mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-10 12:58:50 +03:00
6fde3632ef
The vendor/ folder was created with the help of @FiloSottile's gvt and vendorcheck. Any dependencies of Caddy plugins outside this repo are not vendored. We do not remove any unused, vendored packages because vendorcheck -u only checks using the current build configuration; i.e. packages that may be imported by files toggled by build tags of other systems. CI tests have been updated to ignore the vendor/ folder. When Go 1.9 is released, a few of the go commands should be revised to again use ./... as it will ignore the vendor folder by default.
18 lines
454 B
Go
18 lines
454 B
Go
package basic
|
|
|
|
import (
|
|
"crypto/sha1"
|
|
"crypto/subtle"
|
|
)
|
|
|
|
func constantTimeEquals(a string, b string) bool {
|
|
// compare SHA-1 as a gatekeeper in constant time
|
|
// then check that we didn't get by because of a collision
|
|
aSha := sha1.Sum([]byte(a))
|
|
bSha := sha1.Sum([]byte(b))
|
|
if subtle.ConstantTimeCompare(aSha[:], bSha[:]) == 1 {
|
|
// yes, this bit isn't constant, but you had to make a Sha1 collision to get here
|
|
return a == b
|
|
}
|
|
return false
|
|
}
|