openstack/keystonemiddleware
Code Issues Proposed changes

Merge "Replace deprecated constant_time_compare"

Browse Source
This commit is contained in:
Zuul 2024-11-18 22:47:55 +00:00 committed by Gerrit Code Review
commit 8f1865e70b
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
keystonemiddleware/auth_token/_memcache_crypt.py
View File

@ -35,7 +35,6 @@ import math
import os
from keystonemiddleware.i18n import _
from oslo_utils import secretutils
try:
from cryptography.hazmat import backends as crypto_backends
@ -203,7 +202,7 @@ def unprotect_data(keys, signed_data):
signed_data[DIGEST_LENGTH_B64:])
# Then verify that it matches the provided value
if not secretutils.constant_time_compare(provided_mac, calculated_mac):
if not hmac.compare_digest(provided_mac, calculated_mac):
raise InvalidMacError(_('Invalid MAC; data appears to be corrupted.'))
data = base64.b64decode(signed_data[DIGEST_LENGTH_B64:])