1 /* SHA2 module */
2
3 /* This provides an interface to NIST's SHA2 224, 256, 384, & 512 Algorithms */
4
5 /* See below for information about the original code this module was
6 based upon. Additional work performed by:
7
8 Andrew Kuchling (amk@amk.ca)
9 Greg Stein (gstein@lyra.org)
10 Trevor Perrin (trevp@trevp.net)
11 Jonathan Protzenko (jonathan@protzenko.fr)
12
13 Copyright (C) 2005-2007 Gregory P. Smith (greg@krypto.org)
14 Licensed to PSF under a Contributor Agreement.
15
16 */
17
18 /* SHA objects */
19 #ifndef Py_BUILD_CORE_BUILTIN
20 # define Py_BUILD_CORE_MODULE 1
21 #endif
22
23 #include "Python.h"
24 #include "pycore_bitutils.h" // _Py_bswap32()
25 #include "pycore_moduleobject.h" // _PyModule_GetState()
26 #include "pycore_typeobject.h" // _PyType_GetModuleState()
27 #include "pycore_strhex.h" // _Py_strhex()
28 #include "structmember.h" // PyMemberDef
29 #include "hashlib.h"
30
31 /*[clinic input]
32 module _sha2
33 class SHA256Type "SHA256object *" "&PyType_Type"
34 class SHA512Type "SHA512object *" "&PyType_Type"
35 [clinic start generated code]*/
36 /*[clinic end generated code: output=da39a3ee5e6b4b0d input=b5315a7b611c9afc]*/
37
38
39 /* The SHA block sizes and maximum message digest sizes, in bytes */
40
41 #define SHA256_BLOCKSIZE 64
42 #define SHA256_DIGESTSIZE 32
43 #define SHA512_BLOCKSIZE 128
44 #define SHA512_DIGESTSIZE 64
45
46 /* Our SHA2 implementations defer to the HACL* verified library. */
47
48 #include "_hacl/Hacl_Hash_SHA2.h"
49
50 // TODO: Get rid of int digestsize in favor of Hacl state info?
51
52 typedef struct {
53 PyObject_HEAD
54 int digestsize;
55 // Prevents undefined behavior via multiple threads entering the C API.
56 // The lock will be NULL before threaded access has been enabled.
57 PyThread_type_lock lock;
58 Hacl_Streaming_SHA2_state_sha2_256 *state;
59 } SHA256object;
60
61 typedef struct {
62 PyObject_HEAD
63 int digestsize;
64 // Prevents undefined behavior via multiple threads entering the C API.
65 // The lock will be NULL before threaded access has been enabled.
66 PyThread_type_lock lock;
67 Hacl_Streaming_SHA2_state_sha2_512 *state;
68 } SHA512object;
69
70 #include "clinic/sha2module.c.h"
71
72 /* We shall use run-time type information in the remainder of this module to
73 * tell apart SHA2-224 and SHA2-256 */
74 typedef struct {
75 PyTypeObject* sha224_type;
76 PyTypeObject* sha256_type;
77 PyTypeObject* sha384_type;
78 PyTypeObject* sha512_type;
79 } sha2_state;
80
81 static inline sha2_state*
82 sha2_get_state(PyObject *module)
83 {
84 void *state = _PyModule_GetState(module);
85 assert(state != NULL);
86 return (sha2_state *)state;
87 }
88
89 static void SHA256copy(SHA256object *src, SHA256object *dest)
90 {
91 dest->digestsize = src->digestsize;
92 dest->state = Hacl_Streaming_SHA2_copy_256(src->state);
93 }
94
95 static void SHA512copy(SHA512object *src, SHA512object *dest)
96 {
97 dest->digestsize = src->digestsize;
98 dest->state = Hacl_Streaming_SHA2_copy_512(src->state);
99 }
100
101 static SHA256object *
102 newSHA224object(sha2_state *state)
103 {
104 SHA256object *sha = (SHA256object *)PyObject_GC_New(
105 SHA256object, state->sha224_type);
106 if (!sha) {
107 return NULL;
108 }
109 sha->lock = NULL;
110 PyObject_GC_Track(sha);
111 return sha;
112 }
113
114 static SHA256object *
115 newSHA256object(sha2_state *state)
116 {
117 SHA256object *sha = (SHA256object *)PyObject_GC_New(
118 SHA256object, state->sha256_type);
119 if (!sha) {
120 return NULL;
121 }
122 sha->lock = NULL;
123 PyObject_GC_Track(sha);
124 return sha;
125 }
126
127 static SHA512object *
128 newSHA384object(sha2_state *state)
129 {
130 SHA512object *sha = (SHA512object *)PyObject_GC_New(
131 SHA512object, state->sha384_type);
132 if (!sha) {
133 return NULL;
134 }
135 sha->lock = NULL;
136 PyObject_GC_Track(sha);
137 return sha;
138 }
139
140 static SHA512object *
141 newSHA512object(sha2_state *state)
142 {
143 SHA512object *sha = (SHA512object *)PyObject_GC_New(
144 SHA512object, state->sha512_type);
145 if (!sha) {
146 return NULL;
147 }
148 sha->lock = NULL;
149 PyObject_GC_Track(sha);
150 return sha;
151 }
152
153 /* Internal methods for our hash objects. */
154
155 static int
156 SHA2_traverse(PyObject *ptr, visitproc visit, void *arg)
157 {
158 Py_VISIT(Py_TYPE(ptr));
159 return 0;
160 }
161
162 static void
163 SHA256_dealloc(SHA256object *ptr)
164 {
165 Hacl_Streaming_SHA2_free_256(ptr->state);
166 if (ptr->lock != NULL) {
167 PyThread_free_lock(ptr->lock);
168 }
169 PyTypeObject *tp = Py_TYPE(ptr);
170 PyObject_GC_UnTrack(ptr);
171 PyObject_GC_Del(ptr);
172 Py_DECREF(tp);
173 }
174
175 static void
176 SHA512_dealloc(SHA512object *ptr)
177 {
178 Hacl_Streaming_SHA2_free_512(ptr->state);
179 if (ptr->lock != NULL) {
180 PyThread_free_lock(ptr->lock);
181 }
182 PyTypeObject *tp = Py_TYPE(ptr);
183 PyObject_GC_UnTrack(ptr);
184 PyObject_GC_Del(ptr);
185 Py_DECREF(tp);
186 }
187
188 /* HACL* takes a uint32_t for the length of its parameter, but Py_ssize_t can be
189 * 64 bits so we loop in <4gig chunks when needed. */
190
191 static void update_256(Hacl_Streaming_SHA2_state_sha2_256 *state, uint8_t *buf, Py_ssize_t len) {
192 /* Note: we explicitly ignore the error code on the basis that it would take >
193 * 1 billion years to overflow the maximum admissible length for SHA2-256
194 * (namely, 2^61-1 bytes). */
195 #if PY_SSIZE_T_MAX > UINT32_MAX
196 while (len > UINT32_MAX) {
197 Hacl_Streaming_SHA2_update_256(state, buf, UINT32_MAX);
198 len -= UINT32_MAX;
199 buf += UINT32_MAX;
200 }
201 #endif
202 /* Cast to uint32_t is safe: len <= UINT32_MAX at this point. */
203 Hacl_Streaming_SHA2_update_256(state, buf, (uint32_t) len);
204 }
205
206 static void update_512(Hacl_Streaming_SHA2_state_sha2_512 *state, uint8_t *buf, Py_ssize_t len) {
207 /* Note: we explicitly ignore the error code on the basis that it would take >
208 * 1 billion years to overflow the maximum admissible length for this API
209 * (namely, 2^64-1 bytes). */
210 #if PY_SSIZE_T_MAX > UINT32_MAX
211 while (len > UINT32_MAX) {
212 Hacl_Streaming_SHA2_update_512(state, buf, UINT32_MAX);
213 len -= UINT32_MAX;
214 buf += UINT32_MAX;
215 }
216 #endif
217 /* Cast to uint32_t is safe: len <= UINT32_MAX at this point. */
218 Hacl_Streaming_SHA2_update_512(state, buf, (uint32_t) len);
219 }
220
221
222 /* External methods for our hash objects */
223
224 /*[clinic input]
225 SHA256Type.copy
226
227 cls:defining_class
228
229 Return a copy of the hash object.
230 [clinic start generated code]*/
231
232 static PyObject *
233 SHA256Type_copy_impl(SHA256object *self, PyTypeObject *cls)
234 /*[clinic end generated code: output=fabd515577805cd3 input=3137146fcb88e212]*/
235 {
236 SHA256object *newobj;
237 sha2_state *state = _PyType_GetModuleState(cls);
238 if (Py_IS_TYPE(self, state->sha256_type)) {
239 if ((newobj = newSHA256object(state)) == NULL) {
240 return NULL;
241 }
242 } else {
243 if ((newobj = newSHA224object(state)) == NULL) {
244 return NULL;
245 }
246 }
247
248 ENTER_HASHLIB(self);
249 SHA256copy(self, newobj);
250 LEAVE_HASHLIB(self);
251 return (PyObject *)newobj;
252 }
253
254 /*[clinic input]
255 SHA512Type.copy
256
257 cls: defining_class
258
259 Return a copy of the hash object.
260 [clinic start generated code]*/
261
262 static PyObject *
263 SHA512Type_copy_impl(SHA512object *self, PyTypeObject *cls)
264 /*[clinic end generated code: output=66d2a8ef20de8302 input=f673a18f66527c90]*/
265 {
266 SHA512object *newobj;
267 sha2_state *state = _PyType_GetModuleState(cls);
268
269 if (Py_IS_TYPE((PyObject*)self, state->sha512_type)) {
270 if ((newobj = newSHA512object(state)) == NULL) {
271 return NULL;
272 }
273 }
274 else {
275 if ((newobj = newSHA384object(state)) == NULL) {
276 return NULL;
277 }
278 }
279
280 ENTER_HASHLIB(self);
281 SHA512copy(self, newobj);
282 LEAVE_HASHLIB(self);
283 return (PyObject *)newobj;
284 }
285
286 /*[clinic input]
287 SHA256Type.digest
288
289 Return the digest value as a bytes object.
290 [clinic start generated code]*/
291
292 static PyObject *
293 SHA256Type_digest_impl(SHA256object *self)
294 /*[clinic end generated code: output=3a2e3997a98ee792 input=f1f4cfea5cbde35c]*/
295 {
296 uint8_t digest[SHA256_DIGESTSIZE];
297 assert(self->digestsize <= SHA256_DIGESTSIZE);
298 ENTER_HASHLIB(self);
299 // HACL* performs copies under the hood so that self->state remains valid
300 // after this call.
301 Hacl_Streaming_SHA2_finish_256(self->state, digest);
302 LEAVE_HASHLIB(self);
303 return PyBytes_FromStringAndSize((const char *)digest, self->digestsize);
304 }
305
306 /*[clinic input]
307 SHA512Type.digest
308
309 Return the digest value as a bytes object.
310 [clinic start generated code]*/
311
312 static PyObject *
313 SHA512Type_digest_impl(SHA512object *self)
314 /*[clinic end generated code: output=dd8c6320070458e0 input=f6470dd359071f4b]*/
315 {
316 uint8_t digest[SHA512_DIGESTSIZE];
317 assert(self->digestsize <= SHA512_DIGESTSIZE);
318 ENTER_HASHLIB(self);
319 // HACL* performs copies under the hood so that self->state remains valid
320 // after this call.
