Merge pull request #2360 from obi1kenobi/master SubjectKeyIdentifier equality now uses constant-time digest comparison.

commit: b99a359f1b855037af581379c35ae32b89bc25fa [log] [tgz]
author: Paul Kehrer <paul.l.kehrer@gmail.com> Wed Sep 23 10:41:26 2015 -0500
committer: Paul Kehrer <paul.l.kehrer@gmail.com> Wed Sep 23 10:41:26 2015 -0500
tree: 08419946763e8e4dc7d593c5594ab24c39bb3c9f
parent: 9bcad79b327b58af8f8ca538184dbeda233b5f6b [diff]
parent: 3899539efdf5c3cc9ef31a852d486244ddd21bad [diff]
diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py
index 803d7ec..cd75ecd 100644
--- a/src/cryptography/x509/extensions.py
+++ b/src/cryptography/x509/extensions.py

@@ -15,7 +15,7 @@
 import six
 
 from cryptography import utils
-from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives import constant_time, serialization
 from cryptography.x509.general_name import GeneralName, IPAddress, OtherName
 from cryptography.x509.name import Name
 from cryptography.x509.oid import (
@@ -193,9 +193,7 @@
         if not isinstance(other, SubjectKeyIdentifier):
             return NotImplemented
 
-        return (
-            self.digest == other.digest
-        )
+        return constant_time.bytes_eq(self.digest, other.digest)
 
     def __ne__(self, other):
         return not self == other
commit	b99a359f1b855037af581379c35ae32b89bc25fa	[log] [tgz]
author	Paul Kehrer <paul.l.kehrer@gmail.com>	Wed Sep 23 10:41:26 2015 -0500
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	Wed Sep 23 10:41:26 2015 -0500
tree	08419946763e8e4dc7d593c5594ab24c39bb3c9f
parent	9bcad79b327b58af8f8ca538184dbeda233b5f6b [diff]
parent	3899539efdf5c3cc9ef31a852d486244ddd21bad [diff]