[issue40791] hmac.compare_digest could try harder to be constant-time.
Christian Heimes
report at bugs.python.org
Wed May 27 12:14:21 EDT 2020
Christian Heimes <lists at cheimes.de> added the comment:
GPS, I got you covered :)
CRYPTO_memcmp() was on my TODO list for a while. Thanks for nagging me.
_operator is a built-in module. I don't want to add libcrypto dependency to libpython. I copied the code, made some adjustments and added it to _hashopenssl.c.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue40791>
_______________________________________
More information about the Python-bugs-list
mailing list