321 Hacl_Streaming_SHA2_finish_512(self->state, digest);
322 LEAVE_HASHLIB(self);
323 return PyBytes_FromStringAndSize((const char *)digest, self->digestsize);
324 }
325
326 /*[clinic input]
327 SHA256Type.hexdigest
328
329 Return the digest value as a string of hexadecimal digits.
330 [clinic start generated code]*/
331
332 static PyObject *
333 SHA256Type_hexdigest_impl(SHA256object *self)
334 /*[clinic end generated code: output=96cb68996a780ab3 input=0cc4c714693010d1]*/
335 {
336 uint8_t digest[SHA256_DIGESTSIZE];
337 assert(self->digestsize <= SHA256_DIGESTSIZE);
338 ENTER_HASHLIB(self);
339 Hacl_Streaming_SHA2_finish_256(self->state, digest);
340 LEAVE_HASHLIB(self);
341 return _Py_strhex((const char *)digest, self->digestsize);
342 }
343
344 /*[clinic input]
345 SHA512Type.hexdigest
346
347 Return the digest value as a string of hexadecimal digits.
348 [clinic start generated code]*/
349
350 static PyObject *
351 SHA512Type_hexdigest_impl(SHA512object *self)
352 /*[clinic end generated code: output=cbd6f844aba1fe7c input=498b877b25cbe0a2]*/
353 {
354 uint8_t digest[SHA512_DIGESTSIZE];
355 assert(self->digestsize <= SHA512_DIGESTSIZE);
356 ENTER_HASHLIB(self);
357 Hacl_Streaming_SHA2_finish_512(self->state, digest);
358 LEAVE_HASHLIB(self);
359 return _Py_strhex((const char *)digest, self->digestsize);
360 }
361
362 /*[clinic input]
363 SHA256Type.update
364
365 obj: object
366 /
367
368 Update this hash object's state with the provided string.
369 [clinic start generated code]*/
370
371 static PyObject *
372 SHA256Type_update(SHA256object *self, PyObject *obj)
373 /*[clinic end generated code: output=1b240f965ddbd8c6 input=b2d449d5b30f0f5a]*/
374 {
375 Py_buffer buf;
376
377 GET_BUFFER_VIEW_OR_ERROUT(obj, &buf);
378
379 if (self->lock == NULL && buf.len >= HASHLIB_GIL_MINSIZE) {
380 self->lock = PyThread_allocate_lock();
381 }
382 if (self->lock != NULL) {
383 Py_BEGIN_ALLOW_THREADS
384 PyThread_acquire_lock(self->lock, 1);
385 update_256(self->state, buf.buf, buf.len);
386 PyThread_release_lock(self->lock);
387 Py_END_ALLOW_THREADS
388 } else {
389 update_256(self->state, buf.buf, buf.len);
390 }
391
392 PyBuffer_Release(&buf);
393 Py_RETURN_NONE;
394 }
395
396 /*[clinic input]
