harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From qi...@apache.org
Subject svn commit: r832651 - /harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/java/security/MessageDigest.java
Date Wed, 04 Nov 2009 03:04:33 GMT
Author: qiuxx
Date: Wed Nov  4 03:04:33 2009
New Revision: 832651

URL: http://svn.apache.org/viewvc?rev=832651&view=rev
Log:
MessageDigest.isEqual() may introduces timing attack vulnerablity, modify eary return to make
sure the execution time of digest comparison is constant

Modified:
    harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/java/security/MessageDigest.java

Modified: harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/java/security/MessageDigest.java
URL: http://svn.apache.org/viewvc/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/java/security/MessageDigest.java?rev=832651&r1=832650&r2=832651&view=diff
==============================================================================
--- harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/java/security/MessageDigest.java
(original)
+++ harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/java/security/MessageDigest.java
Wed Nov  4 03:04:33 2009
@@ -296,12 +296,16 @@
         if (digesta.length != digestb.length) {
             return false;
         }
+        // No early return is allowed to avoid timing attack
+        // We have to return false until all elements are compared 
+        // to keep the computing time constant
+        boolean result = true;
         for (int i = 0; i < digesta.length; i++) {
             if (digesta[i] != digestb[i]) {
-                return false;
+                result = false;
             }
         }
-        return true;
+        return result;
     }
 
     /**



Mime
View raw message