Closed danstiner closed 3 years ago
See https://security.stackexchange.com/questions/74547/timing-attack-against-hmac-in-authenticated-encryption for context.
Instead of the current loop: https://github.com/Glimesh/janus-ftl-plugin/blob/ab5b74ba90f4e1877d9b43124d675ca7501a6a49/src/FtlControlConnection.cpp#L225-L241
We should do something like:
bool match = (bufferLength == hmacHash.size()) && (CRYPTO_memcmp(buffer, hmacHash.data(), hmacHash.size()) == 0);
See also https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying#Verifying_HMAC
This is basically impossible to exploit because we only allow one try before closing the connection (and the new connection will have a new challenge nonce), so I'm not going to follow any responsible disclosure rules.
See https://security.stackexchange.com/questions/74547/timing-attack-against-hmac-in-authenticated-encryption for context.
Instead of the current loop: https://github.com/Glimesh/janus-ftl-plugin/blob/ab5b74ba90f4e1877d9b43124d675ca7501a6a49/src/FtlControlConnection.cpp#L225-L241
We should do something like:
See also https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying#Verifying_HMAC
This is basically impossible to exploit because we only allow one try before closing the connection (and the new connection will have a new challenge nonce), so I'm not going to follow any responsible disclosure rules.