mirror/borg
1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2025-03-04 18:48:43 +00:00
Code Issues Releases Wiki Activity

use hmac.compare_digest instead of ==, fixes #6470

Browse source
This commit is contained in:
Thomas Waldmann 2022-03-26 18:50:53 +01:00
parent 2e45e19e02
commit b75079c0f8
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/borg/crypto/key.py
View file

@ -633,7 +633,7 @@ class KeyfileKeyBase(AESKeyBase):
assert enc_key.algorithm == 'sha256' assert enc_key.algorithm == 'sha256'
key = passphrase.kdf(enc_key.salt, enc_key.iterations, 32) key = passphrase.kdf(enc_key.salt, enc_key.iterations, 32)
data = AES(key, b'\0'*16).decrypt(enc_key.data) data = AES(key, b'\0'*16).decrypt(enc_key.data)
if hmac_sha256(key, data) == enc_key.hash: if hmac.compare_digest(hmac_sha256(key, data), enc_key.hash):
return data return data
def encrypt_key_file(self, data, passphrase): def encrypt_key_file(self, data, passphrase):