULL;
2038	}
2039
2040	rc = _tscmp((const unsigned char*)view_a.buf,
2041	(const unsigned char*)view_b.buf,
2042	view_a.len,
2043	view_b.len);
2044
2045	PyBuffer_Release(&view_a);
2046	PyBuffer_Release(&view_b);
2047	}
2048
2049	return PyBool_FromLong(rc);
2050	}
2051
2052	/ List of functions exported by this module /
2053
2054	static struct PyMethodDef EVP_functions[] = {
2055	EVP_NEW_METHODDEF
2056	PBKDF2_HMAC_METHODDEF
2057	_HASHLIB_SCRYPT_METHODDEF
2058	_HASHLIB_GET_FIPS_MODE_METHODDEF
2059	_HASHLIB_COMPARE_DIGEST_METHODDEF
2060	_HASHLIB_HMAC_SINGLESHOT_METHODDEF
2061	_HASHLIB_HMAC_NEW_METHODDEF
2062	_HASHLIB_OPENSSL_MD5_METHODDEF
2063	_HASHLIB_OPENSSL_SHA1_METHODDEF
2064	_HASHLIB_OPENSSL_SHA224_METHODDEF
2065	_HASHLIB_OPENSSL_SHA256_METHODDEF
2066	_HASHLIB_OPENSSL_SHA384_METHODDEF
2067	_HASHLIB_OPENSSL_SHA512_METHODDEF
2068	_HASHLIB_OPENSSL_SHA3_224_METHODDEF
2069	_HASHLIB_OPENSSL_SHA3_256_METHODDEF
2070	_HASHLIB_OPENSSL_SHA3_384_METHODDEF
2071	_HASHLIB_OPENSSL_SHA3_512_METHODDEF
2072	_HASHLIB_OPENSSL_SHAKE_128_METHODDEF
2073	_HASHLIB_OPENSSL_SHAKE_256_METHODDEF
2074	{NULL, NULL} / Sentinel /
2075	};
2076
2077
2078	/ Initialize this module. /
2079
2080	static int
2081	hashlib_traverse(PyObject m, visitproc visit, void* *arg)
2082	{
2083	_hashlibstate *state = get_hashlib_state(m);
2084	Py_VISIT(state->EVPtype);
2085	Py_VISIT(state->HMACtype);
2086	#ifdef PY_OPENSSL_HAS_SHAKE
2087	Py_VISIT(state->EVPXOFtype);
2088	#endif
2089	Py_VISIT(state->constructs);
2090	Py_VISIT(state->unsupported_digestmod_error);
2091	return `0`;
2092	}
2093
2094	static int
2095	hashlib_clear(PyObject *m)
2096	{
2097	_hashlibstate *state = get_hashlib_state(m);
2098	Py_CLEAR(state->EVPtype);
2099	Py_CLEAR(state->HMACtype);
2100	#ifdef PY_OPENSSL_HAS_SHAKE
2101	Py_CLEAR(state->EVPXOFtype);
2102	#endif
2103	Py_CLEAR(state->constructs);
2104	Py_CLEAR(state->unsupported_digestmod_error);
2105
2106	if (state->hashtable != NULL) {
2107	_Py_hashtable_destroy(state->hashtable);
2108	state->hashtable = NULL;
2109	}
2110
2111	return `0`;
2112	}
2113
2114	static void
2115	hashlib_free(void *m)
2116	{
2117	hashlib_clear((PyObject *)m);
2118	}
2119
2120	/ Py_mod_exec functions /
2121	static int
2122	hashlib_init_hashtable(PyObject *module)
2123	{
2124	_hashlibstate *state = get_hashlib_state(module);
2125
2126	state->hashtable = py_hashentry_table_new();
2127	if (state->hashtable == NULL) {
2128	PyErr_NoMemory();
2129	return -`1`;
2130	}
2131	return `0`;
2132	}
2133
2134	static int
2135	hashlib_init_evptype(PyObject *module)
2136	{
2137	_hashlibstate *state = get_hashlib_state(module);
2138
2139	state->EVPtype = (PyTypeObject *)PyType_FromSpec(&EVPtype_spec);
2140	if (state->EVPtype == NULL) {
2141	return -`1`;
2142	}
2143	if (PyModule_AddType(module, state->EVPtype) < `0`) {
2144	return -`1`;
2145	}
2146	return `0`;
2147	}
2148
2149	static int
2150	hashlib_init_evpxoftype(PyObject *module)
2151	{
2152	#ifdef PY_OPENSSL_HAS_SHAKE
2153	_hashlibstate *state = get_hashlib_state(module);
2154
2155	if (state->EVPtype == NULL) {
2156	return -`1`;
2157	}
2158
2159	state->EVPXOFtype = (PyTypeObject *)PyType_FromSpecWithBases(
2160	&EVPXOFtype_spec, (PyObject *)state->EVPtype
2161	);
2162	if (state->EVPXOFtype == NULL) {
2163	return -`1`;
2164	}
