Skip to content

Commit

Permalink
Reverts d8773d3 - backports len check for subtle.ConstantTimeCompare.
Browse files Browse the repository at this point in the history
  • Loading branch information
@elithrar
elithrar committed Aug 20, 2015
1 parent 2e348ac commit 9479394
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion securecookie.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -372,7 +372,9 @@ func createMac(h hash.Hash, value []byte) []byte {
// verifyMac verifies that a message authentication code (MAC) is valid.
func verifyMac(h hash.Hash, value []byte, mac []byte) error {
mac2 := createMac(h, value)
if subtle.ConstantTimeCompare(mac, mac2) == 1 {
// Check that both MACs are of equal length, as subtle.ConstantTimeCompare
// does not do this prior to Go 1.4.
if len(mac) == len(mac2) && subtle.ConstantTimeCompare(mac, mac2) == 1 {
return nil
}
return ErrMacInvalid
Expand Down

0 comments on commit 9479394

Please sign in to comment.