Fixed #21138 -- Increased the performance of our PBKDF2 implementation.

Thanks go to Michael Gebetsroither for pointing out this issue and help on the patch.
author: Florian Apolloner <florian@apolloner.eu> 2013-09-17 22:59:56 +0200
committer: Florian Apolloner <florian@apolloner.eu> 2013-09-24 21:06:26 +0200
commit: 68540fe4df44492571bc610a0a043d3d02b3d320 (patch)
tree: db672fe52f876cfa454ac6091b01357fa803515f /django/utils/crypto.py
parent: 5d74853e156105ea02a41f4731346dbe272c2412 (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/django/utils/crypto.py b/django/utils/crypto.py
index 3331424cb7..b395b3699f 100644
--- a/django/utils/crypto.py
+++ b/django/utils/crypto.py
@@ -123,9 +123,8 @@ def _fast_hmac(key, msg, digest):
     This function operates on bytes.
     """
     dig1, dig2 = digest(), digest()
-    if len(key) > dig1.block_size:
-        key = digest(key).digest()
-    key += b'\x00' * (dig1.block_size - len(key))
+    if len(key) != dig1.block_size:
+        raise ValueError('Key size needs to match the block_size of the digest.')
     dig1.update(key.translate(hmac.trans_36))
     dig1.update(msg)
     dig2.update(key.translate(hmac.trans_5C))
@@ -161,6 +160,11 @@ def pbkdf2(password, salt, iterations, dklen=0, digest=None):
 
     hex_format_string = "%%0%ix" % (hlen * 2)
 
+    inner_digest_size = digest().block_size
+    if len(password) > inner_digest_size:
+        password = digest(password).digest()
+    password += b'\x00' * (inner_digest_size - len(password))
+
     def F(i):
         def U():
             u = salt + struct.pack(b'>I', i)
author	Florian Apolloner <florian@apolloner.eu>	2013-09-17 22:59:56 +0200
committer	Florian Apolloner <florian@apolloner.eu>	2013-09-24 21:06:26 +0200
commit	68540fe4df44492571bc610a0a043d3d02b3d320 (patch)
tree	db672fe52f876cfa454ac6091b01357fa803515f /django/utils/crypto.py
parent	5d74853e156105ea02a41f4731346dbe272c2412 (diff)