Use constant time compare in HMAC example

author: Bart de Water <bartdewater@gmail.com> 2019-11-01 16:38:30 -0400
committer: Samuel Williams <samuel.williams@oriontransfer.co.nz> 2019-11-04 06:55:39 +0900
commit: 18a5b5e5ee6b937eccaab090eb4e5f82c8737fb7 (patch)
tree: c7cc9662c20ef5aea1faa0a61fd9d2b55b084c89 /ext/openssl/ossl_hmac.c
parent: 88745f6d66cb8125ab2a7851b925120a57a00ca5 (diff)
download: ruby-openssl-18a5b5e5ee6b937eccaab090eb4e5f82c8737fb7.tar.gz
1 files changed, 11 insertions, 9 deletions
diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c
index 564dcab5..757754cd 100644
--- a/ext/openssl/ossl_hmac.c
+++ b/ext/openssl/ossl_hmac.c
@@ -85,17 +85,19 @@ ossl_hmac_alloc(VALUE klass)
  * === A note about comparisons
  *
  * Two instances won't be equal when they're compared, even if they have the
- * same value. Use #to_s or #hexdigest to return the authentication code that
- * the instance represents. For example:
+ * same value. For example:
  *
  *	other_instance = OpenSSL::HMAC.new('key', OpenSSL::Digest.new('sha1'))
- *  	#=> f42bb0eeb018ebbd4597ae7213711ec60760843f
- *  	instance
- *  	#=> f42bb0eeb018ebbd4597ae7213711ec60760843f
- *  	instance == other_instance
- *  	#=> false
- *  	instance.to_s == other_instance.to_s
- *  	#=> true
+ *  #=> f42bb0eeb018ebbd4597ae7213711ec60760843f
+ *  instance
+ *  #=> f42bb0eeb018ebbd4597ae7213711ec60760843f
+ *  instance == other_instance
+ *  #=> false
+ *
+ * Use #digest and compare in constant time:
+ *
+ *	OpenSSL.fixed_length_secure_compare(instance.digest, other_instance.digest)
+ *	#=> true
  *
  */
 static VALUE
author	Bart de Water <bartdewater@gmail.com>	2019-11-01 16:38:30 -0400
committer	Samuel Williams <samuel.williams@oriontransfer.co.nz>	2019-11-04 06:55:39 +0900
commit	18a5b5e5ee6b937eccaab090eb4e5f82c8737fb7 (patch)
tree	c7cc9662c20ef5aea1faa0a61fd9d2b55b084c89 /ext/openssl/ossl_hmac.c
parent	88745f6d66cb8125ab2a7851b925120a57a00ca5 (diff)
download	ruby-openssl-18a5b5e5ee6b937eccaab090eb4e5f82c8737fb7.tar.gz