aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix (bsr/kms): use const time compare for sig

Browse Source
pull/3251/head
Jim 3 years ago committed by Timothy Messier
parent 3e9a4bf03e
commit 46348d7b49
No known key found for this signature in database
GPG Key ID: EFD2F184F7600572
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File

4
internal/bsr/kms/keys.go
Unescape View File

@ -4,10 +4,10 @@
package kms
import (
"bytes"
"context"
"crypto/ed25519"
"crypto/rand"
"crypto/subtle"
"fmt"
"sync"
@ -505,7 +505,7 @@ func (k *Keys) VerifySignatureWithBsrKey(ctx context.Context, sig *wrapping.SigI
if sig.KeyInfo.KeyId != bsrKeyId {
return false, fmt.Errorf("%s: signature key id %q doesn't match verifying key id %q: %w", op, k.PubKeyBsrSignature.KeyInfo.KeyId, bsrKeyId, ErrInvalidParameter)
}
if bytes.Equal(sig.Signature, sigInfo.Signature) {
if subtle.ConstantTimeCompare(sig.Signature, sigInfo.Signature) == 1 {
return true, nil
}
return false, nil

Write Preview
Loading…
Cancel
Save