diff options
author | Patrick Cloke <clokep@users.noreply.github.com> | 2021-08-27 07:08:02 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-08-27 07:08:02 -0400 |
commit | 029b7ad7b94d167b19d63a5dc777a806b0e073f3 (patch) | |
tree | d5299c9aa678b0e5742ef601fdf17887103cea09 | |
parent | Improve ServerNoticeServlet to avoid duplicate requests (#10679) (diff) | |
download | synapse-029b7ad7b94d167b19d63a5dc777a806b0e073f3.tar.xz |
Remove unused `compare_digest` function. (#10706)
Diffstat (limited to '')
-rw-r--r-- | changelog.d/10706.misc | 1 | ||||
-rw-r--r-- | synapse/rest/client/register.py | 13 |
2 files changed, 1 insertions, 13 deletions
diff --git a/changelog.d/10706.misc b/changelog.d/10706.misc new file mode 100644 index 0000000000..eed4aa58d6 --- /dev/null +++ b/changelog.d/10706.misc @@ -0,0 +1 @@ +Remove unused `compare_digest` function. diff --git a/synapse/rest/client/register.py b/synapse/rest/client/register.py index 2781a0ea96..7b5f49d635 100644 --- a/synapse/rest/client/register.py +++ b/synapse/rest/client/register.py @@ -12,7 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -import hmac import logging import random from typing import List, Union @@ -60,18 +59,6 @@ from synapse.util.threepids import ( from ._base import client_patterns, interactive_auth_handler -# We ought to be using hmac.compare_digest() but on older pythons it doesn't -# exist. It's a _really minor_ security flaw to use plain string comparison -# because the timing attack is so obscured by all the other code here it's -# unlikely to make much difference -if hasattr(hmac, "compare_digest"): - compare_digest = hmac.compare_digest -else: - - def compare_digest(a, b): - return a == b - - logger = logging.getLogger(__name__) |