diff options
author | Bart de Water <bartdewater@gmail.com> | 2019-11-01 16:38:30 -0400 |
---|---|---|
committer | Samuel Williams <samuel.williams@oriontransfer.co.nz> | 2019-11-04 06:55:39 +0900 |
commit | 18a5b5e5ee6b937eccaab090eb4e5f82c8737fb7 (patch) | |
tree | c7cc9662c20ef5aea1faa0a61fd9d2b55b084c89 /ext/openssl/ossl_hmac.c | |
parent | 88745f6d66cb8125ab2a7851b925120a57a00ca5 (diff) | |
download | ruby-openssl-18a5b5e5ee6b937eccaab090eb4e5f82c8737fb7.tar.gz |
Use constant time compare in HMAC example
Diffstat (limited to 'ext/openssl/ossl_hmac.c')
-rw-r--r-- | ext/openssl/ossl_hmac.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c index 564dcab5..757754cd 100644 --- a/ext/openssl/ossl_hmac.c +++ b/ext/openssl/ossl_hmac.c @@ -85,17 +85,19 @@ ossl_hmac_alloc(VALUE klass) * === A note about comparisons * * Two instances won't be equal when they're compared, even if they have the - * same value. Use #to_s or #hexdigest to return the authentication code that - * the instance represents. For example: + * same value. For example: * * other_instance = OpenSSL::HMAC.new('key', OpenSSL::Digest.new('sha1')) - * #=> f42bb0eeb018ebbd4597ae7213711ec60760843f - * instance - * #=> f42bb0eeb018ebbd4597ae7213711ec60760843f - * instance == other_instance - * #=> false - * instance.to_s == other_instance.to_s - * #=> true + * #=> f42bb0eeb018ebbd4597ae7213711ec60760843f + * instance + * #=> f42bb0eeb018ebbd4597ae7213711ec60760843f + * instance == other_instance + * #=> false + * + * Use #digest and compare in constant time: + * + * OpenSSL.fixed_length_secure_compare(instance.digest, other_instance.digest) + * #=> true * */ static VALUE |