gh-146287: use signed type for HMAC digest size to prevent unsigned wrapping

gpshead · gpshead · commit 25254800fe94 · 2026-04-11T22:41:41.000Z
Change _hashlib_hmac_digest_size() return type from unsigned int to int
so that a hypothetical negative return from EVP_MD_size() is not
silently wrapped to a large positive value. Add an explicit check for
negative digest_size in the legacy OpenSSL path, and use SystemError
(not ValueError) since these conditions indicate internal invariant
violations. Also add debug-build asserts to EVP_get_block_size and
EVP_get_digest_size documenting that the hash context is always
initialized.
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
@@ -1006,6 +1006,7 @@ _hashlib_HASH_get_blocksize(PyObject *op, void *Py_UNUSED(closure))
 {
     HASHobject *self = HASHobject_CAST(op);
     long block_size = EVP_MD_CTX_block_size(self->ctx);
+    assert(block_size > 0);
     return PyLong_FromLong(block_size);
 }
 
@@ -1014,6 +1015,7 @@ _hashlib_HASH_get_digestsize(PyObject *op, void *Py_UNUSED(closure))
 {
     HASHobject *self = HASHobject_CAST(op);
     long size = EVP_MD_CTX_size(self->ctx);
+    assert(size > 0);
     return PyLong_FromLong(size);
 }
 
@@ -2200,7 +2202,7 @@ _hashlib_hmac_new_impl(PyObject *module, Py_buffer *key, PyObject *msg_obj,
  *
  * On error, set an exception and return BAD_DIGEST_SIZE.
  */
-static unsigned int
+static int
 _hashlib_hmac_digest_size(HMACobject *self)
 {
     assert(EVP_MAX_MD_SIZE < INT_MAX);
@@ -2215,15 +2217,19 @@ _hashlib_hmac_digest_size(HMACobject *self)
     }
     int digest_size = EVP_MD_size(md);
     /* digest_size < 0 iff EVP_MD context is NULL (which is impossible here) */
-    assert(digest_size >= 0);
+    assert(digest_size > 0);
     assert(digest_size <= (int)EVP_MAX_MD_SIZE);
+    if (digest_size < 0) {
+        raise_ssl_error(PyExc_SystemError, "invalid digest size");
+        return BAD_DIGEST_SIZE;
+    }
 #endif
     /* digest_size == 0 means that the context is not entirely initialized */
     if (digest_size == 0) {
-        raise_ssl_error(PyExc_ValueError, "missing digest size");
+        raise_ssl_error(PyExc_SystemError, "missing digest size");
         return BAD_DIGEST_SIZE;
     }
-    return (unsigned int)digest_size;
+    return (int)digest_size;
 }
 
 static int
@@ -2321,7 +2327,7 @@ _hashlib_HMAC_update_impl(HMACobject *self, PyObject *msg)
 static Py_ssize_t
 _hmac_digest(HMACobject *self, unsigned char *buf)
 {
-    unsigned int digest_size = _hashlib_hmac_digest_size(self);
+    int digest_size = _hashlib_hmac_digest_size(self);
     assert(digest_size <= EVP_MAX_MD_SIZE);
     if (digest_size == BAD_DIGEST_SIZE) {
         assert(PyErr_Occurred());
@@ -2386,7 +2392,7 @@ static PyObject *
 _hashlib_hmac_get_digest_size(PyObject *op, void *Py_UNUSED(closure))
 {
     HMACobject *self = HMACobject_CAST(op);
-    unsigned int size = _hashlib_hmac_digest_size(self);
+    int size = _hashlib_hmac_digest_size(self);
     return size == BAD_DIGEST_SIZE ? NULL : PyLong_FromLong(size);
 }
 

