Const time comparison (#8113)

* Use `subtle::slices_equal` for constant time comparison. Also update the existing version of subtle in `ethcrypto` from 0.1 to 0.5 * Test specifically for InvalidPassword error.
2018-03-14 15:41:35 +01:00
parent 322dfbcd78
commit 236692cfd5
6 changed files with 20 additions and 12 deletions
--- a/ethcrypto/src/lib.rs
+++ b/ethcrypto/src/lib.rs
@@ -308,7 +308,7 @@ pub mod ecies {
 		hmac.raw_result(&mut mac);

 		// constant time compare to avoid timing attack.
-		if ::subtle::arrays_equal(&mac[..], msg_mac) != 1 {
+		if ::subtle::slices_equal(&mac[..], msg_mac) != 1 {
 			return Err(Error::InvalidMessage);
 		}