Closed ErwanLegrand closed 9 months ago
HMACSign::verify() introduces a side-channel which could possibly be exploited through timing attack. The issue is fixed by calling OpenSSL's contant-time comparison function, CRYPTO_memcmp().
HMACSign::verify() introduces a side-channel which could possibly be exploited through timing attack. The issue is fixed by calling OpenSSL's contant-time comparison function, CRYPTO_memcmp().