Skip to content
Projeler
Gruplar
Parçacıklar
Yardım
Yükleniyor...
Oturum aç / Kaydol
Gezinmeyi değiştir
D
django
Proje
Proje
Ayrıntılar
Etkinlik
Cycle Analytics
Depo (repository)
Depo (repository)
Dosyalar
Kayıtlar (commit)
Dallar (branch)
Etiketler
Katkıda bulunanlar
Grafik
Karşılaştır
Grafikler
Konular (issue)
0
Konular (issue)
0
Liste
Pano
Etiketler
Kilometre Taşları
Birleştirme (merge) Talepleri
0
Birleştirme (merge) Talepleri
0
CI / CD
CI / CD
İş akışları (pipeline)
İşler
Zamanlamalar
Grafikler
Paketler
Paketler
Wiki
Wiki
Parçacıklar
Parçacıklar
Üyeler
Üyeler
Collapse sidebar
Close sidebar
Etkinlik
Grafik
Grafikler
Yeni bir konu (issue) oluştur
İşler
Kayıtlar (commit)
Konu (issue) Panoları
Kenar çubuğunu aç
Batuhan Osman TASKAYA
django
Commits
58176dee
Kaydet (Commit)
58176dee
authored
Nis 22, 2014
tarafından
Alex Gaynor
Dosyalara gözat
Seçenekler
Dosyalara Gözat
İndir
Eposta Yamaları
Sade Fark
Use the stdlib's compare_digest for constant time comparisons when available
üst
9fb95dfc
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
23 additions
and
19 deletions
+23
-19
crypto.py
django/utils/crypto.py
+23
-19
No files found.
django/utils/crypto.py
Dosyayı görüntüle @
58176dee
...
...
@@ -77,27 +77,31 @@ def get_random_string(length=12,
return
''
.
join
(
random
.
choice
(
allowed_chars
)
for
i
in
range
(
length
))
def
constant_time_compare
(
val1
,
val2
):
"""
Returns True if the two strings are equal, False otherwise.
if
hasattr
(
hmac
,
"compare_digest"
):
# Prefer the stdlib implementation, when available.
constant_time_compare
=
hmac
.
compare_digest
else
:
def
constant_time_compare
(
val1
,
val2
):
"""
Returns True if the two strings are equal, False otherwise.
The time taken is independent of the number of characters that match.
The time taken is independent of the number of characters that match.
For the sake of simplicity, this function executes in constant time only
when the two strings have the same length. It short-circuits when they
have different lengths. Since Django only uses it to compare hashes of
known expected length, this is acceptable.
"""
if
len
(
val1
)
!=
len
(
val2
):
return
False
result
=
0
if
six
.
PY3
and
isinstance
(
val1
,
bytes
)
and
isinstance
(
val2
,
bytes
):
for
x
,
y
in
zip
(
val1
,
val2
):
result
|=
x
^
y
else
:
for
x
,
y
in
zip
(
val1
,
val2
):
result
|=
ord
(
x
)
^
ord
(
y
)
return
result
==
0
For the sake of simplicity, this function executes in constant time only
when the two strings have the same length. It short-circuits when they
have different lengths. Since Django only uses it to compare hashes of
known expected length, this is acceptable.
"""
if
len
(
val1
)
!=
len
(
val2
):
return
False
result
=
0
if
six
.
PY3
and
isinstance
(
val1
,
bytes
)
and
isinstance
(
val2
,
bytes
):
for
x
,
y
in
zip
(
val1
,
val2
):
result
|=
x
^
y
else
:
for
x
,
y
in
zip
(
val1
,
val2
):
result
|=
ord
(
x
)
^
ord
(
y
)
return
result
==
0
def
_bin_to_long
(
x
):
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
