crypto/subtle: ConstantTimeCompare should not immediately return if the slices aren't of equal length #28382
Labels
FrozenDueToAge
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
What version of Go are you using (
go version
)?go version go1.11 darwin/amd64
Does this issue reproduce with the latest release?
yes
What operating system and processor architecture are you using (
go env
)?GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/mikeyb/Library/Caches/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"
GOPATH="/Users/mikeyb/.asdf/installs/golang/1.11/packages"
GOPROXY=""
GORACE=""
GOROOT="/Users/mikeyb/.asdf/installs/golang/1.11/go"
GOTMPDIR=""
GOTOOLDIR="/Users/mikeyb/.asdf/installs/golang/1.11/go/pkg/tool/darwin_amd64"
GCCGO="gccgo"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/Users/mikeyb/projects/happenings/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/32/kykt1fps7d7blx2k6h9zmxx80000gp/T/go-build549217116=/tmp/go-build -gno-record-gcc-switches -fno-common"
What did you do?
Looked at the source of ConstantTimeCompare
What did you expect to see?
That it compares all possible values in a constant time to avoid timing attacks
What did you see instead?
That when the length of the slices being compared isn't the same, it returns straight away, making it possible to use a timing attack to discover the correct length
The text was updated successfully, but these errors were encountered: