From f3853172a4bde963ff9908870bc2ea53eb73bc04 Mon Sep 17 00:00:00 2001 From: Florian Apolloner Date: Tue, 17 Sep 2013 22:59:56 +0200 Subject: [PATCH] [1.5.x] Fixed #21138 -- Increased the performance of our PBKDF2 implementation. Thanks go to Michael Gebetsroither for pointing out this issue and help on the patch. Backport of 68540fe4df44492571bc610a0a043d3d02b3d320 from master. --- django/utils/crypto.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/django/utils/crypto.py b/django/utils/crypto.py index 94f717bb171..a01272b60f6 100644 --- a/django/utils/crypto.py +++ b/django/utils/crypto.py @@ -122,9 +122,8 @@ def _fast_hmac(key, msg, digest): This function operates on bytes. """ dig1, dig2 = digest(), digest() - if len(key) > dig1.block_size: - key = digest(key).digest() - key += b'\x00' * (dig1.block_size - len(key)) + if len(key) != dig1.block_size: + raise ValueError('Key size needs to match the block_size of the digest.') dig1.update(key.translate(_trans_36)) dig1.update(msg) dig2.update(key.translate(_trans_5c)) @@ -159,6 +158,11 @@ def pbkdf2(password, salt, iterations, dklen=0, digest=None): hex_format_string = "%%0%ix" % (hlen * 2) + inner_digest_size = digest().block_size + if len(password) > inner_digest_size: + password = digest(password).digest() + password += b'\x00' * (inner_digest_size - len(password)) + def F(i): def U(): u = salt + struct.pack(b'>I', i)