diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-05-25 05:45:25 +0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-05-24 17:45:25 -0400 |
| commit | afdbfb13780fb78e7b277b9de07e7636ba9c5119 (patch) | |
| tree | f3fb8a52ffd0c2910f16672049600677ecd5dfd6 | |
| parent | 0a22d486ec9175926aed29a5f4ea963843ebccfa (diff) | |
| download | cryptography-afdbfb13780fb78e7b277b9de07e7636ba9c5119.tar.gz cryptography-afdbfb13780fb78e7b277b9de07e7636ba9c5119.tar.bz2 cryptography-afdbfb13780fb78e7b277b9de07e7636ba9c5119.zip | |
deprecate pythons without hmac.compare_digest (#4261)
* deprecate the constant time bytes comparison path old python 2.7.x uses
* pep8
| -rw-r--r-- | CHANGELOG.rst | 3 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/constant_time.py | 9 | ||||
| -rw-r--r-- | src/cryptography/utils.py | 1 |
3 files changed, 13 insertions, 0 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 4cabaf7f..9a3e5b88 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -10,6 +10,9 @@ Changelog * Added :meth:`~cryptography.fernet.Fernet.extract_timestamp` to get the authenticated timestamp of a :doc:`Fernet </fernet>` token. +* Support for Python 2.7.x without ``hmac.compare_digest`` has been deprecated. + We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next + ``cryptography`` release. .. _v2-2-2: diff --git a/src/cryptography/hazmat/primitives/constant_time.py b/src/cryptography/hazmat/primitives/constant_time.py index 5a682ca9..0e987ea7 100644 --- a/src/cryptography/hazmat/primitives/constant_time.py +++ b/src/cryptography/hazmat/primitives/constant_time.py @@ -5,7 +5,9 @@ from __future__ import absolute_import, division, print_function import hmac +import warnings +from cryptography import utils from cryptography.hazmat.bindings._constant_time import lib @@ -17,6 +19,13 @@ if hasattr(hmac, "compare_digest"): return hmac.compare_digest(a, b) else: + warnings.warn( + "Support for your Python version is deprecated. The next version of " + "cryptography will remove support. Please upgrade to a 2.7.x " + "release that supports hmac.compare_digest as soon as possible.", + utils.DeprecatedIn23, + ) + def bytes_eq(a, b): if not isinstance(a, bytes) or not isinstance(b, bytes): raise TypeError("a and b must be bytes.") diff --git a/src/cryptography/utils.py b/src/cryptography/utils.py index 14909c66..3d45a771 100644 --- a/src/cryptography/utils.py +++ b/src/cryptography/utils.py @@ -22,6 +22,7 @@ class CryptographyDeprecationWarning(UserWarning): # cycle ends. PersistentlyDeprecated = CryptographyDeprecationWarning DeprecatedIn21 = CryptographyDeprecationWarning +DeprecatedIn23 = CryptographyDeprecationWarning def _check_bytes(name, value): |