Fixed constant-time comparison in Digest.

jonasfj · jonasfj · commit 22c1af162171 · 2019-09-10T16:40:24.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,6 @@
+## 2.1.3
+  * **Security vulnerability**: Fixed constant-time comparison in `Digest`.
+
 ## 2.1.2
   * Fix bug in SHA-2 384/512 blocksize.
   * Added HMAC-SHA-2 test vectors
diff --git a/lib/src/digest.dart b/lib/src/digest.dart
@@ -17,8 +17,22 @@ class Digest {
   /// This should be used instead of manual comparisons to avoid leaking
   /// information via timing.
   @override
-  bool operator ==(Object other) =>
-      other is Digest && const ListEquality().equals(bytes, other.bytes);
+  bool operator ==(Object other) {
+    if (other is Digest) {
+      final a = bytes;
+      final b = other.bytes;
+      if (a.length != b.length) {
+        return false;
+      }
+      final n = a.length;
+      int mismatch = 0;
+      for (int i = 0; i < n; i++) {
+        mismatch |= a[i] ^ b[i];
+      }
+      return mismatch == 0;
+    }
+    return false;
+  }
 
   @override
   int get hashCode => const ListEquality().hash(bytes);
diff --git a/pubspec.yaml b/pubspec.yaml
@@ -1,5 +1,5 @@
 name: crypto
-version: 2.1.2
+version: 2.1.3
 author: Dart Team <misc@dartlang.org>
 description: Library of cryptographic functions.
 homepage: https://www.github.com/dart-lang/crypto