397 SHA512Type.update
398
399 obj: object
400 /
401
402 Update this hash object's state with the provided string.
403 [clinic start generated code]*/
404
405 static PyObject *
406 SHA512Type_update(SHA512object *self, PyObject *obj)
407 /*[clinic end generated code: output=745f51057a985884 input=ded2b46656566283]*/
408 {
409 Py_buffer buf;
410
411 GET_BUFFER_VIEW_OR_ERROUT(obj, &buf);
412
413 if (self->lock == NULL && buf.len >= HASHLIB_GIL_MINSIZE) {
414 self->lock = PyThread_allocate_lock();
415 }
416 if (self->lock != NULL) {
417 Py_BEGIN_ALLOW_THREADS
418 PyThread_acquire_lock(self->lock, 1);
419 update_512(self->state, buf.buf, buf.len);
420 PyThread_release_lock(self->lock);
421 Py_END_ALLOW_THREADS
422 } else {
423 update_512(self->state, buf.buf, buf.len);
424 }
425
426 PyBuffer_Release(&buf);
427 Py_RETURN_NONE;
428 }
429
430 static PyMethodDef SHA256_methods[] = {
431 SHA256TYPE_COPY_METHODDEF
432 SHA256TYPE_DIGEST_METHODDEF
433 SHA256TYPE_HEXDIGEST_METHODDEF
434 SHA256TYPE_UPDATE_METHODDEF
435 {NULL, NULL} /* sentinel */
436 };
437
438 static PyMethodDef SHA512_methods[] = {
439 SHA512TYPE_COPY_METHODDEF
440 SHA512TYPE_DIGEST_METHODDEF
441 SHA512TYPE_HEXDIGEST_METHODDEF
442 SHA512TYPE_UPDATE_METHODDEF
443 {NULL, NULL} /* sentinel */
444 };
445
446 static PyObject *
447 SHA256_get_block_size(PyObject *self, void *closure)
448 {
449 return PyLong_FromLong(SHA256_BLOCKSIZE);
450 }
451
452 static PyObject *
453 SHA512_get_block_size(PyObject *self, void *closure)
454 {
455 return PyLong_FromLong(SHA512_BLOCKSIZE);
456 }
457
458 static PyObject *
459 SHA256_get_digest_size(SHA256object *self, void *closure)
460 {
461 return PyLong_FromLong(self->digestsize);
462 }
463
464 static PyObject *
465 SHA512_get_digest_size(SHA512object *self, void *closure)
466 {
467 return PyLong_FromLong(self->digestsize);
468 }
469
470 static PyObject *
471 SHA256_get_name(SHA256object *self, void *closure)
472 {
473 if (self->digestsize == 28) {
474 return PyUnicode_FromStringAndSize("sha224", 6);
475 }
476 return PyUnicode_FromStringAndSize("sha256", 6);
477 }
478
479 static PyObject *
480 SHA512_get_name(SHA512object *self, void *closure)
481 {
482 if (self->digestsize == 64) {
483 return PyUnicode_FromStringAndSize("sha512", 6);
484 }
485 return PyUnicode_FromStringAndSize("sha384", 6);
486 }
487
488 static PyGetSetDef SHA256_getseters[] = {
489 {"block_size",
490 (getter)SHA256_get_block_size, NULL,
491 NULL,
492 NULL},
493 {"name",
494 (getter)SHA256_get_name, NULL,
495 NULL,
496 NULL},
497 {"digest_size",
498 (getter)SHA256_get_digest_size, NULL,
499 NULL,
500 NULL},
501 {NULL} /* Sentinel */
502 };
503
504 static PyGetSetDef SHA512_getseters[] = {
505 {"block_size",
506 (getter)SHA512_get_block_size, NULL,
507 NULL,
508 NULL},
509 {"name",
510 (getter)SHA512_get_name, NULL,
511 NULL,
512 NULL},
513 {"digest_size",
514 (getter)SHA512_get_digest_size, NULL,
515 NULL,
516 NULL},
517 {NULL} /* Sentinel */
518 };
519
520 static PyType_Slot sha256_types_slots[] = {
521 {Py_tp_dealloc, SHA256_dealloc},
522 {Py_tp_methods, SHA256_methods},
523 {Py_tp_getset, SHA256_getseters},
524 {Py_tp_traverse, SHA2_traverse},
525 {0,0}
526 };
527
528 static PyType_Slot sha512_type_slots[] = {
529 {Py_tp_dealloc, SHA512_dealloc},
530 {Py_tp_methods, SHA512_methods},
531 {Py_tp_getset, SHA512_getseters},
532 {Py_tp_traverse, SHA2_traverse},
533 {0,0}
534 };
535
536 // Using _PyType_GetModuleState() on these types is safe since they
537 // cannot be subclassed: they don't have the Py_TPFLAGS_BASETYPE flag.
