From: Adam Langley <agl@golang.org>
Date: Wed, 17 Aug 2016 20:18:43 +0000 (-0700)
Subject: crypto/hmac: don't test for length equality in Equal.
X-Git-Tag: go1.8beta1~1803
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=69371671c722d3fcc4f2e1c57dd6a40fc4973ebc;p=gostls13.git

crypto/hmac: don't test for length equality in Equal.

subtle.ConstantTimeCompare now tests the length of the inputs (although
it didn't when this code was written) so this test in crypto/hmac is now
superfluous.

Fixes #16336.

Change-Id: Ic02d8537e776fa1dd5694d3af07a28c4d840d14b
Reviewed-on: https://go-review.googlesource.com/27239
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
---

diff --git a/src/crypto/hmac/hmac.go b/src/crypto/hmac/hmac.go
index a748107838..9ef9c448ee 100644
--- a/src/crypto/hmac/hmac.go
+++ b/src/crypto/hmac/hmac.go
@@ -94,5 +94,5 @@ func Equal(mac1, mac2 []byte) bool {
 	// We don't have to be constant time if the lengths of the MACs are
 	// different as that suggests that a completely different hash function
 	// was used.
-	return len(mac1) == len(mac2) && subtle.ConstantTimeCompare(mac1, mac2) == 1
+	return subtle.ConstantTimeCompare(mac1, mac2) == 1
 }