-
Bug
-
Resolution: Fixed
-
P4
-
9
-
b128
-
x86_64
-
linux
-
Not verified
A DESCRIPTION OF THE PROBLEM :
The documentation for MessageDigest.isEqual claims to do a simple byte compare. However, it does a constant time comparison (in order to prevent side-channel leaks).
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Compares two digests for equality. Does a constant-time byte comparison.
ACTUAL -
Compares two digests for equality. Does a simple byte compare.
URL OF FAULTY DOCUMENTATION :
https://docs.oracle.com/javase/7/docs/api/java/security/MessageDigest.html#isEqual%28byte[],%20byte[]%29
The documentation for MessageDigest.isEqual claims to do a simple byte compare. However, it does a constant time comparison (in order to prevent side-channel leaks).
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Compares two digests for equality. Does a constant-time byte comparison.
ACTUAL -
Compares two digests for equality. Does a simple byte compare.
URL OF FAULTY DOCUMENTATION :
https://docs.oracle.com/javase/7/docs/api/java/security/MessageDigest.html#isEqual%28byte[],%20byte[]%29