Skip to content

gh-133061: do not mention UINT32_MAX in HMAC user-facing messages #133062

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Apr 27, 2025
Merged

gh-133061: do not mention UINT32_MAX in HMAC user-facing messages #133062

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
79 changes: 46 additions & 33 deletions Modules/hmacmodule.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,21 @@

// --- Reusable error messages ------------------------------------------------

#define INVALID_KEY_LENGTH "key length exceeds UINT32_MAX"
#define INVALID_MSG_LENGTH "message length exceeds UINT32_MAX"
static inline void
set_invalid_key_length_error(void)
{
(void)PyErr_Format(PyExc_OverflowError,
"key length exceeds %u",
UINT32_MAX);
}

static inline void
set_invalid_msg_length_error(void)
{
(void)PyErr_Format(PyExc_OverflowError,
"message length exceeds %u",
UINT32_MAX);
}

// --- HMAC underlying hash function static information -----------------------

Expand Down Expand Up @@ -760,7 +773,7 @@ hmac_new_initial_state(HMACObject *self, uint8_t *key, Py_ssize_t len)
// not rely on HACL* implementation anymore. As such, we explicitly
// reject keys that do not fit on 32 bits until HACL* handles them.
if (len > UINT32_MAX_AS_SSIZE_T) {
PyErr_SetString(PyExc_OverflowError, INVALID_KEY_LENGTH);
set_invalid_key_length_error();
return -1;
}
#endif
Expand Down Expand Up @@ -1249,36 +1262,36 @@ _hmac_compute_digest_impl(PyObject *module, PyObject *key, PyObject *msg,
* lest an OverflowError is raised. The Python implementation takes care
* of dispatching to the OpenSSL implementation in this case.
*/
#define Py_HMAC_HACL_ONESHOT(HACL_HID, KEY, MSG) \
do { \
Py_buffer keyview, msgview; \
GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \
if (!has_uint32_t_buffer_length(&keyview)) { \
PyBuffer_Release(&keyview); \
PyErr_SetString(PyExc_OverflowError, INVALID_KEY_LENGTH); \
return NULL; \
} \
GET_BUFFER_VIEW_OR_ERROR((MSG), &msgview, \
PyBuffer_Release(&keyview); \
return NULL); \
if (!has_uint32_t_buffer_length(&msgview)) { \
PyBuffer_Release(&msgview); \
PyBuffer_Release(&keyview); \
PyErr_SetString(PyExc_OverflowError, INVALID_MSG_LENGTH); \
return NULL; \
} \
uint8_t out[Py_hmac_## HACL_HID ##_digest_size]; \
Py_hmac_## HACL_HID ##_compute_func( \
out, \
(uint8_t *)keyview.buf, (uint32_t)keyview.len, \
(uint8_t *)msgview.buf, (uint32_t)msgview.len \
); \
PyBuffer_Release(&msgview); \
PyBuffer_Release(&keyview); \
return PyBytes_FromStringAndSize( \
(const char *)out, \
Py_hmac_## HACL_HID ##_digest_size \
); \
#define Py_HMAC_HACL_ONESHOT(HACL_HID, KEY, MSG) \
do { \
Py_buffer keyview, msgview; \
GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \
if (!has_uint32_t_buffer_length(&keyview)) { \
PyBuffer_Release(&keyview); \
set_invalid_key_length_error(); \
return NULL; \
} \
GET_BUFFER_VIEW_OR_ERROR((MSG), &msgview, \
PyBuffer_Release(&keyview); \
return NULL); \
if (!has_uint32_t_buffer_length(&msgview)) { \
PyBuffer_Release(&msgview); \
PyBuffer_Release(&keyview); \
set_invalid_msg_length_error(); \
return NULL; \
} \
uint8_t out[Py_hmac_## HACL_HID ##_digest_size]; \
Py_hmac_## HACL_HID ##_compute_func( \
out, \
(uint8_t *)keyview.buf, (uint32_t)keyview.len, \
(uint8_t *)msgview.buf, (uint32_t)msgview.len \
); \
PyBuffer_Release(&msgview); \
PyBuffer_Release(&keyview); \
return PyBytes_FromStringAndSize( \
(const char *)out, \
Py_hmac_## HACL_HID ##_digest_size \
); \
} while (0)

/*[clinic input]
Expand Down
Loading