Skip to content

gh-135561: ensure that the GIL is held when handling an HACL* error in _hmac #135562

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jun 19, 2025
Merged

gh-135561: ensure that the GIL is held when handling an HACL* error in _hmac #135562

merged 4 commits into from
Jun 19, 2025

Conversation

picnixz
Copy link
Member

@picnixz picnixz commented Jun 16, 2025
edited by bedevere-app bot
Loading

It's a bug that I discovered in #135267 but I'll first patch 3.14 and main.

cc @ZeroIntensity

@picnixz picnixz requested a review from gpshead as a code owner June 16, 2025 13:04
@bedevere-app bedevere-app bot mentioned this pull request Jun 16, 2025
Closed
@picnixz picnixz added the needs backport to 3.14 bugs and security fixes label Jun 16, 2025
@picnixz picnixz mentioned this pull request Jun 16, 2025
Open
ZeroIntensity
ZeroIntensity reviewed Jun 16, 2025
View reviewed changes
vstinner
vstinner reviewed Jun 16, 2025
View reviewed changes
@picnixz
Copy link
Member Author

picnixz commented Jun 16, 2025

I'm leaving in 15 mins, but I hope we can make it for the next beta release (tomorrow). This bug is not really an issue as it should never happen in practice (if it happens, then there is something fundamentally wrong)

@picnixz
Copy link
Member Author

picnixz commented Jun 16, 2025

!buildbot FIPS only

@bedevere-bot
Copy link

🤖 New build scheduled with the buildbot fleet by @picnixz for commit aea6888 🤖

Results will be shown at:

https://buildbot.python.org/all/#/grid?branch=refs%2Fpull%2F135562%2Fmerge

The command will test the builders whose names match following regular expression: FIPS only

The builders matched are:

  • AMD64 RHEL8 FIPS Only Blake2 Builtin Hash PR
  • AMD64 CentOS9 FIPS Only Blake2 Builtin Hash PR

vstinner
vstinner approved these changes Jun 16, 2025
View reviewed changes
Copy link
Member

@vstinner vstinner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@ZeroIntensity: Are you ok with this fix?

ZeroIntensity
ZeroIntensity approved these changes Jun 16, 2025
View reviewed changes
Copy link
Member

@ZeroIntensity ZeroIntensity left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, this looks good to me.

@picnixz @vstinner
Update Modules/hmacmodule.c
718e620 
Co-authored-by: Victor Stinner <[email protected]>
@picnixz picnixz enabled auto-merge (squash) June 19, 2025 17:02
@picnixz picnixz merged commit c765683 into python:main Jun 19, 2025
40 checks passed
@miss-islington-app
Copy link

Thanks @picnixz for the PR 🌮🎉.. I'm working now to backport this PR to: 3.14.
🐍🍒⛏🤖

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Jun 19, 2025
@picnixz @miss-islington
pythongh-135561: ensure that the GIL is held when handling an HACL* e…
62db8bd 
…rror in `_hmac` (pythonGH-135562)

(cherry picked from commit c765683)

Co-authored-by: Bénédikt Tran <[email protected]>
@bedevere-app
Copy link

bedevere-app bot commented Jun 19, 2025

GH-135725 is a backport of this pull request to the 3.14 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.14 bugs and security fixes label Jun 19, 2025
@picnixz picnixz deleted the fix/hmac/gil-135561 branch June 19, 2025 17:29
picnixz added a commit that referenced this pull request Jun 19, 2025
@miss-islington @picnixz
[3.14] gh-135561: ensure that the GIL is held when handling an HACL* …
83e0ab1 
…error in `_hmac` (GH-135562) (#135725)

gh-135561: ensure that the GIL is held when handling an HACL* error in `_hmac` (GH-135562)
(cherry picked from commit c765683)

Co-authored-by: Bénédikt Tran <[email protected]>
lkollar pushed a commit to lkollar/cpython that referenced this pull request Jun 19, 2025
@picnixz @lkollar
pythongh-135561: ensure that the GIL is held when handling an HACL* e…
2695c0d 
…rror in `_hmac` (python#135562)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vstinner vstinner vstinner approved these changes

@ZeroIntensity ZeroIntensity ZeroIntensity approved these changes

@gpshead gpshead Awaiting requested review from gpshead gpshead is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@picnixz @bedevere-bot @vstinner @ZeroIntensity