Improve performance of MessageVerifier while keeping it constant time

author: wycats <wycats@gmail.com> 2010-06-04 09:48:57 -0700
committer: wycats <wycats@gmail.com> 2010-06-04 20:11:05 -0700
commit: 8b05c5207dd5757d55d0c384740db289e6bd5415 (patch)
tree: 97a19e5db0c81b3d038dd53db37f2499cc80a69b /activesupport
parent: 5fa3a2d12395ce1d7188c3b7dcb5d616e77eb5dd (diff)
download: rails-8b05c5207dd5757d55d0c384740db289e6bd5415.tar.gz
rails-8b05c5207dd5757d55d0c384740db289e6bd5415.tar.bz2
rails-8b05c5207dd5757d55d0c384740db289e6bd5415.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb
index 6c46b68eaf..1031662293 100644
--- a/activesupport/lib/active_support/message_verifier.rb
+++ b/activesupport/lib/active_support/message_verifier.rb
@@ -47,11 +47,11 @@ module ActiveSupport
       def secure_compare(a, b)
         return false unless a.bytesize == b.bytesize
 
-        l = a.unpack "C#{a.bytesize}"
+        l = a.unpack "C*"
 
-        res = 0
-        b.each_byte { |byte| res |= byte ^ l.shift }
-        res == 0
+        res = true
+        b.each_byte { |byte| res = (byte == l.shift) && res }
+        res
       end
 
       def generate_digest(data)
author	wycats <wycats@gmail.com>	2010-06-04 09:48:57 -0700
committer	wycats <wycats@gmail.com>	2010-06-04 20:11:05 -0700
commit	8b05c5207dd5757d55d0c384740db289e6bd5415 (patch)
tree	97a19e5db0c81b3d038dd53db37f2499cc80a69b /activesupport
parent	5fa3a2d12395ce1d7188c3b7dcb5d616e77eb5dd (diff)
download	rails-8b05c5207dd5757d55d0c384740db289e6bd5415.tar.gz rails-8b05c5207dd5757d55d0c384740db289e6bd5415.tar.bz2 rails-8b05c5207dd5757d55d0c384740db289e6bd5415.zip