From f959758687b63e8f5366b315cc4845c2bbd5f6e8 Mon Sep 17 00:00:00 2001
From: Aaron Patterson <aaron.patterson@gmail.com>
Date: Sun, 13 Sep 2009 00:32:30 -0700
Subject: making secure_compare faster

[#3195 state:committed]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
---
 .../lib/active_support/message_verifier.rb         | 36 +++++-----------------
 1 file changed, 8 insertions(+), 28 deletions(-)

(limited to 'activesupport/lib')

diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb
index 3e72100bd9..a6723b8b33 100644
--- a/activesupport/lib/active_support/message_verifier.rb
+++ b/activesupport/lib/active_support/message_verifier.rb
@@ -38,35 +38,15 @@ module ActiveSupport
     end
     
     private
-      if "foo".respond_to?(:force_encoding)
-        # constant-time comparison algorithm to prevent timing attacks
-        def secure_compare(a, b)
-          a = a.dup.force_encoding(Encoding::BINARY)
-          b = b.dup.force_encoding(Encoding::BINARY)
+      # constant-time comparison algorithm to prevent timing attacks
+      def secure_compare(a, b)
+        return false unless a.bytesize == b.bytesize
 
-          if a.length == b.length
-            result = 0
-            for i in 0..(a.length - 1)
-              result |= a[i].ord ^ b[i].ord
-            end
-            result == 0
-          else
-            false
-          end
-        end
-      else
-        # For 1.8
-        def secure_compare(a, b)
-          if a.length == b.length
-            result = 0
-            for i in 0..(a.length - 1)
-              result |= a[i] ^ b[i]
-            end
-            result == 0
-          else
-            false
-          end
-        end
+        l = a.unpack "C#{a.bytesize}"
+
+        res = 0
+        b.each_byte { |b| res |= b ^ l.shift }
+        res == 0
       end
 
       def generate_digest(data)
-- 
cgit v1.2.3