crypto/hmac: don't test for length equality in Equal.

subtle.ConstantTimeCompare now tests the length of the inputs (although
it didn't when this code was written) so this test in crypto/hmac is now
superfluous.

Fixes #16336.

Change-Id: Ic02d8537e776fa1dd5694d3af07a28c4d840d14b
Reviewed-on: https://go-review.googlesource.com/27239
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

diff --git a/src/crypto/hmac/hmac.go b/src/crypto/hmac/hmac.go
index a7481078388240a6b6ca86159d44022e06182092..9ef9c448ee20b1d8fac437e385748e1c8e4b9568 100644 (file)
--- a/src/crypto/hmac/hmac.go
+++ b/src/crypto/hmac/hmac.go
@@ -94,5 +94,5 @@ func Equal(mac1, mac2 []byte) bool {
        // We don't have to be constant time if the lengths of the MACs are
        // different as that suggests that a completely different hash function
        // was used.
-       return len(mac1) == len(mac2) && subtle.ConstantTimeCompare(mac1, mac2) == 1
+       return subtle.ConstantTimeCompare(mac1, mac2) == 1
 }