Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Improve performance of MessageVerifier while keeping it constant time

  • Loading branch information...
commit 8b05c5207dd5757d55d0c384740db289e6bd5415 1 parent 5fa3a2d
@wycats wycats authored
Showing with 4 additions and 4 deletions.
  1. +4 −4 activesupport/lib/active_support/message_verifier.rb
View
8 activesupport/lib/active_support/message_verifier.rb
@@ -47,11 +47,11 @@ def generate(value)
def secure_compare(a, b)
return false unless a.bytesize == b.bytesize
- l = a.unpack "C#{a.bytesize}"
+ l = a.unpack "C*"
- res = 0
- b.each_byte { |byte| res |= byte ^ l.shift }
- res == 0
+ res = true
+ b.each_byte { |byte| res = (byte == l.shift) && res }
+ res
end
def generate_digest(data)
Please sign in to comment.
Something went wrong with that request. Please try again.