Merge "Adding a check of string type for hmacs"

This commit is contained in:
Jenkins 2017-05-27 12:58:45 +00:00 committed by Gerrit Code Review
commit c0193b7a46
2 changed files with 8 additions and 0 deletions

View File

@ -20,6 +20,8 @@ Secret utilities.
import hmac import hmac
import six
try: try:
constant_time_compare = hmac.compare_digest constant_time_compare = hmac.compare_digest
@ -33,6 +35,10 @@ except AttributeError:
content-based short circuiting behaviour, making it appropriate content-based short circuiting behaviour, making it appropriate
for cryptography. for cryptography.
""" """
if isinstance(first, six.string_types):
first = first.encode('utf-8')
if isinstance(second, six.string_types):
second = second.encode('utf-8')
if len(first) != len(second): if len(first) != len(second):
return False return False
result = 0 result = 0

View File

@ -34,6 +34,7 @@ class SecretUtilsTest(testscenarios.TestWithScenarios,
self.converter(u'abcd'))) self.converter(u'abcd')))
self.assertTrue(ctc(self.converter(u''), self.assertTrue(ctc(self.converter(u''),
self.converter(u''))) self.converter(u'')))
self.assertTrue(ctc('abcd', 'abcd'))
self.assertFalse(ctc(self.converter(u'abcd'), self.assertFalse(ctc(self.converter(u'abcd'),
self.converter(u'efgh'))) self.converter(u'efgh')))
self.assertFalse(ctc(self.converter(u'abc'), self.assertFalse(ctc(self.converter(u'abc'),
@ -50,3 +51,4 @@ class SecretUtilsTest(testscenarios.TestWithScenarios,
self.converter(u'a'))) self.converter(u'a')))
self.assertFalse(ctc(self.converter(u'abcd1234'), self.assertFalse(ctc(self.converter(u'abcd1234'),
self.converter(u'1234abcd'))) self.converter(u'1234abcd')))
self.assertFalse(ctc('abcd1234', '1234abcd'))