[Pkg-privacy-commits] [golang-ed25519-dev] 05/11: Use a constant-time compare for the signature.

[Ximin Luo]

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch master
in repository golang-ed25519-dev.

commit c4161f4c7483313562781c61b9a20aba73daf9de
Author: Adam Langley <agl at imperialviolet.org>
Date:   Sat Feb 15 10:33:27 2014 -0500

    Use a constant-time compare for the signature.
    
    Both inputs are public so there's no obvious point, but it's what NaCl
    does.
---
 ed25519.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ed25519.go b/ed25519.go
index 79d3f56..700938d 100644
--- a/ed25519.go
+++ b/ed25519.go
@@ -10,8 +10,8 @@ package ed25519
 // from SUPERCOP.
 
 import (
-	"bytes"
 	"crypto/sha512"
+	"crypto/subtle"
 	"io"
 
 	"github.com/agl/ed25519/edwards25519"
@@ -121,5 +121,5 @@ func Verify(publicKey *[PublicKeySize]byte, message []byte, sig *[SignatureSize]
 
 	var checkR [32]byte
 	R.ToBytes(&checkR)
-	return bytes.Equal(sig[:32], checkR[:])
+	return subtle.ConstantTimeCompare(sig[:32], checkR[:]) == 1
 }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/golang-ed25519-dev.git