1 diff --git a/Lib/multiprocessing/connection.py b/Lib/multiprocessing/connection.py
2 --- a/Lib/multiprocessing/connection.py
3 +++ b/Lib/multiprocessing/connection.py
5 # A very generous timeout when it comes to local connections...
6 CONNECTION_TIMEOUT = 20.
8 +# The hmac module implicitly defaults to using MD5.
9 +# Support using a stronger algorithm for the challenge/response code:
10 +HMAC_DIGEST_NAME='sha256'
12 _mmap_counter = itertools.count()
14 default_family = 'AF_INET'
16 WELCOME = b'#WELCOME#'
17 FAILURE = b'#FAILURE#'
19 +def get_digestmod_for_hmac():
21 + return getattr(hashlib, HMAC_DIGEST_NAME)
23 def deliver_challenge(connection, authkey):
25 assert isinstance(authkey, bytes)
26 message = os.urandom(MESSAGE_LENGTH)
27 connection.send_bytes(CHALLENGE + message)
28 - digest = hmac.new(authkey, message).digest()
29 + digest = hmac.new(authkey, message, get_digestmod_for_hmac()).digest()
30 response = connection.recv_bytes(256) # reject large message
31 if response == digest:
32 connection.send_bytes(WELCOME)
34 message = connection.recv_bytes(256) # reject large message
35 assert message[:len(CHALLENGE)] == CHALLENGE, 'message = %r' % message
36 message = message[len(CHALLENGE):]
37 - digest = hmac.new(authkey, message).digest()
38 + digest = hmac.new(authkey, message, get_digestmod_for_hmac()).digest()
39 connection.send_bytes(digest)
40 response = connection.recv_bytes(256) # reject large message
41 if response != WELCOME: