Closed ErwanLegrand closed 7 months ago
HMACSign::verify() introduces a side-channel which could possibly be exploited through timing attack. The issue is fixed by calling OpenSSL's contant-time comparison function, CRYPTO_memcmp().
HMACSign::verify() introduces a side-channel which could possibly be exploited through timing attack. The issue is fixed by calling OpenSSL's contant-time comparison function, CRYPTO_memcmp().