fix how large messages and keys are rejected by HMAC

Author: picnixz

Lib/hmac.py

@@ -241,13 +241,20 @@ def digest(key, msg, digest):
     if _hashopenssl and isinstance(digest, (str, _functype)):
         try:
             return _hashopenssl.hmac_digest(key, msg, digest)
+        except OverflowError as exc:
+            if not isinstance(digest, str):
+                # Without re-raising now, slow HMAC will be used as
+                # HACL* HMAC only identifies digests by their name.
+                raise exc
         except _hashopenssl.UnsupportedDigestmodError:
             pass
 
     if _hmac and isinstance(digest, str):
         try:
+            # The following call may raise an OverflowError
+            # but we do not want to fallback to slow HMAC.
             return _hmac.compute_digest(key, msg, digest)
-        except (OverflowError, _hmac.UnknownHashError):
+        except _hmac.UnknownHashError:
             pass
 
     return _compute_digest_fallback(key, msg, digest)

Lib/test/test_hmac.py

@@ -21,20 +21,21 @@
 import hmac
 import hashlib
 import random
-import test.support.hashlib_helper as hashlib_helper
 import types
 import unittest
 import unittest.mock as mock
 import warnings
 from _operator import _compare_digest as operator_compare_digest
+from test.support import _4G, bigmemtest
 from test.support import check_disallow_instantiation
+from test.support import hashlib_helper, import_helper
 from test.support.hashlib_helper import (
     BuiltinHashFunctionsTrait,
     HashFunctionsTrait,
     NamedHashFunctionsTrait,
     OpenSSLHashFunctionsTrait,
 )
-from test.support.import_helper import import_fresh_module, import_module
+from test.support.import_helper import import_fresh_module
 
 try:
     import _hashlib
@@ -949,7 +950,11 @@ class PyConstructorTestCase(ThroughObjectMixin, PyConstructorBaseMixin,
 
 class PyModuleConstructorTestCase(ThroughModuleAPIMixin, PyConstructorBaseMixin,
                                   unittest.TestCase):
-    """Test the hmac.new() and hmac.digest() functions."""
+    """Test the hmac.new() and hmac.digest() functions.
+
+    Note that "self.hmac" is imported by blocking "_hashlib" and "_hmac".
+    For testing functions in "hmac", extend PyMiscellaneousTests instead.
+    """
 
     def test_hmac_digest_digestmod_parameter(self):
         func = self.hmac_digest
@@ -1499,6 +1504,49 @@ def test_with_fallback(self):
         finally:
             cache.pop('foo')
 
+    @bigmemtest(size=_4G, memuse=2, dry_run=False)
+    def test_hmac_digest_overflow_error_no_openssl(self, size):
+        hmac = import_fresh_module("hmac", blocked=["_hashlib"])
+
+        UINT32_MAX = (1 << 32) - 1
+        self.assertEqual(UINT32_MAX, size - 1)
+        bigkey = b'K' * UINT32_MAX
+        bigmsg = b'M' * UINT32_MAX
+
+        with unittest.mock.patch.object(hmac, "_compute_digest_fallback") as f:
+            self.assertRaises(OverflowError, hmac.digest, bigkey, b'm', "md5")
+            self.assertRaises(OverflowError, hmac.digest, b'k', bigmsg, "md5")
+        f.assert_not_called()
+
+    @bigmemtest(size=_4G, memuse=2, dry_run=False)
+    def test_hmac_digest_overflow_error_no_builtin(self, size):
+        capi = import_helper.import_module("_testcapi")
+        hmac = import_fresh_module("hmac", blocked=["_hmac"])
+
+        INT_MAX = capi.INT_MAX
+        self.assertLessEqual(INT_MAX, size)
+        bigkey = b'K' * INT_MAX
+        bigmsg = b'M' * INT_MAX
+
+        with unittest.mock.patch.object(hmac, "_compute_digest_fallback") as f:
+            self.assertRaises(OverflowError, hmac.digest, bigkey, b'm', "md5")
+            self.assertRaises(OverflowError, hmac.digest, b'k', bigmsg, "md5")
+        f.assert_not_called()
+
+    @bigmemtest(size=_4G, memuse=2, dry_run=False)
+    def test_hmac_digest_overflow_error_no_openssl_no_builtin(self, size):
+        hmac = import_fresh_module("hmac", blocked=["_hashlib", "_hmac"])
+
+        bigkey = b'K' * size
+        bigmsg = b'M' * size
+
+        with unittest.mock.patch.object(hmac, "_compute_digest_fallback") as f:
+            hmac.digest(bigkey, b'm', "md5")
+        f.assert_called_once()
+        with unittest.mock.patch.object(hmac, "_compute_digest_fallback") as f:
+            hmac.digest(b'k', bigmsg, "md5")
+        f.assert_called_once()
+
 
 class BuiltinMiscellaneousTests(BuiltinModuleMixin, unittest.TestCase):
     """HMAC-BLAKE2 is not standardized as BLAKE2 is a keyed hash function.
@@ -1511,7 +1559,7 @@ class BuiltinMiscellaneousTests(BuiltinModuleMixin, unittest.TestCase):
     @classmethod
     def setUpClass(cls):
         super().setUpClass()
-        cls.blake2 = import_module("_blake2")
+        cls.blake2 = import_helper.import_module("_blake2")
         cls.blake2b = cls.blake2.blake2b
         cls.blake2s = cls.blake2.blake2s
 

Misc/NEWS.d/next/Library/2025-07-21-11-56-47.gh-issue-136912.zWosAL.rst

@@ -0,0 +1,3 @@
+:func:`hmac.digest` now properly rejects keys and messages whose length
+exceeds its capabililties. The exact limit is implementation-defined. Patch
+by Bénédikt Tran.