538 static PyType_Spec sha224_type_spec = {
539 .name = "_sha2.SHA224Type",
540 .basicsize = sizeof(SHA256object),
541 .flags = (Py_TPFLAGS_DEFAULT | Py_TPFLAGS_DISALLOW_INSTANTIATION |
542 Py_TPFLAGS_IMMUTABLETYPE | Py_TPFLAGS_HAVE_GC),
543 .slots = sha256_types_slots
544 };
545
546 static PyType_Spec sha256_type_spec = {
547 .name = "_sha2.SHA256Type",
548 .basicsize = sizeof(SHA256object),
549 .flags = (Py_TPFLAGS_DEFAULT | Py_TPFLAGS_DISALLOW_INSTANTIATION |
550 Py_TPFLAGS_IMMUTABLETYPE | Py_TPFLAGS_HAVE_GC),
551 .slots = sha256_types_slots
552 };
553
554 static PyType_Spec sha384_type_spec = {
555 .name = "_sha2.SHA384Type",
556 .basicsize = sizeof(SHA512object),
557 .flags = (Py_TPFLAGS_DEFAULT | Py_TPFLAGS_DISALLOW_INSTANTIATION |
558 Py_TPFLAGS_IMMUTABLETYPE | Py_TPFLAGS_HAVE_GC),
559 .slots = sha512_type_slots
560 };
561
562 static PyType_Spec sha512_type_spec = {
563 .name = "_sha2.SHA512Type",
564 .basicsize = sizeof(SHA512object),
565 .flags = (Py_TPFLAGS_DEFAULT | Py_TPFLAGS_DISALLOW_INSTANTIATION |
566 Py_TPFLAGS_IMMUTABLETYPE | Py_TPFLAGS_HAVE_GC),
567 .slots = sha512_type_slots
568 };
569
570 /* The module-level constructors. */
571
572 /*[clinic input]
573 _sha2.sha256
574
575 string: object(c_default="NULL") = b''
576 *
577 usedforsecurity: bool = True
578
579 Return a new SHA-256 hash object; optionally initialized with a string.
580 [clinic start generated code]*/
581
582 static PyObject *
583 _sha2_sha256_impl(PyObject *module, PyObject *string, int usedforsecurity)
584 /*[clinic end generated code: output=243c9dd289931f87 input=6249da1de607280a]*/
585 {
586 Py_buffer buf;
587
588 if (string) {
589 GET_BUFFER_VIEW_OR_ERROUT(string, &buf);
590 }
591
592 sha2_state *state = sha2_get_state(module);
593
594 SHA256object *new;
595 if ((new = newSHA256object(state)) == NULL) {
596 if (string) {
597 PyBuffer_Release(&buf);
598 }
599 return NULL;
600 }
601
602 new->state = Hacl_Streaming_SHA2_create_in_256();
603 new->digestsize = 32;
604
605 if (PyErr_Occurred()) {
606 Py_DECREF(new);
607 if (string) {
608 PyBuffer_Release(&buf);
609 }
610 return NULL;
611 }
612 if (string) {
613 if (buf.len >= HASHLIB_GIL_MINSIZE) {
614 /* We do not initialize self->lock here as this is the constructor
615 * where it is not yet possible to have concurrent access. */
616 Py_BEGIN_ALLOW_THREADS
617 update_256(new->state, buf.buf, buf.len);
618 Py_END_ALLOW_THREADS
619 } else {
620 update_256(new->state, buf.buf, buf.len);
621 }
622 PyBuffer_Release(&buf);
623 }
624
625 return (PyObject *)new;
626 }
627
628 /*[clinic input]
629 _sha2.sha224
630
631 string: object(c_default="NULL") = b''
