rpms / python

Clone
Source Code
GIT

Blame SOURCES/00169-avoid-implicit-usage-of-md5-in-multiprocessing.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c7-ppc64le c7-sig-altarch-armhfp
  1.   c7
  2.   SOURCES
  3.   00169-avoid-implicit-usage-of-md5-in-multiprocessing.patch
Blob History Raw
6e8c2f 
diff --git a/Lib/multiprocessing/connection.py b/Lib/multiprocessing/connection.py
6e8c2f 
--- a/Lib/multiprocessing/connection.py
6e8c2f 
+++ b/Lib/multiprocessing/connection.py
6e8c2f 
@@ -41,6 +41,10 @@
6e8c2f 
 # A very generous timeout when it comes to local connections...
6e8c2f 
 CONNECTION_TIMEOUT = 20.
6e8c2f
6e8c2f 
+# The hmac module implicitly defaults to using MD5.
6e8c2f 
+# Support using a stronger algorithm for the challenge/response code:
6e8c2f 
+HMAC_DIGEST_NAME='sha256'
6e8c2f 
+
6e8c2f 
 _mmap_counter = itertools.count()
6e8c2f
6e8c2f 
 default_family = 'AF_INET'
6e8c2f 
@@ -700,12 +704,16 @@
6e8c2f 
 WELCOME = b'#WELCOME#'
6e8c2f 
 FAILURE = b'#FAILURE#'
6e8c2f
6e8c2f 
+def get_digestmod_for_hmac():
6e8c2f 
+    import hashlib
6e8c2f 
+    return getattr(hashlib, HMAC_DIGEST_NAME)
6e8c2f 
+
6e8c2f 
 def deliver_challenge(connection, authkey):
6e8c2f 
     import hmac
6e8c2f 
     assert isinstance(authkey, bytes)
6e8c2f 
     message = os.urandom(MESSAGE_LENGTH)
6e8c2f 
     connection.send_bytes(CHALLENGE + message)
6e8c2f 
-    digest = hmac.new(authkey, message).digest()
6e8c2f 
+    digest = hmac.new(authkey, message, get_digestmod_for_hmac()).digest()
6e8c2f 
     response = connection.recv_bytes(256)        # reject large message
6e8c2f 
     if response == digest:
6e8c2f 
         connection.send_bytes(WELCOME)
6e8c2f 
@@ -719,7 +727,7 @@
6e8c2f 
     message = connection.recv_bytes(256)         # reject large message
6e8c2f 
     assert message[:len(CHALLENGE)] == CHALLENGE, 'message = %r' % message
6e8c2f 
     message = message[len(CHALLENGE):]
6e8c2f 
-    digest = hmac.new(authkey, message).digest()
6e8c2f 
+    digest = hmac.new(authkey, message, get_digestmod_for_hmac()).digest()
6e8c2f 
     connection.send_bytes(digest)
6e8c2f 
     response = connection.recv_bytes(256)        # reject large message
6e8c2f 
     if response != WELCOME:

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation