diff options
author | Bart de Water <bartdewater@gmail.com> | 2019-10-26 12:13:25 -0400 |
---|---|---|
committer | Samuel Williams <samuel.williams@oriontransfer.co.nz> | 2019-10-28 17:54:29 +1300 |
commit | 308fb199811d085c771e421eb304b4aedf501262 (patch) | |
tree | 6d7c16c61506d537db049797d881e5a4c5a20fbe /test | |
parent | 0faa750c223e2aec90637d895e23a3104266fd85 (diff) | |
download | ruby-openssl-308fb199811d085c771e421eb304b4aedf501262.tar.gz |
Add OpenSSL.secure_compare with same semantics as Active Support >= 5.2
secure_compare is for user input, fixed_length_secure_compare for already processed data that is known to have the same length
Diffstat (limited to 'test')
-rw-r--r-- | test/test_ossl.rb | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/test/test_ossl.rb b/test/test_ossl.rb index 85363cb5..394f30e0 100644 --- a/test/test_ossl.rb +++ b/test/test_ossl.rb @@ -26,6 +26,23 @@ class OpenSSL::OSSL < OpenSSL::SSLTestCase assert_raises(ArgumentError) { OpenSSL.fixed_length_secure_compare("aaa", "bbbb") } end + def test_secure_compare + refute OpenSSL.secure_compare("aaa", "a") + refute OpenSSL.secure_compare("aaa", "aa") + + assert OpenSSL.secure_compare("aaa", "aaa") + + refute OpenSSL.secure_compare("aaa", "aaaa") + refute OpenSSL.secure_compare("aaa", "baa") + refute OpenSSL.secure_compare("aaa", "aba") + refute OpenSSL.secure_compare("aaa", "aab") + refute OpenSSL.secure_compare("aaa", "aaab") + refute OpenSSL.secure_compare("aaa", "b") + refute OpenSSL.secure_compare("aaa", "bb") + refute OpenSSL.secure_compare("aaa", "bbb") + refute OpenSSL.secure_compare("aaa", "bbbb") + end + def test_memcmp_timing # Ensure using fixed_length_secure_compare takes almost exactly the same amount of time to compare two different strings. # Regular string comparison will short-circuit on the first non-matching character, failing this test. |