fix: constant_time_eq no longer leaks secret length via early return

Remove the early return on length mismatch that leaked length information via timing. Now iterates over max(a.len(), b.len()), padding the shorter input with zeros, and checks both byte-level differences and length equality at the end. Closes #57 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-15 00:01:23 +01:00
parent 365692853c
commit 6776373e8e
3 changed files with 21 additions and 8 deletions
--- a/src/tools/browser.rs
+++ b/src/tools/browser.rs
@@ -366,6 +366,7 @@ impl BrowserTool {
 }

 #[async_trait]
+#[allow(clippy::too_many_lines)]
 impl Tool for BrowserTool {
    fn name(&self) -> &str {
        "browser"