diff options
| author | David Symonds <dsymonds@golang.org> | 2014-07-22 10:08:23 +1000 |
|---|---|---|
| committer | David Symonds <dsymonds@golang.org> | 2014-07-22 10:08:23 +1000 |
| commit | e9119daaab5efeaced90f77daf3973e6d7e24e3c (patch) | |
| tree | b9a9e9976bdd9c97594287fd50346344bf6c4905 /src/pkg/crypto | |
| parent | 20f2b8060daf818e4e6c2b6da7acc5d1604c9e63 (diff) | |
| download | go-e9119daaab5efeaced90f77daf3973e6d7e24e3c.tar.gz | |
crypto/subtle: make ConstantTimeCompare return zero for args of different length.
This is more useful than panicking, since otherwise every caller needs
to do the length check before calling; some will forget, and have a
potential submarine crasher as a result. Other implementations of this
functionality do a length check.
This is backward compatible, except if someone has written code that
relies on this panicking with different length args. However, that was
not the case before Go 1.3 either.
Updates issue 7304.
LGTM=agl
R=agl, minux, hanwen
CC=golang-codereviews
https://codereview.appspot.com/118750043
Diffstat (limited to 'src/pkg/crypto')
| -rw-r--r-- | src/pkg/crypto/subtle/constant_time.go | 5 | ||||
| -rw-r--r-- | src/pkg/crypto/subtle/constant_time_test.go | 2 |
2 files changed, 4 insertions, 3 deletions
diff --git a/src/pkg/crypto/subtle/constant_time.go b/src/pkg/crypto/subtle/constant_time.go index 9c4b14a65..6f80e7c58 100644 --- a/src/pkg/crypto/subtle/constant_time.go +++ b/src/pkg/crypto/subtle/constant_time.go @@ -6,12 +6,12 @@ // code but require careful thought to use correctly. package subtle -// ConstantTimeCompare returns 1 iff the two equal length slices, x +// ConstantTimeCompare returns 1 iff the two slices, x // and y, have equal contents. The time taken is a function of the length of // the slices and is independent of the contents. func ConstantTimeCompare(x, y []byte) int { if len(x) != len(y) { - panic("subtle: slices have different lengths") + return 0 } var v byte @@ -62,7 +62,6 @@ func ConstantTimeCopy(v int, x, y []byte) { for i := 0; i < len(x); i++ { x[i] = x[i]&xmask | y[i]&ymask } - return } // ConstantTimeLessOrEq returns 1 if x <= y and 0 otherwise. diff --git a/src/pkg/crypto/subtle/constant_time_test.go b/src/pkg/crypto/subtle/constant_time_test.go index d8e321ec0..619a45444 100644 --- a/src/pkg/crypto/subtle/constant_time_test.go +++ b/src/pkg/crypto/subtle/constant_time_test.go @@ -18,6 +18,8 @@ var testConstantTimeCompareData = []TestConstantTimeCompareStruct{ {[]byte{}, []byte{}, 1}, {[]byte{0x11}, []byte{0x11}, 1}, {[]byte{0x12}, []byte{0x11}, 0}, + {[]byte{0x11}, []byte{0x11, 0x12}, 0}, + {[]byte{0x11, 0x12}, []byte{0x11}, 0}, } func TestConstantTimeCompare(t *testing.T) { |