Original file line number	Diff line number	Diff line change
`@@ -1006,6 +1006,7 @@ _hashlib_HASH_get_blocksize(PyObject op, void Py_UNUSED(closure))`
`1006`	`1006`	`{`
`1007`	`1007`	`HASHobject *self = HASHobject_CAST(op);`
`1008`	`1008`	`long block_size = EVP_MD_CTX_block_size(self->ctx);`
	`1009`	`+ assert(block_size > 0);`
`1009`	`1010`	`return PyLong_FromLong(block_size);`
`1010`	`1011`	`}`
`1011`	`1012`
`@@ -1014,6 +1015,7 @@ _hashlib_HASH_get_digestsize(PyObject op, void Py_UNUSED(closure))`
`1014`	`1015`	`{`
`1015`	`1016`	`HASHobject *self = HASHobject_CAST(op);`
`1016`	`1017`	`long size = EVP_MD_CTX_size(self->ctx);`
	`1018`	`+ assert(size > 0);`
`1017`	`1019`	`return PyLong_FromLong(size);`
`1018`	`1020`	`}`
`1019`	`1021`
`@@ -2200,7 +2202,7 @@ _hashlib_hmac_new_impl(PyObject module, Py_buffer key, PyObject *msg_obj,`
`2200`	`2202`	`*`
`2201`	`2203`	`* On error, set an exception and return BAD_DIGEST_SIZE.`
`2202`	`2204`	`*/`
`2203`		`-static unsigned int`
	`2205`	`+static int`
`2204`	`2206`	`_hashlib_hmac_digest_size(HMACobject *self)`
`2205`	`2207`	`{`
`2206`	`2208`	`assert(EVP_MAX_MD_SIZE < INT_MAX);`
`@@ -2215,15 +2217,19 @@ _hashlib_hmac_digest_size(HMACobject *self)`
`2215`	`2217`	`}`
`2216`	`2218`	`int digest_size = EVP_MD_size(md);`
`2217`	`2219`	`/* digest_size < 0 iff EVP_MD context is NULL (which is impossible here) */`
`2218`		`- assert(digest_size >= 0);`
	`2220`	`+ assert(digest_size > 0);`
`2219`	`2221`	`assert(digest_size <= (int)EVP_MAX_MD_SIZE);`
	`2222`	`+ if (digest_size < 0) {`
	`2223`	`+ raise_ssl_error(PyExc_SystemError, "invalid digest size");`
	`2224`	`+ return BAD_DIGEST_SIZE;`
	`2225`	`+ }`
`2220`	`2226`	`#endif`
`2221`	`2227`	`/* digest_size == 0 means that the context is not entirely initialized */`
`2222`	`2228`	`if (digest_size == 0) {`
`2223`		`- raise_ssl_error(PyExc_ValueError, "missing digest size");`
	`2229`	`+ raise_ssl_error(PyExc_SystemError, "missing digest size");`
`2224`	`2230`	`return BAD_DIGEST_SIZE;`
`2225`	`2231`	`}`
`2226`		`- return (unsigned int)digest_size;`
	`2232`	`+ return (int)digest_size;`
`2227`	`2233`	`}`
`2228`	`2234`
`2229`	`2235`	`static int`
`@@ -2321,7 +2327,7 @@ _hashlib_HMAC_update_impl(HMACobject self, PyObject msg)`
`2321`	`2327`	`static Py_ssize_t`
`2322`	`2328`	`_hmac_digest(HMACobject self, unsigned char buf)`
`2323`	`2329`	`{`
`2324`		`- unsigned int digest_size = _hashlib_hmac_digest_size(self);`
	`2330`	`+ int digest_size = _hashlib_hmac_digest_size(self);`
`2325`	`2331`	`assert(digest_size <= EVP_MAX_MD_SIZE);`
`2326`	`2332`	`if (digest_size == BAD_DIGEST_SIZE) {`
`2327`	`2333`	`assert(PyErr_Occurred());`
`@@ -2386,7 +2392,7 @@ static PyObject *`
`2386`	`2392`	`_hashlib_hmac_get_digest_size(PyObject op, void Py_UNUSED(closure))`
`2387`	`2393`	`{`
`2388`	`2394`	`HMACobject *self = HMACobject_CAST(op);`
`2389`		`- unsigned int size = _hashlib_hmac_digest_size(self);`
	`2395`	`+ int size = _hashlib_hmac_digest_size(self);`
`2390`	`2396`	`return size == BAD_DIGEST_SIZE ? NULL : PyLong_FromLong(size);`
`2391`	`2397`	`}`
`2392`	`2398`