diff options
author | Bart de Water <bartdewater@gmail.com> | 2019-11-03 10:30:19 -0500 |
---|---|---|
committer | Samuel Williams <samuel.williams@oriontransfer.co.nz> | 2019-11-04 06:56:24 +0900 |
commit | 2749ace27a39538fc48df601260427444f4f2769 (patch) | |
tree | 7dca430d0740266aeb64e4e7f61808aedf53307a /ext | |
parent | 664ba349e7a6995679e65db8deac6d11652f4697 (diff) | |
download | ruby-openssl-2749ace27a39538fc48df601260427444f4f2769.tar.gz |
Use fixed_length_secure_compare in HKDF example [ci skip]
Diffstat (limited to 'ext')
-rw-r--r-- | ext/openssl/ossl_kdf.c | 20 |
1 files changed, 2 insertions, 18 deletions
diff --git a/ext/openssl/ossl_kdf.c b/ext/openssl/ossl_kdf.c index ee124718..3d0e66b5 100644 --- a/ext/openssl/ossl_kdf.c +++ b/ext/openssl/ossl_kdf.c @@ -284,24 +284,8 @@ Init_ossl_kdf(void) * Typically, "==" short-circuits on evaluation, and is therefore * vulnerable to timing attacks. The proper way is to use a method that * always takes the same amount of time when comparing two values, thus - * not leaking any information to potential attackers. To compare two - * values, the following could be used: - * - * def eql_time_cmp(a, b) - * unless a.length == b.length - * return false - * end - * cmp = b.bytes - * result = 0 - * a.bytes.each_with_index {|c,i| - * result |= c ^ cmp[i] - * } - * result == 0 - * end - * - * Please note that the premature return in case of differing lengths - * typically does not leak valuable information - when using PBKDF2, the - * length of the values to be compared is of fixed size. + * not leaking any information to potential attackers. To do this, use + * +OpenSSL.fixed_length_secure_compare+. */ mKDF = rb_define_module_under(mOSSL, "KDF"); /* |