From 384f4380e8a4fee35ac5ba8449b9fd5cf0865069 Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@golang.org>
Date: Wed, 12 Feb 2014 11:58:48 -0500
Subject: [PATCH] crypto/subtle: panic if slices of different lengths are
 passed to ConstantTimeCompare.

ConstantTimeCompare has always been documented to take equal length
slices but perhaps this is too subtle, even for 'subtle'.

Fixes #7304.

LGTM=hanwen, bradfitz
R=golang-codereviews, hanwen, bradfitz
CC=golang-codereviews
https://golang.org/cl/62190043
---
 src/pkg/crypto/subtle/constant_time.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/pkg/crypto/subtle/constant_time.go b/src/pkg/crypto/subtle/constant_time.go
index dfb658465e..de1a4e8c54 100644
--- a/src/pkg/crypto/subtle/constant_time.go
+++ b/src/pkg/crypto/subtle/constant_time.go
@@ -10,6 +10,10 @@ package subtle
 // and y, have equal contents. The time taken is a function of the length of
 // the slices and is independent of the contents.
 func ConstantTimeCompare(x, y []byte) int {
+	if len(x) != len(y) {
+		panic("subtle: slices have different lengths")
+	}
+
 	var v byte
 
 	for i := 0; i < len(x); i++ {
-- 
2.48.1