2165	if (PyModule_AddType(module, state->EVPXOFtype) < `0`) {
2166	return -`1`;
2167	}
2168	#endif
2169	return `0`;
2170	}
2171
2172	static int
2173	hashlib_init_hmactype(PyObject *module)
2174	{
2175	_hashlibstate *state = get_hashlib_state(module);
2176
2177	state->HMACtype = (PyTypeObject *)PyType_FromSpec(&HMACtype_spec);
2178	if (state->HMACtype == NULL) {
2179	return -`1`;
2180	}
2181	if (PyModule_AddType(module, state->HMACtype) < `0`) {
2182	return -`1`;
2183	}
2184	return `0`;
2185	}
2186
2187	static int
2188	hashlib_init_constructors(PyObject *module)
2189	{
2190	/ Create dict from builtin openssl_hash functions to name*
2191	* {_hashlib.openssl_sha256: "sha256", ...}
2192	*/
2193	PyModuleDef *mdef;
2194	PyMethodDef *fdef;
2195	PyObject *proxy;
2196	PyObject func, name_obj;
2197	_hashlibstate *state = get_hashlib_state(module);
2198
2199	mdef = PyModule_GetDef(module);
2200	if (mdef == NULL) {
2201	return -`1`;
2202	}
2203
2204	state->constructs = PyDict_New();
2205	if (state->constructs == NULL) {
2206	return -`1`;
2207	}
2208
2209	for (fdef = mdef->m_methods; fdef->ml_name != NULL; fdef++) {
2210	if (strncmp(fdef->ml_name, "openssl_", `8`)) {
2211	continue;
2212	}
2213	name_obj = PyUnicode_FromString(fdef->ml_name + `8`);
2214	if (name_obj == NULL) {
2215	return -`1`;
2216	}
2217	func = PyObject_GetAttrString(module, fdef->ml_name);
2218	if (func == NULL) {
2219	Py_DECREF(name_obj);
2220	return -`1`;
2221	}
2222	int rc = PyDict_SetItem(state->constructs, func, name_obj);
2223	Py_DECREF(func);
2224	Py_DECREF(name_obj);
2225	if (rc < `0`) {
2226	return -`1`;
2227	}
2228	}
2229
2230	proxy = PyDictProxy_New(state->constructs);
2231	if (proxy == NULL) {
2232	return -`1`;
2233	}
2234
2235	int rc = PyModule_AddObjectRef(module, "_constructors", proxy);
2236	Py_DECREF(proxy);
2237	if (rc < `0`) {
2238	return -`1`;
2239	}
2240	return `0`;
2241	}
2242
2243	static int
2244	hashlib_exception(PyObject *module)
2245	{
2246	_hashlibstate *state = get_hashlib_state(module);
2247	state->unsupported_digestmod_error = PyErr_NewException(
2248	"_hashlib.UnsupportedDigestmodError", PyExc_ValueError, NULL);
2249	if (state->unsupported_digestmod_error == NULL) {
2250	return -`1`;
2251	}
2252	if (PyModule_AddObjectRef(module, "UnsupportedDigestmodError",
2253	state->unsupported_digestmod_error) < `0`) {
2254	return -`1`;
2255	}
2256	return `0`;
2257	}
2258
2259
2260	static PyModuleDef_Slot hashlib_slots[] = {
2261	{Py_mod_exec, hashlib_init_hashtable},
2262	{Py_mod_exec, hashlib_init_evptype},
2263	{Py_mod_exec, hashlib_init_evpxoftype},
2264	{Py_mod_exec, hashlib_init_hmactype},
2265	{Py_mod_exec, hashlib_md_meth_names},
2266	{Py_mod_exec, hashlib_init_constructors},
2267	{Py_mod_exec, hashlib_exception},
2268	{`0`, NULL}
2269	};
2270
2271	static struct PyModuleDef _hashlibmodule = {
2272	PyModuleDef_HEAD_INIT,
2273	.m_name = "_hashlib",
2274	.m_doc = "OpenSSL interface for hashlib module",
2275	.m_size = sizeof(_hashlibstate),
2276	.m_methods = EVP_functions,
2277	.m_slots = hashlib_slots,
2278	.m_traverse = hashlib_traverse,
2279	.m_clear = hashlib_clear,
2280	.m_free = hashlib_free
2281	};
2282
2283	PyMODINIT_FUNC
2284	PyInit__hashlib(void)
2285	{
2286	return PyModuleDef_Init(&_hashlibmodule);
2287	}
2288

Browse the source code of python/Modules/_hashopenssl.c