diff options
| author | SaJH <wogur981208@gmail.com> | 2025-08-22 15:32:09 +0200 |
|---|---|---|
| committer | Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | 2025-08-25 14:45:16 +0200 |
| commit | 0246f478882c26bc1fe293224653074cd46a90d0 (patch) | |
| tree | ed94f807ae565c16be1ad634654bae98ea7596a9 /django/utils | |
| parent | 3ba24c18e70dd242ae237fd955fb8be30f99bc4d (diff) | |
Fixed #36546 -- Deprecated django.utils.crypto.constant_time_compare() in favor of hmac.compare_digest().
Signed-off-by: SaJH <wogur981208@gmail.com>
Diffstat (limited to 'django/utils')
| -rw-r--r-- | django/utils/crypto.py | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/django/utils/crypto.py b/django/utils/crypto.py index 4b8146695a..b6145709c3 100644 --- a/django/utils/crypto.py +++ b/django/utils/crypto.py @@ -5,8 +5,10 @@ Django's standard crypto functions and utilities. import hashlib import hmac import secrets +import warnings from django.conf import settings +from django.utils.deprecation import RemovedInDjango70Warning from django.utils.encoding import force_bytes @@ -64,7 +66,12 @@ def get_random_string(length, allowed_chars=RANDOM_STRING_CHARS): def constant_time_compare(val1, val2): """Return True if the two strings are equal, False otherwise.""" - return secrets.compare_digest(force_bytes(val1), force_bytes(val2)) + warnings.warn( + "constant_time_compare() is deprecated. Use hmac.compare_digest() instead.", + RemovedInDjango70Warning, + stacklevel=2, + ) + return hmac.compare_digest(val1, val2) def pbkdf2(password, salt, iterations, dklen=0, digest=None): |
