6863503: SECURITY: MessageDigest.isEqual introduces timing attack vulnerabilities
Reviewed-by: mullan, wetmore
--- a/src/share/classes/java/security/MessageDigest.java Mon Sep 14 11:46:16 2009 +0400
+++ b/src/share/classes/java/security/MessageDigest.java Thu Sep 24 22:50:41 2009 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright 1996-2006 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1996-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -414,16 +414,17 @@ public abstract class MessageDigest exte
*
* @return true if the digests are equal, false otherwise.
*/
- public static boolean isEqual(byte digesta[], byte digestb[]) {
- if (digesta.length != digestb.length)
+ public static boolean isEqual(byte[] digesta, byte[] digestb) {
+ if (digesta.length != digestb.length) {
return false;
-
+ }
+
+ int result = 0;
+ // time-constant comparison
for (int i = 0; i < digesta.length; i++) {
- if (digesta[i] != digestb[i]) {
- return false;
- }
- }
- return true;
+ result |= digesta[i] ^ digestb[i];
+ }
+ return result == 0;
}
/**