From fe7eb5702b64ddfefa8b3c1b4e66dcc2cbb3f778 Mon Sep 17 00:00:00 2001
From: Thomas Waldmann <tw@waldmann-edv.de>
Date: Sat, 26 Mar 2022 18:50:53 +0100
Subject: [PATCH] use hmac.compare_digest instead of ==, fixes #6470

---
 src/borg/crypto/key.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/borg/crypto/key.py b/src/borg/crypto/key.py
index 3691051b0..56a211afb 100644
--- a/src/borg/crypto/key.py
+++ b/src/borg/crypto/key.py
@@ -434,7 +434,7 @@ def decrypt_key_file(self, data, passphrase):
         assert enc_key.algorithm == 'sha256'
         key = passphrase.kdf(enc_key.salt, enc_key.iterations, 32)
         data = AES(key, b'\0'*16).decrypt(enc_key.data)
-        if hmac_sha256(key, data) == enc_key.hash:
+        if hmac.compare_digest(hmac_sha256(key, data), enc_key.hash):
             return data
 
     def encrypt_key_file(self, data, passphrase):