openstack/nova
Code Issues Proposed changes

Merge "Use constant_time_compare from oslo.utils"

Browse Source
This commit is contained in:
Jenkins 2016-03-02 18:50:36 +00:00 committed by Gerrit Code Review
commit abc0f8fce2
4 changed files with 3 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nova/api/metadata/handler.py
View File

@ -21,6 +21,7 @@ import os
from oslo_config import cfg
from oslo_log import log as logging
from oslo_utils import secretutils as secutils
import six
import webob.dec
import webob.exc
@ -33,7 +34,6 @@ from nova.i18n import _
from nova.i18n import _LE
from nova.i18n import _LW
from nova.network.neutronv2 import api as neutronapi
from nova import utils
from nova import wsgi
CONF = cfg.CONF
@ -290,7 +290,7 @@ class MetadataRequestHandler(wsgi.Application):
CONF.neutron.metadata_proxy_shared_secret,
requestor_id, hashlib.sha256).hexdigest()
if not utils.constant_time_compare(expected_signature, signature):
if not secutils.constant_time_compare(expected_signature, signature):
if requestor_id:
LOG.warning(_LW('X-Instance-ID-Signature: %(signature)s does '
'not match the expected value: '

2
nova/tests/unit/test_metadata.py
View File

@ -842,7 +842,7 @@ class MetadataHandlerTestCase(test.TestCase):
headers=None)
self.assertEqual(response.status_int, 500)
@mock.patch('nova.utils.constant_time_compare')
@mock.patch('oslo_utils.secretutils.constant_time_compare')
def test_by_instance_id_uses_constant_time_compare(self, mock_compare):
mock_compare.side_effect = test.TestingException

7
nova/tests/unit/test_utils.py
View File

@ -1165,13 +1165,6 @@ class GetImageMetadataFromVolumeTestCase(test.NoDBTestCase):
self.assertNotEqual({}, properties)
class ConstantTimeCompareTestCase(test.NoDBTestCase):
def test_constant_time_compare(self):
self.assertTrue(utils.constant_time_compare("abcd1234", "abcd1234"))
self.assertFalse(utils.constant_time_compare("abcd1234", "a"))
self.assertFalse(utils.constant_time_compare("abcd1234", "ABCD234"))
class ResourceFilterTestCase(test.NoDBTestCase):
def _assert_filtering(self, res_list, filts, expected_tags):
actual_tags = utils.filter_and_format_resource_metadata('instance',

18
nova/utils.py
View File

@ -23,7 +23,6 @@ import datetime
import errno
import functools
import hashlib
import hmac
import inspect
import logging as std_logging
import os
@ -1321,23 +1320,6 @@ def get_hash_str(base_str):
base_str = base_str.encode('utf-8')
return hashlib.md5(base_str).hexdigest()
if hasattr(hmac, 'compare_digest'):
constant_time_compare = hmac.compare_digest
else:
def constant_time_compare(first, second):
"""Returns True if both string inputs are equal, otherwise False.
This function should take a constant amount of time regardless of
how many characters in the strings match.
"""
if len(first) != len(second):
return False
result = 0
for x, y in zip(first, second):
result |= ord(x) ^ ord(y)
return result == 0
def filter_and_format_resource_metadata(resource_type, resource_list,
search_filts, metadata_type=None):