crypto/hmac package. New() creates HMAC with a key. Equal() provides constant-time comparison. Using == instead of Equal() for MAC verification is a timing attack.
.Equal()SanitizerEqual(mac1, mac2 []byte) bool
Constant-time comparison. Use this instead of bytes.Equal for MAC verification.
.New()NeutralNew(h func() hash.Hash, key []byte) hash.Hash
Creates new HMAC. Safe when using strong hash (sha256, sha512).
| FQN | Field | |
|---|---|---|
| crypto/hmac | fqns[0] |
Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.
// standard library — no go.mod entry required
from codepathfinder.go_rule import GoCryptoHMAC