diff options
| author | Alex Stapleton <alexs@prol.etari.at> | 2014-07-03 09:51:59 +0100 |
|---|---|---|
| committer | Alex Stapleton <alexs@prol.etari.at> | 2014-07-03 09:51:59 +0100 |
| commit | 9b5b4d117242da3ea847406d97481dfa148fdaeb (patch) | |
| tree | 33723d958d162974dc6c4d34eaaa0fa96c3f602b | |
| parent | 967bbde1d8f11923adafb1d0b627eb22b655e45b (diff) | |
| parent | 12131cddc9ba33c00d80026caa3cf586b8bcd6af (diff) | |
| download | cryptography-9b5b4d117242da3ea847406d97481dfa148fdaeb.tar.gz cryptography-9b5b4d117242da3ea847406d97481dfa148fdaeb.tar.bz2 cryptography-9b5b4d117242da3ea847406d97481dfa148fdaeb.zip | |
Merge pull request #1211 from Ayrx/use-stdlib-constant-compare
Added preference for stdlib's compare_digest to constant_time
| -rw-r--r-- | cryptography/hazmat/primitives/constant_time.py | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/cryptography/hazmat/primitives/constant_time.py b/cryptography/hazmat/primitives/constant_time.py index 4547da13..9789851a 100644 --- a/cryptography/hazmat/primitives/constant_time.py +++ b/cryptography/hazmat/primitives/constant_time.py @@ -13,6 +13,7 @@ from __future__ import absolute_import, division, print_function +import hmac import sys import cffi @@ -53,9 +54,18 @@ _lib = _ffi.verify( ext_package="cryptography", ) +if hasattr(hmac, "compare_digest"): + def bytes_eq(a, b): + if not isinstance(a, bytes) or not isinstance(b, bytes): + raise TypeError("a and b must be bytes.") + + return hmac.compare_digest(a, b) -def bytes_eq(a, b): - if not isinstance(a, bytes) or not isinstance(b, bytes): +else: + def bytes_eq(a, b): + if not isinstance(a, bytes) or not isinstance(b, bytes): raise TypeError("a and b must be bytes.") - return _lib.Cryptography_constant_time_bytes_eq(a, len(a), b, len(b)) == 1 + return _lib.Cryptography_constant_time_bytes_eq( + a, len(a), b, len(b) + ) == 1 |