pythongh-103256: Fix hmac algorithm to support fallback implementation (

pythongh-103286) Co-authored-by: Gregory P. Smith <greg@krypto.org>
vstinner · Apr 7, 2023 · efb0a2c · efb0a2c
1 parent f0424ba
commit efb0a2c
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 1 deletion.
diff --git a/Lib/test/test_hmac.py b/Lib/test/test_hmac.py
@@ -373,6 +373,16 @@ def test_with_digestmod_no_default(self):
         with self.assertRaisesRegex(TypeError, r'required.*digestmod'):
             hmac.HMAC(key, msg=data, digestmod='')
 
+    def test_with_fallback(self):
+        cache = getattr(hashlib, '__builtin_constructor_cache')
+        try:
+            cache['foo'] = hashlib.sha256
+            hexdigest = hmac.digest(b'key', b'message', 'foo').hex()
+            expected = '6e9ef29b75fffc5b7abae527d58fdadb2fe42e7219011976917343065f58ed4a'
+            self.assertEqual(hexdigest, expected)
+        finally:
+            cache.pop('foo')
+
 
 class ConstructorTestCase(unittest.TestCase):
 

diff --git a/Misc/NEWS.d/next/Library/2023-04-06-17-28-36.gh-issue-103256.1syxfs.rst b/Misc/NEWS.d/next/Library/2023-04-06-17-28-36.gh-issue-103256.1syxfs.rst
@@ -0,0 +1,6 @@
+Fixed a bug that caused :mod:`hmac` to raise an exception when the requested
+hash algorithm was not available in OpenSSL despite being available
+separately as part of ``hashlib`` itself.  It now falls back properly to the
+built-in. This could happen when, for example, your OpenSSL does not include
+SHA3 support and you want to compute ``hmac.digest(b'K', b'M',
+'sha3_256')``.
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
@@ -355,7 +355,7 @@ py_digest_by_name(PyObject *module, const char *name, enum Py_hash_type py_ht)
         }
     }
     if (digest == NULL) {
-        _setException(PyExc_ValueError, "unsupported hash type %s", name);
+        _setException(state->unsupported_digestmod_error, "unsupported hash type %s", name);
         return NULL;
     }
     return digest;