diff options
author | Predrag Gruevski <predrag@kensho.com> | 2015-09-21 18:51:47 -0400 |
---|---|---|
committer | Predrag Gruevski <predrag@kensho.com> | 2015-09-23 10:41:48 -0400 |
commit | 57f3b3fdc5056d85946b2b9ca89e1b8f88cb8ff8 (patch) | |
tree | 5ebbc34407ba7932f937d41935953eae793dca61 | |
parent | 9bcad79b327b58af8f8ca538184dbeda233b5f6b (diff) | |
download | cryptography-57f3b3fdc5056d85946b2b9ca89e1b8f88cb8ff8.tar.gz cryptography-57f3b3fdc5056d85946b2b9ca89e1b8f88cb8ff8.tar.bz2 cryptography-57f3b3fdc5056d85946b2b9ca89e1b8f88cb8ff8.zip |
SubjectKeyIdentifier equality now uses constant-time digest comparison.
-rw-r--r-- | src/cryptography/x509/extensions.py | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py index 803d7ec5..6f3cad6d 100644 --- a/src/cryptography/x509/extensions.py +++ b/src/cryptography/x509/extensions.py @@ -15,7 +15,7 @@ from pyasn1.type import namedtype, univ import six from cryptography import utils -from cryptography.hazmat.primitives import serialization +from cryptography.hazmat.primitives import serialization, constant_time from cryptography.x509.general_name import GeneralName, IPAddress, OtherName from cryptography.x509.name import Name from cryptography.x509.oid import ( @@ -193,9 +193,7 @@ class SubjectKeyIdentifier(object): if not isinstance(other, SubjectKeyIdentifier): return NotImplemented - return ( - self.digest == other.digest - ) + return constant_time.bytes_eq(self.digest, other.digest) def __ne__(self, other): return not self == other |