[ruby-core:77427] [Ruby trunk Feature#10098] [PATCH] Timing-safe string comparison for OpenSSL::HMAC
From:
zn@...
Date:
2016-09-27 12:44:40 UTC
List:
ruby-core #77427
Issue #10098 has been updated by Kazuhiro NISHIYAMA. Rack and Rails uses `secure_compare`. - http://www.rubydoc.info/github/rack/rack/Rack/Utils.secure_compare - http://api.rubyonrails.org/classes/ActiveSupport/SecurityUtils.html#method-c-secure_compare ---------------------------------------- Feature #10098: [PATCH] Timing-safe string comparison for OpenSSL::HMAC https://bugs.ruby-lang.org/issues/10098#change-60685 * Author: Matt U * Status: Feedback * Priority: Normal * Assignee: Yukihiro Matsumoto ---------------------------------------- I could be totally wrong, but it seems the standard library doesn't provide a reliable way of comparing hashes in constant-time. * The docs for `OpenSSL::HMAC` encourage the use of `Digest#to_s` (see: http://ruby-doc.org/stdlib-2.1.0/libdoc/openssl/rdoc/OpenSSL/HMAC.html#method-c-new ) * Ruby's string comparison uses memcmp, which isn't timing safe (see: http://rxr.whitequark.org/mri/source/string.c#2382 ) With this patch I propose to add an additional method, `OpenSSL::HMAC#verify`, which takes a binary string with a digest and compares it against the computed hash. ---Files-------------------------------- hmac-timing.patch (2.5 KB) hmac-timing.patch (2.48 KB) tsafe_eql.patch (2.48 KB) tsafe_inline.patch (3.51 KB) 0001-add-timing-safe-string-compare-method.patch (4.31 KB) -- https://bugs.ruby-lang.org/ Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe> <http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>