From db9b4906355cbb5b497da62e470c9af1b54eaf23 Mon Sep 17 00:00:00 2001
From: Rose Davidson <rhd@google.com>
Date: Wed, 14 Feb 2018 15:52:35 -0800
Subject: [PATCH] Use hmac.compare_digest to compare signatures.

---
 endpoints/users_id_token.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/endpoints/users_id_token.py b/endpoints/users_id_token.py
index ae348be..ae25b4d 100644
--- a/endpoints/users_id_token.py
+++ b/endpoints/users_id_token.py
@@ -22,6 +22,7 @@
 from __future__ import absolute_import
 
 import base64
+import hmac
 import json
 import logging
 import os
@@ -625,8 +626,8 @@ def _verify_signed_jwt_with_certs(
 
       # Check the signature on 'signed' by encrypting 'signature' with the
       # public key and confirming the result matches the SHA256 hash of
-      # 'signed'.
-      verified = (hexsig == local_hash)
+      # 'signed'. hmac.compare_digest(a, b) is used to avoid timing attacks.
+      verified = hmac.compare_digest(hexsig, local_hash)
       if verified:
         break
     except Exception, e:  # pylint: disable=broad-except