diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-09-23 10:41:26 -0500 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-09-23 10:41:26 -0500 |
commit | b99a359f1b855037af581379c35ae32b89bc25fa (patch) | |
tree | 08419946763e8e4dc7d593c5594ab24c39bb3c9f /src | |
parent | 9bcad79b327b58af8f8ca538184dbeda233b5f6b (diff) | |
parent | 3899539efdf5c3cc9ef31a852d486244ddd21bad (diff) | |
download | cryptography-b99a359f1b855037af581379c35ae32b89bc25fa.tar.gz cryptography-b99a359f1b855037af581379c35ae32b89bc25fa.tar.bz2 cryptography-b99a359f1b855037af581379c35ae32b89bc25fa.zip |
Merge pull request #2360 from obi1kenobi/master
SubjectKeyIdentifier equality now uses constant-time digest comparison.
Diffstat (limited to 'src')
-rw-r--r-- | src/cryptography/x509/extensions.py | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py index 803d7ec5..cd75ecdc 100644 --- a/src/cryptography/x509/extensions.py +++ b/src/cryptography/x509/extensions.py @@ -15,7 +15,7 @@ from pyasn1.type import namedtype, univ import six from cryptography import utils -from cryptography.hazmat.primitives import serialization +from cryptography.hazmat.primitives import constant_time, serialization from cryptography.x509.general_name import GeneralName, IPAddress, OtherName from cryptography.x509.name import Name from cryptography.x509.oid import ( @@ -193,9 +193,7 @@ class SubjectKeyIdentifier(object): if not isinstance(other, SubjectKeyIdentifier): return NotImplemented - return ( - self.digest == other.digest - ) + return constant_time.bytes_eq(self.digest, other.digest) def __ne__(self, other): return not self == other |