Skip to content

Commit 1b7470f

Browse files
picnixzpicnixz
authored
gh-133061: do not mention UINT32_MAX in HMAC user-facing messages (#133062)
1 parent cd76eff commit 1b7470f

File tree

1 file changed

+46
-33
lines changed

1 file changed

+46
-33
lines changed

Modules/hmacmodule.c

Lines changed: 46 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -50,8 +50,21 @@
5050

5151
// --- Reusable error messages ------------------------------------------------
5252

53-
#define INVALID_KEY_LENGTH "key length exceeds UINT32_MAX"
54-
#define INVALID_MSG_LENGTH "message length exceeds UINT32_MAX"
53+
static inline void
54+
set_invalid_key_length_error(void)
55+
{
56+
(void)PyErr_Format(PyExc_OverflowError,
57+
"key length exceeds %u",
58+
UINT32_MAX);
59+
}
60+
61+
static inline void
62+
set_invalid_msg_length_error(void)
63+
{
64+
(void)PyErr_Format(PyExc_OverflowError,
65+
"message length exceeds %u",
66+
UINT32_MAX);
67+
}
5568

5669
// --- HMAC underlying hash function static information -----------------------
5770

@@ -760,7 +773,7 @@ hmac_new_initial_state(HMACObject *self, uint8_t *key, Py_ssize_t len)
760773
// not rely on HACL* implementation anymore. As such, we explicitly
761774
// reject keys that do not fit on 32 bits until HACL* handles them.
762775
if (len > UINT32_MAX_AS_SSIZE_T) {
763-
PyErr_SetString(PyExc_OverflowError, INVALID_KEY_LENGTH);
776+
set_invalid_key_length_error();
764777
return -1;
765778
}
766779
#endif
@@ -1249,36 +1262,36 @@ _hmac_compute_digest_impl(PyObject *module, PyObject *key, PyObject *msg,
12491262
* lest an OverflowError is raised. The Python implementation takes care
12501263
* of dispatching to the OpenSSL implementation in this case.
12511264
*/
1252-
#define Py_HMAC_HACL_ONESHOT(HACL_HID, KEY, MSG) \
1253-
do { \
1254-
Py_buffer keyview, msgview; \
1255-
GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \
1256-
if (!has_uint32_t_buffer_length(&keyview)) { \
1257-
PyBuffer_Release(&keyview); \
1258-
PyErr_SetString(PyExc_OverflowError, INVALID_KEY_LENGTH); \
1259-
return NULL; \
1260-
} \
1261-
GET_BUFFER_VIEW_OR_ERROR((MSG), &msgview, \
1262-
PyBuffer_Release(&keyview); \
1263-
return NULL); \
1264-
if (!has_uint32_t_buffer_length(&msgview)) { \
1265-
PyBuffer_Release(&msgview); \
1266-
PyBuffer_Release(&keyview); \
1267-
PyErr_SetString(PyExc_OverflowError, INVALID_MSG_LENGTH); \
1268-
return NULL; \
1269-
} \
1270-
uint8_t out[Py_hmac_## HACL_HID ##_digest_size]; \
1271-
Py_hmac_## HACL_HID ##_compute_func( \
1272-
out, \
1273-
(uint8_t *)keyview.buf, (uint32_t)keyview.len, \
1274-
(uint8_t *)msgview.buf, (uint32_t)msgview.len \
1275-
); \
1276-
PyBuffer_Release(&msgview); \
1277-
PyBuffer_Release(&keyview); \
1278-
return PyBytes_FromStringAndSize( \
1279-
(const char *)out, \
1280-
Py_hmac_## HACL_HID ##_digest_size \
1281-
); \
1265+
#define Py_HMAC_HACL_ONESHOT(HACL_HID, KEY, MSG) \
1266+
do { \
1267+
Py_buffer keyview, msgview; \
1268+
GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \
1269+
if (!has_uint32_t_buffer_length(&keyview)) { \
1270+
PyBuffer_Release(&keyview); \
1271+
set_invalid_key_length_error(); \
1272+
return NULL; \
1273+
} \
1274+
GET_BUFFER_VIEW_OR_ERROR((MSG), &msgview, \
1275+
PyBuffer_Release(&keyview); \
1276+
return NULL); \
1277+
if (!has_uint32_t_buffer_length(&msgview)) { \
1278+
PyBuffer_Release(&msgview); \
1279+
PyBuffer_Release(&keyview); \
1280+
set_invalid_msg_length_error(); \
1281+
return NULL; \
1282+
} \
1283+
uint8_t out[Py_hmac_## HACL_HID ##_digest_size]; \
1284+
Py_hmac_## HACL_HID ##_compute_func( \
1285+
out, \
1286+
(uint8_t *)keyview.buf, (uint32_t)keyview.len, \
1287+
(uint8_t *)msgview.buf, (uint32_t)msgview.len \
1288+
); \
1289+
PyBuffer_Release(&msgview); \
1290+
PyBuffer_Release(&keyview); \
1291+
return PyBytes_FromStringAndSize( \
1292+
(const char *)out, \
1293+
Py_hmac_## HACL_HID ##_digest_size \
1294+
); \
12821295
} while (0)
12831296

12841297
/*[clinic input]

0 commit comments

Comments
 (0)