diff options
author | Bart de Water <bartdewater@gmail.com> | 2019-11-03 10:18:36 -0500 |
---|---|---|
committer | Samuel Williams <samuel.williams@oriontransfer.co.nz> | 2019-11-04 06:55:39 +0900 |
commit | 664ba349e7a6995679e65db8deac6d11652f4697 (patch) | |
tree | 1da70bf8dac72fd7ed14201101437ade9101cc87 /ext | |
parent | 18a5b5e5ee6b937eccaab090eb4e5f82c8737fb7 (diff) | |
download | ruby-openssl-664ba349e7a6995679e65db8deac6d11652f4697.tar.gz |
Make OpenSSL::HMAC#== compare in constant time instead of returning false
Diffstat (limited to 'ext')
-rw-r--r-- | ext/openssl/ossl_hmac.c | 12 |
1 files changed, 2 insertions, 10 deletions
diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c index 757754cd..2ac2e5c6 100644 --- a/ext/openssl/ossl_hmac.c +++ b/ext/openssl/ossl_hmac.c @@ -84,20 +84,12 @@ ossl_hmac_alloc(VALUE klass) * * === A note about comparisons * - * Two instances won't be equal when they're compared, even if they have the - * same value. For example: + * Two instances can be securely compared with #== in constant time: * * other_instance = OpenSSL::HMAC.new('key', OpenSSL::Digest.new('sha1')) * #=> f42bb0eeb018ebbd4597ae7213711ec60760843f - * instance - * #=> f42bb0eeb018ebbd4597ae7213711ec60760843f * instance == other_instance - * #=> false - * - * Use #digest and compare in constant time: - * - * OpenSSL.fixed_length_secure_compare(instance.digest, other_instance.digest) - * #=> true + * #=> true * */ static VALUE |