openstack/keystonemiddleware
Code Issues Proposed changes

Replace deprecated constant_time_compare

Browse Source 
The method is being deprecated now[1].

[1] https://review.opendev.org/c/openstack/oslo.utils/+/930198

Closes-Bug: #2081732
Change-Id: Ia46b03588cfa659edcae626f0bf8d65520354059
This commit is contained in:
Takashi Kajinami 2024-10-02 18:30:39 +09:00
parent ceb3aa5ef2
commit cdc89b65f9
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
keystonemiddleware/auth_token/_memcache_crypt.py
View File

@ -35,7 +35,6 @@ import math
import os
from keystonemiddleware.i18n import _
from oslo_utils import secretutils
try:
from cryptography.hazmat import backends as crypto_backends
@ -203,7 +202,7 @@ def unprotect_data(keys, signed_data):
signed_data[DIGEST_LENGTH_B64:])
# Then verify that it matches the provided value
if not secretutils.constant_time_compare(provided_mac, calculated_mac):
if not hmac.compare_digest(provided_mac, calculated_mac):
raise InvalidMacError(_('Invalid MAC; data appears to be corrupted.'))
data = base64.b64decode(signed_data[DIGEST_LENGTH_B64:])