From 2749ace27a39538fc48df601260427444f4f2769 Mon Sep 17 00:00:00 2001
From: Bart de Water <bartdewater@gmail.com>
Date: Sun, 3 Nov 2019 10:30:19 -0500
Subject: Use fixed_length_secure_compare in HKDF example [ci skip]

---
 ext/openssl/ossl_kdf.c | 20 ++------------------
 1 file changed, 2 insertions(+), 18 deletions(-)

(limited to 'ext/openssl/ossl_kdf.c')

diff --git a/ext/openssl/ossl_kdf.c b/ext/openssl/ossl_kdf.c
index ee124718..3d0e66b5 100644
--- a/ext/openssl/ossl_kdf.c
+++ b/ext/openssl/ossl_kdf.c
@@ -284,24 +284,8 @@ Init_ossl_kdf(void)
      * Typically, "==" short-circuits on evaluation, and is therefore
      * vulnerable to timing attacks. The proper way is to use a method that
      * always takes the same amount of time when comparing two values, thus
-     * not leaking any information to potential attackers. To compare two
-     * values, the following could be used:
-     *
-     *   def eql_time_cmp(a, b)
-     *     unless a.length == b.length
-     *       return false
-     *     end
-     *     cmp = b.bytes
-     *     result = 0
-     *     a.bytes.each_with_index {|c,i|
-     *       result |= c ^ cmp[i]
-     *     }
-     *     result == 0
-     *   end
-     *
-     * Please note that the premature return in case of differing lengths
-     * typically does not leak valuable information - when using PBKDF2, the
-     * length of the values to be compared is of fixed size.
+     * not leaking any information to potential attackers. To do this, use
+     * +OpenSSL.fixed_length_secure_compare+.
      */
     mKDF = rb_define_module_under(mOSSL, "KDF");
     /*
-- 
cgit v1.2.3