From 1c0db5f78473bed04dd9aa972fe53c683a02d8eb Mon Sep 17 00:00:00 2001
From: Bert JW Regeer <bert.regeer@absio.com>
Date: Sat, 26 Oct 2013 21:06:50 -0600
Subject: digestmod() has to accept a parameter in certain cases

Due to line 69 in hmac.py in the Python standard library (2.7) it
expects to be able to call the digestmod function with the current key
if the key passed in exceeds the block size in length.

This fixes the code so that digestmod can accept string as an extra
parameter, which is passed through to hashlib.new()

[1]: http://hg.python.org/cpython/file/2.7/Lib/hmac.py#l69
---
 pyramid/session.py            |  2 +-
 pyramid/tests/test_session.py | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/pyramid/session.py b/pyramid/session.py
index 9e0733661..d3a4113b9 100644
--- a/pyramid/session.py
+++ b/pyramid/session.py
@@ -565,7 +565,7 @@ def SignedCookieSessionFactory(
     if deserialize is None:
         deserialize = pickle.loads
 
-    digestmod = lambda: hashlib.new(hashalg)
+    digestmod = lambda string=b'': hashlib.new(hashalg, string)
     digest_size = digestmod().digest_size
 
     salted_secret = bytes_(salt or '') + bytes_(secret)
diff --git a/pyramid/tests/test_session.py b/pyramid/tests/test_session.py
index c13d3ce5c..048bf2c01 100644
--- a/pyramid/tests/test_session.py
+++ b/pyramid/tests/test_session.py
@@ -370,6 +370,24 @@ class TestSignedCookieSession(SharedCookieSessionTests, unittest.TestCase):
         session = self._makeOne(request)
         self.assertEqual(session, {})
 
+    def test_very_long_key(self):
+        verylongkey = b'a' * 1024
+        import webob
+        request = testing.DummyRequest()
+        session = self._makeOne(request, secret=verylongkey)
+        session['a'] = 1
+        callbacks = request.response_callbacks
+        self.assertEqual(len(callbacks), 1)
+        response = webob.Response()
+
+        try:
+            result = callbacks[0](request, response)
+        except TypeError as e:
+            self.fail('HMAC failed to initialize due to key length.')
+
+        self.assertEqual(result, None)
+        self.assertTrue('Set-Cookie' in dict(response.headerlist))
+
 class TestUnencryptedCookieSession(SharedCookieSessionTests, unittest.TestCase):
     def setUp(self):
         super(TestUnencryptedCookieSession, self).setUp()
-- 
cgit v1.2.3