Skip to content

Improve _hashlib exception reporting when an OpenSSL error occurred #135234

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
picnixz opened this issue Jun 7, 2025 · 0 comments
Closed

Improve _hashlib exception reporting when an OpenSSL error occurred #135234

picnixz opened this issue Jun 7, 2025 · 0 comments
Assignees
@picnixz
Labels
extension-modules C modules in the Modules dir type-feature A feature request or enhancement

Comments

@picnixz
Copy link
Member

picnixz commented Jun 7, 2025
edited by bedevere-app bot
Loading

OpenSSL memory allocation failures

When an OpenSSL error occurs, we usually raise a ValueError. However, failures may be related to malloc(), in which case we should raise a MemoryError as we usually do. I have a PR ready for this.

Incorrect usage of get_openssl_evp_md_by_utf8name()

In get_openssl_evp_md_by_utf8name, when we pass an incorrect Py_hash_type or a digest that we cannot find, we raise:

    raise_ssl_error(state->unsupported_digestmod_error,
                    "unsupported hash type %s", name);

The "unsupported hash type %s" message only happens if no SSL error occurred during the execution, and this only happens if we pass an incorrect Py_hash_type, which also only happens "internally". So we should correctly report that the issue is with the Py_hash_type argument, not with the named argument.

Note: The raise_ssl_error function is a function that raises an automatically formatted message if there is an OpenSSL error or raises the "alternative" error message. But in this case, we should probably separate the exception and raise an SystemError / Py_UNREACHABLE() if we pass a wrong Py_hash_type (strictly speaking, it shouldn't be possible because the compiler would have complained if we pass an arbitrary integer as Py_hash_type is an enum).

Has this already been discussed elsewhere?

This is a minor feature, which does not need previous discussion elsewhere

Links to previous discussion of this feature:

This is related to the work I did in #134531.

Linked PRs
@picnixz picnixz added the type-feature A feature request or enhancement label Jun 7, 2025
@picnixz picnixz self-assigned this Jun 7, 2025
@picnixz picnixz added the extension-modules C modules in the Modules dir label Jun 7, 2025
@picnixz picnixz mentioned this issue Jun 7, 2025
Open
@picnixz picnixz changed the title Raise MemoryError instead of ValueError when OpenSSL malloc() failed Improve _hashlib exception reporting when an OpenSSL error occurred Jun 7, 2025
@bedevere-app bedevere-app bot mentioned this issue Jun 8, 2025
Merged
picnixz added a commit that referenced this issue Jun 9, 2025
@picnixz
gh-135234: improve _hashlib exceptions when reporting an OpenSSL fu…
83b94e8 
…nction failure (#135250)

- Refactor `get_openssl_evp_md_by_utf8name` error branches.
- Refactor `HASH.{digest,hexdigest}` computations.
- Refactor `_hashlib_HASH_copy_locked` and `locked_HMAC_CTX_copy`.
@picnixz picnixz closed this as completed Jun 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@picnixz picnixz

Labels
extension-modules C modules in the Modules dir type-feature A feature request or enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@picnixz