Add constant time compare.

cloudflare · Feb 14, 2023 · 16a4b99 · 16a4b99
1 parent 11a6f15
commit 16a4b99
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/cipher/ascon/ascon.go b/cipher/ascon/ascon.go
@@ -5,7 +5,7 @@
 package ascon
 
 import (
-	"bytes"
+	"crypto/subtle"
 	"encoding/binary"
 	"errors"
 	"math/bits"
@@ -127,7 +127,7 @@ func (a *Cipher) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, er
 	a.procText(ciphertext, plaintext, false)
 	a.finalize(tag1)
 
-	if !bytes.Equal(tag0, tag1) {
+	if subtle.ConstantTimeCompare(tag0, tag1) == 0 {
 		return nil, ErrDecryption
 	}