aboutsummaryrefslogtreecommitdiffstats
path: root/ext/openssl/lib/openssl.rb
diff options
context:
space:
mode:
Diffstat (limited to 'ext/openssl/lib/openssl.rb')
-rw-r--r--ext/openssl/lib/openssl.rb33
1 files changed, 24 insertions, 9 deletions
diff --git a/ext/openssl/lib/openssl.rb b/ext/openssl/lib/openssl.rb
index 0914282920..7ba2229a1b 100644
--- a/ext/openssl/lib/openssl.rb
+++ b/ext/openssl/lib/openssl.rb
@@ -1,4 +1,4 @@
-# frozen_string_literal: false
+# frozen_string_literal: true
=begin
= Info
'OpenSSL for Ruby 2' project
@@ -12,11 +12,26 @@
require 'openssl.so'
-require 'openssl/bn'
-require 'openssl/pkey'
-require 'openssl/cipher'
-require 'openssl/config'
-require 'openssl/digest'
-require 'openssl/x509'
-require 'openssl/ssl'
-require 'openssl/pkcs5'
+require_relative 'openssl/bn'
+require_relative 'openssl/pkey'
+require_relative 'openssl/cipher'
+require_relative 'openssl/config'
+require_relative 'openssl/digest'
+require_relative 'openssl/hmac'
+require_relative 'openssl/x509'
+require_relative 'openssl/ssl'
+require_relative 'openssl/pkcs5'
+
+module OpenSSL
+ # call-seq:
+ # OpenSSL.secure_compare(string, string) -> boolean
+ #
+ # Constant time memory comparison. Inputs are hashed using SHA-256 to mask
+ # the length of the secret. Returns +true+ if the strings are identical,
+ # +false+ otherwise.
+ def self.secure_compare(a, b)
+ hashed_a = OpenSSL::Digest::SHA256.digest(a)
+ hashed_b = OpenSSL::Digest::SHA256.digest(b)
+ OpenSSL.fixed_length_secure_compare(hashed_a, hashed_b) && a == b
+ end
+end
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-27 18:52:37 +0000