From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ruby-core-bounces@ruby-lang.org>
X-Original-To: poffice@blade.nagaokaut.ac.jp
Delivered-To: poffice@blade.nagaokaut.ac.jp
Received: from kankan.nagaokaut.ac.jp (kankan.nagaokaut.ac.jp [133.44.2.24])
	by blade.nagaokaut.ac.jp (Postfix) with ESMTP id 8BACE17D06B7
	for <poffice@blade.nagaokaut.ac.jp>; Tue, 29 Jul 2014 15:10:26 +0900 (JST)
Received: from funfun.nagaokaut.ac.jp (smtp.nagaokaut.ac.jp [133.44.2.201])
	by kankan.nagaokaut.ac.jp (Postfix) with ESMTP id 490C0B5D86B
	for <poffice@blade.nagaokaut.ac.jp>; Tue, 29 Jul 2014 14:48:13 +0900 (JST)
Received: from funfun.nagaokaut.ac.jp (localhost.nagaokaut.ac.jp [127.0.0.1])
	by funfun.nagaokaut.ac.jp (Postfix) with ESMTP id 0FCCB97A820
	for <poffice@blade.nagaokaut.ac.jp>; Tue, 29 Jul 2014 14:48:15 +0900 (JST)
X-Virus-Scanned: amavisd-new at nagaokaut.ac.jp
Authentication-Results: funfun.nagaokaut.ac.jp (amavisd-new);
	dkim=fail (1024-bit key) reason="fail (message has been altered)"
	header.d=sendgrid.me
Received: from funfun.nagaokaut.ac.jp ([127.0.0.1])
	by funfun.nagaokaut.ac.jp (funfun.nagaokaut.ac.jp [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id b9ZYBGlHm6cn for <poffice@blade.nagaokaut.ac.jp>;
	Tue, 29 Jul 2014 14:48:14 +0900 (JST)
Received: from voscc.nagaokaut.ac.jp (voscc.nagaokaut.ac.jp [133.44.1.100])
	by funfun.nagaokaut.ac.jp (Postfix) with ESMTP id 5AD7897A83C
	for <poffice@blade.nagaokaut.ac.jp>; Tue, 29 Jul 2014 14:48:14 +0900 (JST)
Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75])
	by voscc.nagaokaut.ac.jp (Postfix) with ESMTP id 81E0695243E
	for <poffice@blade.nagaokaut.ac.jp>; Tue, 29 Jul 2014 14:48:11 +0900 (JST)
Received: from [221.186.184.76] (localhost [IPv6:::1])
	by neon.ruby-lang.org (Postfix) with ESMTP id 00BDC120434;
	Tue, 29 Jul 2014 14:48:01 +0900 (JST)
X-Original-To: ruby-core@ruby-lang.org
Delivered-To: ruby-core@ruby-lang.org
Received: from o10.shared.sendgrid.net (o10.shared.sendgrid.net
 [173.193.132.135])
 by neon.ruby-lang.org (Postfix) with ESMTPS id 3289412041F
 for <ruby-core@ruby-lang.org>; Tue, 29 Jul 2014 14:47:59 +0900 (JST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sendgrid.me; 
 h=from:to:references:subject:mime-version:content-type:content-transfer-encoding:list-id;
 s=smtpapi; bh=1U8jhr/MIINCcAnm/42TIY5kPXs=; b=gi0tX0iE6L4P28BX6U
 fzNjiGJnfgYBgsLY9vW6VUean+WGs7U/Xx5iROqQ3wlt3XkAjkpw8shwWQZup5nV
 S4uoBatiYOkKjDZMGrZZgKyMiPoOVdrbEtwGlRKs8tVJ++wgEmBCTycT8PrNt3Ri
 UgMv7jC+wchwtU62/TVWz5A5c=
Received: by mf192.sendgrid.net with SMTP id mf192.37893.53D7358C26
 2014-07-29 05:47:56.656675093 +0000 UTC
Received: from herokuapp.com (ec2-54-225-22-25.compute-1.amazonaws.com
 [54.225.22.25])
 by ismtpd-003.iad1.sendgrid.net (SG) with ESMTP id 14780a8cdc3.115b.247473
 Tue, 29 Jul 2014 05:47:32 +0000 (GMT)
