diff --git a/django/utils/crypto.py b/django/utils/crypto.py index 3331424cb7..b395b3699f 100644 --- a/django/utils/crypto.py +++ b/django/utils/crypto.py @@ -123,9 +123,8 @@ def _fast_hmac(key, msg, digest): This function operates on bytes. """ dig1, dig2 = digest(), digest() - if len(key) > dig1.block_size: - key = digest(key).digest() - key += b'\x00' * (dig1.block_size - len(key)) + if len(key) != dig1.block_size: + raise ValueError('Key size needs to match the block_size of the digest.') dig1.update(key.translate(hmac.trans_36)) dig1.update(msg) dig2.update(key.translate(hmac.trans_5C)) @@ -161,6 +160,11 @@ def pbkdf2(password, salt, iterations, dklen=0, digest=None): hex_format_string = "%%0%ix" % (hlen * 2) + inner_digest_size = digest().block_size + if len(password) > inner_digest_size: + password = digest(password).digest() + password += b'\x00' * (inner_digest_size - len(password)) + def F(i): def U(): u = salt + struct.pack(b'>I', i)