Skip to content

Commit b819ca6

Browse files
encukouencukou
committed
Use a stronger hash in multiprocessing handshake
Adapted from patch by David Malcolm, https://bugs.python.org/issue17258
1 parent f20b01b commit b819ca6

1 file changed

Lines changed: 6 additions & 2 deletions

File tree

Lib/multiprocessing/connection.py

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,10 @@
4242
# A very generous timeout when it comes to local connections...
4343
CONNECTION_TIMEOUT = 20.
4444

45+
# The hmac module implicitly defaults to using MD5.
46+
# Support using a stronger algorithm for the challenge/response code:
47+
HMAC_DIGEST_NAME='sha256'
48+
4549
_mmap_counter = itertools.count()
4650

4751
default_family = 'AF_INET'
@@ -718,7 +722,7 @@ def deliver_challenge(connection, authkey):
718722
assert isinstance(authkey, bytes)
719723
message = os.urandom(MESSAGE_LENGTH)
720724
connection.send_bytes(CHALLENGE + message)
721-
digest = hmac.new(authkey, message, 'md5').digest()
725+
digest = hmac.new(authkey, message, HMAC_DIGEST_NAME).digest()
722726
response = connection.recv_bytes(256) # reject large message
723727
if response == digest:
724728
connection.send_bytes(WELCOME)
@@ -732,7 +736,7 @@ def answer_challenge(connection, authkey):
732736
message = connection.recv_bytes(256) # reject large message
733737
assert message[:len(CHALLENGE)] == CHALLENGE, 'message = %r' % message
734738
message = message[len(CHALLENGE):]
735-
digest = hmac.new(authkey, message, 'md5').digest()
739+
digest = hmac.new(authkey, message, HMAC_DIGEST_NAME).digest()
736740
connection.send_bytes(digest)
737741
response = connection.recv_bytes(256) # reject large message
738742
if response != WELCOME:

0 commit comments

Comments
 (0)