mirror of https://github.com/django/django.git
parent
831f2846dd
commit
e89bc39935
|
@ -82,16 +82,14 @@ def get_random_string(length=12,
|
|||
|
||||
def constant_time_compare(val1, val2):
|
||||
"""
|
||||
Returns True if the two bytestrings are equal, False otherwise.
|
||||
Returns True if the two strings are equal, False otherwise.
|
||||
|
||||
The time taken is independent of the number of characters that match.
|
||||
"""
|
||||
if not (isinstance(val1, bytes) and isinstance(val2, bytes)):
|
||||
raise TypeError("constant_time_compare only supports bytes")
|
||||
if len(val1) != len(val2):
|
||||
return False
|
||||
result = 0
|
||||
if six.PY3:
|
||||
if six.PY3 and isinstance(val1, bytes) and isinstance(val2, bytes):
|
||||
for x, y in zip(val1, val2):
|
||||
result |= x ^ y
|
||||
else:
|
||||
|
|
|
@ -15,8 +15,8 @@ class TestUtilsCryptoMisc(unittest.TestCase):
|
|||
# It's hard to test for constant time, just test the result.
|
||||
self.assertTrue(constant_time_compare(b'spam', b'spam'))
|
||||
self.assertFalse(constant_time_compare(b'spam', b'eggs'))
|
||||
with self.assertRaises(TypeError):
|
||||
constant_time_compare('spam', 'spam')
|
||||
self.assertTrue(constant_time_compare('spam', 'spam'))
|
||||
self.assertFalse(constant_time_compare('spam', 'eggs'))
|
||||
|
||||
|
||||
class TestUtilsCryptoPBKDF2(unittest.TestCase):
|
||||
|
|
Loading…
Reference in New Issue