From: Oguz Bektas <o.bektas@proxmox.com>
Date: Wed, 19 Jun 2019 07:39:33 +0000 (+0200)
Subject: use hmac_sha256 instead of sha1 for csrf token
X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=commitdiff_plain;h=51e6f56d257d823664fd3a68d8a164e41c949a66

use hmac_sha256 instead of sha1 for csrf token

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
---

diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index 6ac99ac..e3f90ee 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -215,7 +215,7 @@ my $csrf_prevention_secret;
 my $get_csrfr_secret = sub {
     if (!$csrf_prevention_secret) {
 	my $input = PVE::Tools::file_get_contents($pve_www_key_fn);
-	$csrf_prevention_secret = Digest::SHA::sha1_base64($input);
+	$csrf_prevention_secret = Digest::SHA::hmac_sha256_base64($input);
     }
     return $csrf_prevention_secret;
 };