Skip to content

Commit 17abcbd

Browse files
author
victor
committed
Implement compareStrings function based on the laminas/laminas-crypt implementation
Remove lamanis/laminas-crypt dependency from composer.json and update composer.lock
1 parent e515fe8 commit 17abcbd

File tree

4 files changed

+22
-75
lines changed

4 files changed

+22
-75
lines changed

composer.json

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,6 @@
3737
"guzzlehttp/guzzle": "^6.3.3",
3838
"laminas/laminas-captcha": "^2.10",
3939
"laminas/laminas-code": "^3.5.1",
40-
"laminas/laminas-crypt": "^3.4.0",
4140
"laminas/laminas-db": "^2.12.0",
4241
"laminas/laminas-dependency-plugin": "^2.1.0",
4342
"laminas/laminas-di": "^3.2.0",

composer.lock

Lines changed: 2 additions & 66 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/internal/Magento/Framework/Encryption/Helper/Security.php

Lines changed: 20 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -6,11 +6,7 @@
66

77
namespace Magento\Framework\Encryption\Helper;
88

9-
use Laminas\Crypt\Utils;
10-
119
/**
12-
* Class implements compareString from Laminas\Crypt
13-
*
1410
* @api
1511
* @since 100.0.2
1612
*/
@@ -19,12 +15,29 @@ class Security
1915
/**
2016
* Compare two strings in a secure way that avoids string length guessing based on duration of calculation
2117
*
22-
* @param string $expected
23-
* @param string $actual
18+
* @param string $expected
19+
* @param string $actual
2420
* @return bool
2521
*/
2622
public static function compareStrings($expected, $actual)
2723
{
28-
return Utils::compareStrings($expected, $actual);
24+
$expected = (string) $expected;
25+
$actual = (string) $actual;
26+
27+
if (function_exists('hash_equals')) {
28+
return hash_equals($expected, $actual);
29+
}
30+
31+
$lenExpected = mb_strlen($expected, '8bit');
32+
$lenActual = mb_strlen($actual, '8bit');
33+
$len = min($lenExpected, $lenActual);
34+
35+
$result = 0;
36+
for ($i = 0; $i < $len; $i++) {
37+
$result |= ord($expected[$i]) ^ ord($actual[$i]);
38+
}
39+
$result |= $lenExpected ^ $lenActual;
40+
41+
return ($result === 0);
2942
}
3043
}

lib/internal/Magento/Framework/composer.json

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,6 @@
2626
"composer/composer": "^1.9 || ^2.0",
2727
"guzzlehttp/guzzle": "^6.3.3",
2828
"laminas/laminas-code": "^3.5.1",
29-
"laminas/laminas-crypt": "^3.4.0",
3029
"laminas/laminas-http": "^2.6.0",
3130
"laminas/laminas-mail": "^2.9.0",
3231
"laminas/laminas-mime": "^2.8.0",

0 commit comments

Comments
 (0)