Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(155)

Issue 6632044: code review 6632044: crypto/hmac: add Verify function. (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
9 years, 11 months ago by agl1
Modified:
9 years, 11 months ago
Reviewers:
CC:
rsc, mxk, golang-dev
Visibility:
Public.

Description

crypto/hmac: add Equal function. It was suggested that it's too easy to use crypto/hmac insecurely and I think that has some merit. This change adds a Equal function to make it obvious that MAC values should be compared in constant time.

Patch Set 1 #

Patch Set 2 : diff -r cfbcf8176d26 https://go.googlecode.com/hg/ #

Patch Set 3 : diff -r cfbcf8176d26 https://go.googlecode.com/hg/ #

Total comments: 4

Patch Set 4 : diff -r cfbcf8176d26 https://go.googlecode.com/hg/ #

Patch Set 5 : diff -r cfbcf8176d26 https://go.googlecode.com/hg/ #

Patch Set 6 : diff -r caf30a0fbd77 https://go.googlecode.com/hg/ #

Patch Set 7 : diff -r caf30a0fbd77 https://go.googlecode.com/hg/ #

Unified diffs Side-by-side diffs Delta from patch set Stats (+53 lines, -8 lines) Patch
M src/pkg/crypto/hmac/hmac.go View 1 2 3 3 chunks +27 lines, -5 lines 0 comments Download
M src/pkg/crypto/hmac/hmac_test.go View 1 2 3 4 1 chunk +19 lines, -0 lines 0 comments Download
M src/pkg/go/build/deps_test.go View 1 2 chunks +7 lines, -3 lines 0 comments Download

Messages

Total messages: 7
agl1
Hello golang-dev@googlegroups.com (cc: golang-dev@googlegroups.com), I'd like you to review this change to https://go.googlecode.com/hg/
9 years, 11 months ago (2012-10-08 18:31:00 UTC) #1
rsc
Even though it's trivial, a test or two would be nice. The deps_test changes are ...
9 years, 11 months ago (2012-10-09 15:43:28 UTC) #2
agl1
https://codereview.appspot.com/6632044/diff/2002/src/pkg/crypto/hmac/hmac.go File src/pkg/crypto/hmac/hmac.go (right): https://codereview.appspot.com/6632044/diff/2002/src/pkg/crypto/hmac/hmac.go#newcode10 src/pkg/crypto/hmac/hmac.go:10: Receivers should be careful to use Verify to compare ...
9 years, 11 months ago (2012-10-09 17:15:23 UTC) #3
mxk
On Tue, Oct 9, 2012 at 1:15 PM, <agl@golang.org> wrote: >> func Sign(h func() hash.Hash, ...
9 years, 11 months ago (2012-10-09 18:16:37 UTC) #4
agl1
On Tue, Oct 9, 2012 at 2:16 PM, Maxim Khitrov <max@mxcrypt.com> wrote: > // Verify ...
9 years, 11 months ago (2012-10-09 21:01:12 UTC) #5
rsc
LGTM It's fine to leave Sign and Verify out.
9 years, 11 months ago (2012-10-09 21:05:01 UTC) #6
agl1
9 years, 11 months ago (2012-10-11 19:28:23 UTC) #7
*** Submitted as http://code.google.com/p/go/source/detail?r=18dffd0c07b2 ***

crypto/hmac: add Equal function.

It was suggested that it's too easy to use crypto/hmac insecurely and
I think that has some merit. This change adds a Equal function to
make it obvious that MAC values should be compared in constant time.

R=rsc, max
CC=golang-dev
http://codereview.appspot.com/6632044
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b