diff options
| author | Terry Chia <terrycwk1994@gmail.com> | 2014-07-03 14:58:19 +0800 |
|---|---|---|
| committer | Terry Chia <terrycwk1994@gmail.com> | 2014-07-03 14:58:19 +0800 |
| commit | 12131cddc9ba33c00d80026caa3cf586b8bcd6af (patch) | |
| tree | 33723d958d162974dc6c4d34eaaa0fa96c3f602b | |
| parent | 967bbde1d8f11923adafb1d0b627eb22b655e45b (diff) | |
| download | cryptography-12131cddc9ba33c00d80026caa3cf586b8bcd6af.tar.gz cryptography-12131cddc9ba33c00d80026caa3cf586b8bcd6af.tar.bz2 cryptography-12131cddc9ba33c00d80026caa3cf586b8bcd6af.zip | |
Added preference for stdlib's compare_digest to constant_time
| -rw-r--r-- | cryptography/hazmat/primitives/constant_time.py | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/cryptography/hazmat/primitives/constant_time.py b/cryptography/hazmat/primitives/constant_time.py index 4547da13..9789851a 100644 --- a/cryptography/hazmat/primitives/constant_time.py +++ b/cryptography/hazmat/primitives/constant_time.py @@ -13,6 +13,7 @@ from __future__ import absolute_import, division, print_function +import hmac import sys import cffi @@ -53,9 +54,18 @@ _lib = _ffi.verify( ext_package="cryptography", ) +if hasattr(hmac, "compare_digest"): + def bytes_eq(a, b): + if not isinstance(a, bytes) or not isinstance(b, bytes): + raise TypeError("a and b must be bytes.") + + return hmac.compare_digest(a, b) -def bytes_eq(a, b): - if not isinstance(a, bytes) or not isinstance(b, bytes): +else: + def bytes_eq(a, b): + if not isinstance(a, bytes) or not isinstance(b, bytes): raise TypeError("a and b must be bytes.") - return _lib.Cryptography_constant_time_bytes_eq(a, len(a), b, len(b)) == 1 + return _lib.Cryptography_constant_time_bytes_eq( + a, len(a), b, len(b) + ) == 1 |