This is an automated email from the ASF dual-hosted git repository.
zeroshade pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow-go.git
The following commit(s) were added to refs/heads/main by this push:
new 5897dbd4 chore(parquet/metadata): use constant time compare for
signature verify (#528)
5897dbd4 is described below
commit 5897dbd49c959b9a99b054ce0cfcc4047552c2b7
Author: Matt Topol <[email protected]>
AuthorDate: Fri Oct 3 15:07:52 2025 +0200
chore(parquet/metadata): use constant time compare for signature verify
(#528)
### Rationale for this change
Doesn't hurt to use a timing resistant comparison for verifying the
signature despite the fact that there isn't really a way to exploit it.
### What changes are included in this PR?
Switch `bytes.Equal` to `subtle.ConstantTimeCompare`.
### Are these changes tested?
Existing unit tests cover it.
### Are there any user-facing changes?
No
---
parquet/metadata/file.go | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/parquet/metadata/file.go b/parquet/metadata/file.go
index 95d3813b..0c043f84 100644
--- a/parquet/metadata/file.go
+++ b/parquet/metadata/file.go
@@ -19,6 +19,7 @@ package metadata
import (
"bytes"
"context"
+ "crypto/subtle"
"fmt"
"io"
"reflect"
@@ -481,7 +482,7 @@ func (f *FileMetaData) VerifySignature(signature []byte)
bool {
var buf bytes.Buffer
buf.Grow(enc.CiphertextSizeDelta() + len(data))
encryptedLen := enc.SignedFooterEncrypt(&buf, data, []byte(key),
[]byte(aad), nonce)
- return bytes.Equal(buf.Bytes()[encryptedLen-encryption.GcmTagLength:],
tag)
+ return
subtle.ConstantTimeCompare(buf.Bytes()[encryptedLen-encryption.GcmTagLength:],
tag) == 1
}
// WriteTo will serialize and write out this file metadata, encrypting it if
