[refactor] use constant-time comparison in SimpleSecretKey

kares · claude · kares · commit 9968234e6f94 · 2026-04-05T14:54:46.000+02:00
Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/src/main/java/org/jruby/ext/openssl/SimpleSecretKey.java b/src/main/java/org/jruby/ext/openssl/SimpleSecretKey.java
@@ -27,6 +27,7 @@
  ***** END LICENSE BLOCK *****/
 package org.jruby.ext.openssl;
 
+import java.security.MessageDigest;
 import javax.crypto.SecretKey;
 
 /**
@@ -68,12 +69,8 @@ public String getFormat() {
 
     public boolean equals(Object o) {
         if ( o instanceof SimpleSecretKey ) {
-            byte[] ovalue = ((SimpleSecretKey) o).value;
-            if ( value.length != ovalue.length ) return false;
-            for ( int i = 0; i < value.length; i++ ) {
-                if ( value[i] != ovalue[i] ) return false;
-            }
-            return algorithm.equals( ((SimpleSecretKey) o).algorithm );
+            SimpleSecretKey other = (SimpleSecretKey) o;
+            return algorithm.equals(other.algorithm) && MessageDigest.isEqual(value, other.value);
         }
         return false;
     }
