Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #13 from polezaivsani/fix_timming_sidechannel
Spoil timming side-channel attack when comparing macs
  • Loading branch information
robbert229 committed Apr 26, 2017
2 parents 2eb16e9 + eddce24 commit ca1404e
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion algorithms.go
Expand Up @@ -142,7 +142,7 @@ func (a *Algorithm) validateSignature(encoded string) error {

b64SignedAttempt := base64.RawURLEncoding.EncodeToString([]byte(signedAttempt))

if strings.Compare(b64Signature, b64SignedAttempt) != 0 {
if !hmac.Equal([]byte(b64Signature), []byte(b64SignedAttempt)) {
return errors.New("invalid signature")
}

Expand Down

0 comments on commit ca1404e

Please sign in to comment.