innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Merge pull request #2600 from alex/builtin-constant-time-compare 

Use the stdlib's compare_digest for constant time comparisons when available
This commit is contained in:
Donald Stufft 2014-04-22 17:53:08 -04:00
parent 9fb95dfc9f 58176dee88
commit 03401701f3
1 changed files with 23 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
django/utils/crypto.py
View File

@ -77,6 +77,10 @@ def get_random_string(length=12,
return ''.join(random.choice(allowed_chars) for i in range(length)) return ''.join(random.choice(allowed_chars) for i in range(length))
if hasattr(hmac, "compare_digest"):
# Prefer the stdlib implementation, when available.
constant_time_compare = hmac.compare_digest
else:
def constant_time_compare(val1, val2): def constant_time_compare(val1, val2):
""" """
Returns True if the two strings are equal, False otherwise. Returns True if the two strings are equal, False otherwise.