mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-04 17:08:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

Remove python fallback for compare_digest.

Browse source 
See https://mail.python.org/pipermail/python-dev/2016-April/144198.html
https://mail.python.org/pipermail/python-dev/2016-April/144203.html
This commit is contained in:
Steven D'Aprano 2016-04-16 04:33:55 +10:00
parent d48a202fb6
commit 6dda1b14af
1 changed files with 1 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

33
Lib/secrets.py
View file

@ -91,38 +91,7 @@ import base64
import binascii
import os
try:
from hmac import compare_digest
except ImportError:
# Python version is too old. Fall back to a pure-Python version.
import operator
from functools import reduce
def compare_digest(a, b):
"""Return ``a == b`` using an approach resistant to timing analysis.
a and b must both be of the same type: either both text strings,
or both byte strings.
Note: If a and b are of different lengths, or if an error occurs,
a timing attack could theoretically reveal information about the
types and lengths of a and b, but not their values.
"""
# For a similar approach, see
# http://codahale.com/a-lesson-in-timing-attacks/
for T in (bytes, str):
if isinstance(a, T) and isinstance(b, T):
break
else: # for...else
raise TypeError("arguments must be both strings or both bytes")
if len(a) != len(b):
return False
# Thanks to Raymond Hettinger for this one-liner.
return reduce(operator.and_, map(operator.eq, a, b), True)
from hmac import compare_digest
from random import SystemRandom
_sysrand = SystemRandom()