Merge pull request #2 from dchest/patch-1

Make SIV comparison constant time in Decrypt
jacobsa · May 25, 2015 · 662882d · 662882d
2 parents 54f78ed + 71014fd
commit 662882d
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/siv/decrypt.go b/siv/decrypt.go
@@ -16,9 +16,9 @@
 package siv
 
 import (
-	"bytes"
 	"crypto/aes"
 	"crypto/cipher"
+	"crypto/subtle"
 	"fmt"
 )
 
@@ -93,7 +93,7 @@ func Decrypt(key, ciphertext []byte, associated [][]byte) ([]byte, error) {
 		panic(fmt.Sprintf("Unexpected output of S2V: %v", t))
 	}
 
-	if !bytes.Equal(t, v) {
+	if subtle.ConstantTimeCompare(t, v) != 1 {
 		return nil, &NotAuthenticError{
 			"Couldn't validate the authenticity of the ciphertext and " +
 				"associated data."}