632 *
633 usedforsecurity: bool = True
634
635 Return a new SHA-224 hash object; optionally initialized with a string.
636 [clinic start generated code]*/
637
638 static PyObject *
639 _sha2_sha224_impl(PyObject *module, PyObject *string, int usedforsecurity)
640 /*[clinic end generated code: output=68191f232e4a3843 input=c42bcba47fd7d2b7]*/
641 {
642 Py_buffer buf;
643 if (string) {
644 GET_BUFFER_VIEW_OR_ERROUT(string, &buf);
645 }
646
647 sha2_state *state = sha2_get_state(module);
648 SHA256object *new;
649 if ((new = newSHA224object(state)) == NULL) {
650 if (string) {
651 PyBuffer_Release(&buf);
652 }
653 return NULL;
654 }
655
656 new->state = Hacl_Streaming_SHA2_create_in_224();
657 new->digestsize = 28;
658
659 if (PyErr_Occurred()) {
660 Py_DECREF(new);
661 if (string) {
662 PyBuffer_Release(&buf);
663 }
664 return NULL;
665 }
666 if (string) {
667 if (buf.len >= HASHLIB_GIL_MINSIZE) {
668 /* We do not initialize self->lock here as this is the constructor
669 * where it is not yet possible to have concurrent access. */
670 Py_BEGIN_ALLOW_THREADS
671 update_256(new->state, buf.buf, buf.len);
672 Py_END_ALLOW_THREADS
673 } else {
674 update_256(new->state, buf.buf, buf.len);
675 }
676 PyBuffer_Release(&buf);
677 }
678
679 return (PyObject *)new;
680 }
681
682 /*[clinic input]
683 _sha2.sha512
684
685 string: object(c_default="NULL") = b''
686 *
687 usedforsecurity: bool = True
688
689 Return a new SHA-512 hash object; optionally initialized with a string.
690 [clinic start generated code]*/
691
692 static PyObject *
693 _sha2_sha512_impl(PyObject *module, PyObject *string, int usedforsecurity)
694 /*[clinic end generated code: output=d55c8996eca214d7 input=0576ae2a6ebfad25]*/
695 {
696 SHA512object *new;
697 Py_buffer buf;
698
699 sha2_state *state = sha2_get_state(module);
700
701 if (string)
702 GET_BUFFER_VIEW_OR_ERROUT(string, &buf);
703
704 if ((new = newSHA512object(state)) == NULL) {
705 if (string)
706 PyBuffer_Release(&buf);
707 return NULL;
708 }
709
710 new->state = Hacl_Streaming_SHA2_create_in_512();
711 new->digestsize = 64;
712
713 if (PyErr_Occurred()) {
714 Py_DECREF(new);
715 if (string)
716 PyBuffer_Release(&buf);
717 return NULL;
718 }
719 if (string) {
720 if (buf.len >= HASHLIB_GIL_MINSIZE) {
721 /* We do not initialize self->lock here as this is the constructor
722 * where it is not yet possible to have concurrent access. */
723 Py_BEGIN_ALLOW_THREADS
724 update_512(new->state, buf.buf, buf.len);
725 Py_END_ALLOW_THREADS
726 } else {
727 update_512(new->state, buf.buf, buf.len);
728 }
729 PyBuffer_Release(&buf);
730 }
731
732 return (PyObject *)new;
733 }
734
735 /*[clinic input]
736 _sha2.sha384
737
738 string: object(c_default="NULL") = b''
