From 07b0c57a75d4b8c94b16983c5a78026ba46377ac Mon Sep 17 00:00:00 2001
From: Dan Kortschak <dan@kortschak.io>
Date: Mon, 3 May 2021 13:17:04 +0930
Subject: [PATCH] crypto/subtle: note that input length mismatch makes
 ConstantTimeCompare return immediately
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Change-Id: Id1ae6c8fbb8c2f31b251ba141dc2bbedae189006
Reviewed-on: https://go-review.googlesource.com/c/go/+/316169
Trust: Daniel Martí <mvdan@mvdan.cc>
Reviewed-by: Daniel Martí <mvdan@mvdan.cc>
Trust: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com>
---
 src/crypto/subtle/constant_time.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/crypto/subtle/constant_time.go b/src/crypto/subtle/constant_time.go
index 7c3cf05c46..4e0527f9d5 100644
--- a/src/crypto/subtle/constant_time.go
+++ b/src/crypto/subtle/constant_time.go
@@ -8,7 +8,8 @@ package subtle
 
 // ConstantTimeCompare returns 1 if the two slices, x and y, have equal contents
 // and 0 otherwise. The time taken is a function of the length of the slices and
-// is independent of the contents.
+// is independent of the contents. If the lengths of x and y do not match it
+// returns 0 immediately.
 func ConstantTimeCompare(x, y []byte) int {
 	if len(x) != len(y) {
 		return 0
-- 
2.50.0