[issue1385] hmac module violates RFC for some hash functions, e.g. sha512

[Joachim Wagner]

New submission from Joachim Wagner:

(First time submitting a patch to this system.)
The hmac module uses a fixed blocksize of 64 bytes. This is fine for 
many hash functions like md5, sha1 and sha256, but not for sha512 or 
in the general case. The RFC referenced in the python documentation 
specifies that the blocksize has to match the hash function. The 
attached patch is the first of three proposed solutions:

1. use the undocumented block_size attribute of the hashing objects 
provided in the hashlib modules and fallback to 64 bytes if the 
attribute is missing (maybe a depreciated warning would be better); in 
this case it would be a good idea to document to block_size attribute 
(not included in the patch attached); performance could be improved by 
making block_size a class attribute

2. document that the blocksize is 64 and that the RFC is only 
correctly implemented if the hash function also has a blocksize of 64 
bytes; optionally include the workaround to subclass hmac.HMAC and 
overwrite the blocksize (this is documented in the source code, but 
unfortunately not in the python docu)

3. make the blocksize a keyword argument to the constructor and 
document that it has to match the hash function's blocksize for full 
RFC compliance

Regards,
Joachim

----------
components: None
files: hmac_1.patch
messages: 57106
nosy: jowagner
severity: normal
status: open
title: hmac module violates RFC for some hash functions, e.g. sha512
type: behavior
versions: Python 3.0
Added file: http://bugs.python.org/file8689/hmac_1.patch

__________________________________
Tracker <report at bugs.python.org>
<http://bugs.python.org/issue1385>
__________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hmac_1.patch
Type: text/x-diff
Size: 652 bytes
Desc: not available
Url : http://mail.python.org/pipermail/python-bugs-list/attachments/20071104/d0875516/attachment.patch