diff options
author | Bart de Water <bartdewater@gmail.com> | 2019-11-03 10:18:36 -0500 |
---|---|---|
committer | Samuel Williams <samuel.williams@oriontransfer.co.nz> | 2019-11-04 06:55:39 +0900 |
commit | 664ba349e7a6995679e65db8deac6d11652f4697 (patch) | |
tree | 1da70bf8dac72fd7ed14201101437ade9101cc87 /lib | |
parent | 18a5b5e5ee6b937eccaab090eb4e5f82c8737fb7 (diff) | |
download | ruby-openssl-664ba349e7a6995679e65db8deac6d11652f4697.tar.gz |
Make OpenSSL::HMAC#== compare in constant time instead of returning false
Diffstat (limited to 'lib')
-rw-r--r-- | lib/openssl.rb | 1 | ||||
-rw-r--r-- | lib/openssl/hmac.rb | 13 |
2 files changed, 14 insertions, 0 deletions
diff --git a/lib/openssl.rb b/lib/openssl.rb index ec143bc7..be296955 100644 --- a/lib/openssl.rb +++ b/lib/openssl.rb @@ -17,6 +17,7 @@ require_relative 'openssl/pkey' require_relative 'openssl/cipher' require_relative 'openssl/config' require_relative 'openssl/digest' +require_relative 'openssl/hmac' require_relative 'openssl/x509' require_relative 'openssl/ssl' require_relative 'openssl/pkcs5' diff --git a/lib/openssl/hmac.rb b/lib/openssl/hmac.rb new file mode 100644 index 00000000..3d442761 --- /dev/null +++ b/lib/openssl/hmac.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +module OpenSSL + class HMAC + # Securely compare with another HMAC instance in constant time. + def ==(other) + return false unless HMAC === other + return false unless self.digest.bytesize == other.digest.bytesize + + OpenSSL.fixed_length_secure_compare(self.digest, other.digest) + end + end +end |