python/patches/00169-avoid-implicit-usage-of-md5-in-multiprocessing.patch

   1 diff --git a/Lib/multiprocessing/connection.py b/Lib/multiprocessing/connection.py
   2 --- a/Lib/multiprocessing/connection.py
   3 +++ b/Lib/multiprocessing/connection.py
   4 @@ -41,6 +41,10 @@
   5  # A very generous timeout when it comes to local connections...
   6  CONNECTION_TIMEOUT = 20.
   7
   8 +# The hmac module implicitly defaults to using MD5.
   9 +# Support using a stronger algorithm for the challenge/response code:
  10 +HMAC_DIGEST_NAME='sha256'
  11 +
  12  _mmap_counter = itertools.count()
  13
  14  default_family = 'AF_INET'
  15 @@ -700,12 +704,16 @@
  16  WELCOME = b'#WELCOME#'
  17  FAILURE = b'#FAILURE#'
  18
  19 +def get_digestmod_for_hmac():
  20 +    import hashlib
  21 +    return getattr(hashlib, HMAC_DIGEST_NAME)
  22 +
  23  def deliver_challenge(connection, authkey):
  24      import hmac
  25      assert isinstance(authkey, bytes)
  26      message = os.urandom(MESSAGE_LENGTH)
  27      connection.send_bytes(CHALLENGE + message)
  28 -    digest = hmac.new(authkey, message).digest()
  29 +    digest = hmac.new(authkey, message, get_digestmod_for_hmac()).digest()
  30      response = connection.recv_bytes(256)        # reject large message
  31      if response == digest:
  32          connection.send_bytes(WELCOME)
  33 @@ -719,7 +727,7 @@
  34      message = connection.recv_bytes(256)         # reject large message
  35      assert message[:len(CHALLENGE)] == CHALLENGE, 'message = %r' % message
  36      message = message[len(CHALLENGE):]
  37 -    digest = hmac.new(authkey, message).digest()
  38 +    digest = hmac.new(authkey, message, get_digestmod_for_hmac()).digest()
  39      connection.send_bytes(digest)
  40      response = connection.recv_bytes(256)        # reject large message
  41      if response != WELCOME: