From 7e3cf3cfd27e53ced0a1fc65a02849f78a292d3d Mon Sep 17 00:00:00 2001
From: Florian Apolloner <florian@apolloner.eu>
Date: Mon, 26 May 2014 13:52:37 +0200
Subject: [PATCH] Fixed constant_time_compare on Python 2.7.7

Python 2.7.7 includes compare_digest in the hmac module, but it requires
both arguments to have the same type. This is usually not a problem on
Python 3 since everything is text, but we have mixed unicode and str on
Python 2 -- hence make sure everything is bytes before feeding it into
compare_digest.
---
 django/utils/crypto.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/django/utils/crypto.py b/django/utils/crypto.py
index 8bf884a72f..cbf2656316 100644
--- a/django/utils/crypto.py
+++ b/django/utils/crypto.py
@@ -79,7 +79,8 @@ def get_random_string(length=12,
 
 if hasattr(hmac, "compare_digest"):
     # Prefer the stdlib implementation, when available.
-    constant_time_compare = hmac.compare_digest
+    def constant_time_compare(val1, val2):
+        return hmac.compare_digest(force_bytes(val1), force_bytes(val2))
 else:
     def constant_time_compare(val1, val2):
         """