739 *
740 usedforsecurity: bool = True
741
742 Return a new SHA-384 hash object; optionally initialized with a string.
743 [clinic start generated code]*/
744
745 static PyObject *
746 _sha2_sha384_impl(PyObject *module, PyObject *string, int usedforsecurity)
747 /*[clinic end generated code: output=b29a0d81d51d1368 input=4e9199d8de0d2f9b]*/
748 {
749 SHA512object *new;
750 Py_buffer buf;
751
752 sha2_state *state = sha2_get_state(module);
753
754 if (string)
755 GET_BUFFER_VIEW_OR_ERROUT(string, &buf);
756
757 if ((new = newSHA384object(state)) == NULL) {
758 if (string)
759 PyBuffer_Release(&buf);
760 return NULL;
761 }
762
763 new->state = Hacl_Streaming_SHA2_create_in_384();
764 new->digestsize = 48;
765
766 if (PyErr_Occurred()) {
767 Py_DECREF(new);
768 if (string)
769 PyBuffer_Release(&buf);
770 return NULL;
771 }
772 if (string) {
773 if (buf.len >= HASHLIB_GIL_MINSIZE) {
774 /* We do not initialize self->lock here as this is the constructor
775 * where it is not yet possible to have concurrent access. */
776 Py_BEGIN_ALLOW_THREADS
777 update_512(new->state, buf.buf, buf.len);
778 Py_END_ALLOW_THREADS
779 } else {
780 update_512(new->state, buf.buf, buf.len);
781 }
782 PyBuffer_Release(&buf);
783 }
784
785 return (PyObject *)new;
786 }
787
788 /* List of functions exported by this module */
789
790 static struct PyMethodDef SHA2_functions[] = {
791 _SHA2_SHA256_METHODDEF
792 _SHA2_SHA224_METHODDEF
793 _SHA2_SHA512_METHODDEF
794 _SHA2_SHA384_METHODDEF
795 {NULL, NULL} /* Sentinel */
796 };
797
798 static int
799 _sha2_traverse(PyObject *module, visitproc visit, void *arg)
800 {
801 sha2_state *state = sha2_get_state(module);
802 Py_VISIT(state->sha224_type);
803 Py_VISIT(state->sha256_type);
804 Py_VISIT(state->sha384_type);
805 Py_VISIT(state->sha512_type);
806 return 0;
807 }
808
809 static int
810 _sha2_clear(PyObject *module)
811 {
812 sha2_state *state = sha2_get_state(module);
813 Py_CLEAR(state->sha224_type);
814 Py_CLEAR(state->sha256_type);
815 Py_CLEAR(state->sha384_type);
816 Py_CLEAR(state->sha512_type);
817 return 0;
818 }
819
820 static void
821 _sha2_free(void *module)
822 {
823 _sha2_clear((PyObject *)module);
824 }
825
826 /* Initialize this module. */
827 static int sha2_exec(PyObject *module)
828 {
829 sha2_state *state = sha2_get_state(module);
830
831 state->sha224_type = (PyTypeObject *)PyType_FromModuleAndSpec(
832 module, &sha224_type_spec, NULL);
833 if (state->sha224_type == NULL) {
834 return -1;
835 }
836 state->sha256_type = (PyTypeObject *)PyType_FromModuleAndSpec(
837 module, &sha256_type_spec, NULL);
838 if (state->sha256_type == NULL) {
839 return -1;
840 }
841 state->sha384_type = (PyTypeObject *)PyType_FromModuleAndSpec(
842 module, &sha384_type_spec, NULL);
843 if (state->sha384_type == NULL) {
844 return -1;
845 }
846 state->sha512_type = (PyTypeObject *)PyType_FromModuleAndSpec(
847 module, &sha512_type_spec, NULL);
848 if (state->sha512_type == NULL) {
849 return -1;
850 }
851
852 if (PyModule_AddType(module, state->sha224_type) < 0) {
853 return -1;
854 }
855 if (PyModule_AddType(module, state->sha256_type) < 0) {
856 return -1;
857 }
858 if (PyModule_AddType(module, state->sha384_type) < 0) {
859 return -1;
860 }
861 if (PyModule_AddType(module, state->sha512_type) < 0) {
862 return -1;
863 }
864
865 return 0;
866 }
867
868 static PyModuleDef_Slot _sha2_slots[] = {
869 {Py_mod_exec, sha2_exec},
870 {Py_mod_multiple_interpreters, Py_MOD_PER_INTERPRETER_GIL_SUPPORTED},
871 {0, NULL}
872 };
873
874 static struct PyModuleDef _sha2module = {
875 PyModuleDef_HEAD_INIT,
876 .m_name = "_sha2",
877 .m_size = sizeof(sha2_state),
878 .m_methods = SHA2_functions,
879 .m_slots = _sha2_slots,
880 .m_traverse = _sha2_traverse,
881 .m_clear = _sha2_clear,
882 .m_free = _sha2_free
883 };
884
885 PyMODINIT_FUNC
886 PyInit__sha2(void)
887 {
888 return PyModuleDef_Init(&_sha2module);
889 }