Speed up ActiveSupport::SecurityUtils.fixed_length_secure_compare
#40429
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Speed up
ActiveSupport::SecurityUtils.fixed_length_secure_compare
by usingOpenSSL.fixed_length_secure_compare
, if available. OpenSSL's version is a C method, which is faster.Other Information
There is one minor difference between the two methods. While both raise an
ArgumentError
if the strings are not equal length, OpenSSL's error message isinputs must be of equal length
(https://github.com/ruby/openssl/blob/master/ext/openssl/ossl.c#L627), while ActiveSupport's isstring length mismatch.
.Since the ArgumentError is not really expected, I figured it doesn't matter that the messages are different. If anyone is actually rescuing this error, they should probably just be using
ActiveSupport::SecurityUtils.secure_compare
which doesn't raise in the first place.