From: Bénédikt Tran <10796600+picnixz@users.noreply.github.com> Date: Sun, 27 Apr 2025 23:14:12 +0000 (+0200) Subject: gh-133061: do not mention `UINT32_MAX` in HMAC user-facing messages (#133062) X-Git-Tag: v3.14.0b1~248 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1b7470f8cbff4bb9e58edd940a997a3647e285e4;p=thirdparty%2FPython%2Fcpython.git gh-133061: do not mention `UINT32_MAX` in HMAC user-facing messages (#133062) --- diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 76079a767942..c7b49d4dee3d 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -50,8 +50,21 @@ // --- Reusable error messages ------------------------------------------------ -#define INVALID_KEY_LENGTH "key length exceeds UINT32_MAX" -#define INVALID_MSG_LENGTH "message length exceeds UINT32_MAX" +static inline void +set_invalid_key_length_error(void) +{ + (void)PyErr_Format(PyExc_OverflowError, + "key length exceeds %u", + UINT32_MAX); +} + +static inline void +set_invalid_msg_length_error(void) +{ + (void)PyErr_Format(PyExc_OverflowError, + "message length exceeds %u", + UINT32_MAX); +} // --- HMAC underlying hash function static information ----------------------- @@ -760,7 +773,7 @@ hmac_new_initial_state(HMACObject *self, uint8_t *key, Py_ssize_t len) // not rely on HACL* implementation anymore. As such, we explicitly // reject keys that do not fit on 32 bits until HACL* handles them. if (len > UINT32_MAX_AS_SSIZE_T) { - PyErr_SetString(PyExc_OverflowError, INVALID_KEY_LENGTH); + set_invalid_key_length_error(); return -1; } #endif @@ -1249,36 +1262,36 @@ _hmac_compute_digest_impl(PyObject *module, PyObject *key, PyObject *msg, * lest an OverflowError is raised. The Python implementation takes care * of dispatching to the OpenSSL implementation in this case. */ -#define Py_HMAC_HACL_ONESHOT(HACL_HID, KEY, MSG) \ - do { \ - Py_buffer keyview, msgview; \ - GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \ - if (!has_uint32_t_buffer_length(&keyview)) { \ - PyBuffer_Release(&keyview); \ - PyErr_SetString(PyExc_OverflowError, INVALID_KEY_LENGTH); \ - return NULL; \ - } \ - GET_BUFFER_VIEW_OR_ERROR((MSG), &msgview, \ - PyBuffer_Release(&keyview); \ - return NULL); \ - if (!has_uint32_t_buffer_length(&msgview)) { \ - PyBuffer_Release(&msgview); \ - PyBuffer_Release(&keyview); \ - PyErr_SetString(PyExc_OverflowError, INVALID_MSG_LENGTH); \ - return NULL; \ - } \ - uint8_t out[Py_hmac_## HACL_HID ##_digest_size]; \ - Py_hmac_## HACL_HID ##_compute_func( \ - out, \ - (uint8_t *)keyview.buf, (uint32_t)keyview.len, \ - (uint8_t *)msgview.buf, (uint32_t)msgview.len \ - ); \ - PyBuffer_Release(&msgview); \ - PyBuffer_Release(&keyview); \ - return PyBytes_FromStringAndSize( \ - (const char *)out, \ - Py_hmac_## HACL_HID ##_digest_size \ - ); \ +#define Py_HMAC_HACL_ONESHOT(HACL_HID, KEY, MSG) \ + do { \ + Py_buffer keyview, msgview; \ + GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \ + if (!has_uint32_t_buffer_length(&keyview)) { \ + PyBuffer_Release(&keyview); \ + set_invalid_key_length_error(); \ + return NULL; \ + } \ + GET_BUFFER_VIEW_OR_ERROR((MSG), &msgview, \ + PyBuffer_Release(&keyview); \ + return NULL); \ + if (!has_uint32_t_buffer_length(&msgview)) { \ + PyBuffer_Release(&msgview); \ + PyBuffer_Release(&keyview); \ + set_invalid_msg_length_error(); \ + return NULL; \ + } \ + uint8_t out[Py_hmac_## HACL_HID ##_digest_size]; \ + Py_hmac_## HACL_HID ##_compute_func( \ + out, \ + (uint8_t *)keyview.buf, (uint32_t)keyview.len, \ + (uint8_t *)msgview.buf, (uint32_t)msgview.len \ + ); \ + PyBuffer_Release(&msgview); \ + PyBuffer_Release(&keyview); \ + return PyBytes_FromStringAndSize( \ + (const char *)out, \ + Py_hmac_## HACL_HID ##_digest_size \ + ); \ } while (0) /*[clinic input]