Memory leak in `hmac` module with HACL* backend detected by AddressSanitizer

[ashm-dev]

Bug report

Bug Description:

A memory leak has been detected in the hmac module when running test_hmac. The issue appears to be specific to the Hacl_Streaming_HMAC implementation, as indicated by the stack traces from the AddressSanitizer (ASan) report. The leaks occur within functions responsible for HMAC digest computation (_Py_LibHacl_Hacl_Streaming_HMAC_digest, hmac_digest_compute_locked), suggesting that memory allocated during these operations is not being properly deallocated.

Steps to Reproduce:

1. Configure the build with the following flags to enable debugging and AddressSanitizer:

   CC=clang CXX=clang++ \
   ./configure \
   --disable-optimizations \
   --with-valgrind \
   --with-pydebug \
   --enable-pystats \
   --with-address-sanitizer

2. Build CPython:

   make -j$(nproc)

3. Run the hmac test suite:

   ./python -m test test_hmac

System Information:

• OS: Ubuntu 25.04 (Plucky Puffin)
• Kernel: Linux huawei 6.14.0-33-generic #33-Ubuntu SMP PREEMPT_DYNAMIC Wed Sep 17 23:22:02 UTC 2025 x86_64
• Clang Version: Ubuntu clang version 20.1.2 (0ubuntu1)

ASan Leak Report:

test.log

CPython versions tested on:

CPython main branch

Operating systems tested on:

Linux

Linked PRs

• gh-140120: Fix memory leak in HMAC digest #140124
• gh-140120: Refresh HACL* #140188
• [3.14] gh-140120: Refresh HACL* to fix an hmac memory leak (GH-140188) #140192

[gpshead]

patch from upstream hacl* needed - #140124 (comment)

[protz]

Thanks for the heads-up. Is there any more precise information as to where the issue occurs? Do we know which allocation is not freed?

CC @R1kM

[protz]

Oh I see the patch is in https://github.com/python/cpython/pull/140124/files -- let me look into this.

[protz]

hacl-star/hacl-star#1064 has been merged so the next refresh of HACL* will have the fix. Thanks for reporting!

[ashm-dev]

I checked, there are no more leaks, thank you!