Commit 69371671 authored by Adam Langley's avatar Adam Langley

crypto/hmac: don't test for length equality in Equal.

subtle.ConstantTimeCompare now tests the length of the inputs (although
it didn't when this code was written) so this test in crypto/hmac is now
superfluous.

Fixes #16336.

Change-Id: Ic02d8537e776fa1dd5694d3af07a28c4d840d14b
Reviewed-on: https://go-review.googlesource.com/27239Reviewed-by: 's avatarBrad Fitzpatrick <bradfitz@golang.org>
parent b23b9a76
...@@ -94,5 +94,5 @@ func Equal(mac1, mac2 []byte) bool { ...@@ -94,5 +94,5 @@ func Equal(mac1, mac2 []byte) bool {
// We don't have to be constant time if the lengths of the MACs are // We don't have to be constant time if the lengths of the MACs are
// different as that suggests that a completely different hash function // different as that suggests that a completely different hash function
// was used. // was used.
return len(mac1) == len(mac2) && subtle.ConstantTimeCompare(mac1, mac2) == 1 return subtle.ConstantTimeCompare(mac1, mac2) == 1
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment