mirror/borg
1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2025-02-25 07:23:28 +00:00
Code Issues Releases Wiki Activity

use hmac.compare_digest instead of ==, fixes #6470

Browse source
This commit is contained in:
Thomas Waldmann 2022-03-26 18:50:53 +01:00
parent 23b27cfd0c
commit fe7eb5702b
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/borg/crypto/key.py
View file

@ -434,7 +434,7 @@ def decrypt_key_file(self, data, passphrase):
assert enc_key.algorithm == 'sha256' assert enc_key.algorithm == 'sha256'
key = passphrase.kdf(enc_key.salt, enc_key.iterations, 32) key = passphrase.kdf(enc_key.salt, enc_key.iterations, 32)
data = AES(key, b'\0'*16).decrypt(enc_key.data) data = AES(key, b'\0'*16).decrypt(enc_key.data)
if hmac_sha256(key, data) == enc_key.hash: if hmac.compare_digest(hmac_sha256(key, data), enc_key.hash):
return data return data
def encrypt_key_file(self, data, passphrase): def encrypt_key_file(self, data, passphrase):