ssh/agent: remove len check in Unlock

ALTree · hanwen · commit db7d12313a59 · 2018-04-30T11:26:54.000Z
Unlock compares the length of the passphrase with the given one before calling subtle.ConstantTimeCompare. This is redundant, since ConstantTimeCompare already perform a lengths check before doing anything. Remove the check from Unlock. Updates golang/go#25173 Change-Id: Ib5fec3a94392bddf2996f5c6bf5a414529e86f2f Reviewed-on: https://go-review.googlesource.com/110068 Run-TryBot: Alberto Donizetti <alb.donizetti@gmail.com> Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
diff --git a/ssh/agent/keyring.go b/ssh/agent/keyring.go
@@ -102,7 +102,7 @@ func (r *keyring) Unlock(passphrase []byte) error {
 	if !r.locked {
 		return errors.New("agent: not locked")
 	}
-	if len(passphrase) != len(r.passphrase) || 1 != subtle.ConstantTimeCompare(passphrase, r.passphrase) {
+	if 1 != subtle.ConstantTimeCompare(passphrase, r.passphrase) {
 		return fmt.Errorf("agent: incorrect passphrase")
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -102,7 +102,7 @@ func (r *keyring) Unlock(passphrase []byte) error {`
`102`	`102`	`if !r.locked {`
`103`	`103`	`return errors.New("agent: not locked")`
`104`	`104`	`}`
`105`		`- if len(passphrase) != len(r.passphrase) \|\| 1 != subtle.ConstantTimeCompare(passphrase, r.passphrase) {`
	`105`	`+ if 1 != subtle.ConstantTimeCompare(passphrase, r.passphrase) {`
`106`	`106`	`return fmt.Errorf("agent: incorrect passphrase")`
`107`	`107`	`}`
`108`	`108`