From: Adam Langley <agl@golang.org>
Date: Wed, 12 Feb 2014 16:58:48 +0000 (-0500)
Subject: crypto/subtle: panic if slices of different lengths are passed to ConstantTimeCompare.
X-Git-Tag: go1.3beta1~759
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=384f4380e8a4fee35ac5ba8449b9fd5cf0865069;p=gostls13.git

crypto/subtle: panic if slices of different lengths are passed to ConstantTimeCompare.

ConstantTimeCompare has always been documented to take equal length
slices but perhaps this is too subtle, even for 'subtle'.

Fixes #7304.

LGTM=hanwen, bradfitz
R=golang-codereviews, hanwen, bradfitz
CC=golang-codereviews
https://golang.org/cl/62190043
---

diff --git a/src/pkg/crypto/subtle/constant_time.go b/src/pkg/crypto/subtle/constant_time.go
index dfb658465e..de1a4e8c54 100644
--- a/src/pkg/crypto/subtle/constant_time.go
+++ b/src/pkg/crypto/subtle/constant_time.go
@@ -10,6 +10,10 @@ package subtle
 // and y, have equal contents. The time taken is a function of the length of
 // the slices and is independent of the contents.
 func ConstantTimeCompare(x, y []byte) int {
+	if len(x) != len(y) {
+		panic("subtle: slices have different lengths")
+	}
+
 	var v byte
 
 	for i := 0; i < len(x); i++ {