python3/avoid-usage-of-md5-in-multiprocessing.patch

From 17198bd8ac7eac7320bf22828cc9b22a26d62ae2 Mon Sep 17 00:00:00 2001
From: liyuanyuan <liyuanyuan@xfusion.com>
Date: Thu, 15 Dec 2022 19:32:29 +0800
Subject: [PATCH] avoid usage of md5 in multiprocessing

---
 Lib/multiprocessing/connection.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/Lib/multiprocessing/connection.py b/Lib/multiprocessing/connection.py
index 8e2facf..4ef15bf 100644
--- a/Lib/multiprocessing/connection.py
+++ b/Lib/multiprocessing/connection.py
@@ -42,6 +42,10 @@ BUFSIZE = 8192
 # A very generous timeout when it comes to local connections...
 CONNECTION_TIMEOUT = 20.
 
+# The hmac module implicitly defaults to using MD5.
+# Support using a stronger algorithm for the challenge/response code:
+HMAC_DIGEST_NAME='sha256'
+
 _mmap_counter = itertools.count()
 
 default_family = 'AF_INET'
@@ -729,6 +733,10 @@ CHALLENGE = b'#CHALLENGE#'
 WELCOME = b'#WELCOME#'
 FAILURE = b'#FAILURE#'
 
+def get_digestmod_for_hmac():
+    import hashlib
+    return getattr(hashlib, HMAC_DIGEST_NAME)
+
 def deliver_challenge(connection, authkey):
     import hmac
     if not isinstance(authkey, bytes):
@@ -736,7 +744,7 @@ def deliver_challenge(connection, authkey):
             "Authkey must be bytes, not {0!s}".format(type(authkey)))
     message = os.urandom(MESSAGE_LENGTH)
     connection.send_bytes(CHALLENGE + message)
-    digest = hmac.new(authkey, message, 'md5').digest()
+    digest = hmac.new(authkey, message, get_digestmod_for_hmac()).digest()
     response = connection.recv_bytes(256)        # reject large message
     if response == digest:
         connection.send_bytes(WELCOME)
@@ -752,7 +760,7 @@ def answer_challenge(connection, authkey):
     message = connection.recv_bytes(256)         # reject large message
     assert message[:len(CHALLENGE)] == CHALLENGE, 'message = %r' % message
     message = message[len(CHALLENGE):]
-    digest = hmac.new(authkey, message, 'md5').digest()
+    digest = hmac.new(authkey, message, get_digestmod_for_hmac()).digest()
     connection.send_bytes(digest)
     response = connection.recv_bytes(256)        # reject large message
     if response != WELCOME:
-- 
2.27.0