Date: Tue, 29 Jul 2014 05:47:31 +0000
From: nobu@ruby-lang.org
To: ruby-core@ruby-lang.org
Message-ID: <redmine.journal-48124.20140729054731.ceb514c4dab2aa51@ruby-lang.org>
References: <redmine.issue-10098.20140728145821@ruby-lang.org>
Mime-Version: 1.0
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Redmine-MailingListIntegration-Message-Ids: 38271
X-Redmine-Project: ruby-trunk
X-Redmine-Issue-Id: 10098
X-Redmine-Issue-Author: arrtchiu
X-Redmine-Sender: nobu
X-Mailer: Redmine
X-Redmine-Host: bugs.ruby-lang.org
X-Redmine-Site: Ruby Issue Tracking System
X-Auto-Response-Suppress: OOF
Auto-Submitted: auto-generated
X-SG-EID: ync6xU2WACa70kv/Ymy4QrNMhiuLXJG8OTL2vJD1yS5fJ8SaP2TrekFG8cTosylBnz4dx9VmrJ9whzyiRf9wjD0Hk0S7Ia+8/9xT2bAsyAutNwVTPRh7hCWYDPho6LV/FBmgkHK5ddAVBnannpXzV1+RPkSSW2RfRoeNxtbOvuU=
X-ML-Name: ruby-core
X-Mail-Count: 64113
Subject: [ruby-core:64113] [ruby-trunk - Feature #10098] [PATCH] Timing-safe
 string comparison for OpenSSL::HMAC
X-BeenThere: ruby-core@ruby-lang.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Ruby developers <ruby-core@ruby-lang.org>
List-Id: Ruby developers <ruby-core.ruby-lang.org>
List-Unsubscribe: <http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>, 
 <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
List-Post: <mailto:ruby-core@ruby-lang.org>
List-Help: <mailto:ruby-core-request@ruby-lang.org?subject=help>
List-Subscribe: <http://lists.ruby-lang.org/cgi-bin/mailman/listinfo/ruby-core>, 
 <mailto:ruby-core-request@ruby-lang.org?subject=subscribe>
Errors-To: ruby-core-bounces@ruby-lang.org
Sender: "ruby-core" <ruby-core-bounces@ruby-lang.org>

Issue #10098 has been updated by Nobuyoshi Nakada.


According to http://www.tedunangst.com/flak/post/notes-on-timingsafe-memcmp,
OpenBSD has `timingsafe_memcmp()`, and NetBSD has `consttime_memequal()`.


----------------------------------------
Feature #10098: [PATCH] Timing-safe string comparison for OpenSSL::HMAC
https://bugs.ruby-lang.org/issues/10098#change-48124

* Author: Matt U
* Status: Open
* Priority: Normal
* Assignee: 
* Category: ext/openssl
* Target version: next minor
----------------------------------------
I could be totally wrong, but it seems the standard library doesn't provide a reliable way of comparing hashes in constant-time.

* The docs for `OpenSSL::HMAC` encourage the use of `Digest#to_s` (see: http://ruby-doc.org/stdlib-2.1.0/libdoc/openssl/rdoc/OpenSSL/HMAC.html#method-c-new )
* Ruby's string comparison uses memcmp, which isn't timing safe (see: http://rxr.whitequark.org/mri/source/string.c#2382 )

With this patch I propose to add an additional method, `OpenSSL::HMAC#verify`, which takes a binary string with a digest and compares it against the computed hash.


---Files--------------------------------
hmac-timing.patch (2.5 KB)
hmac-timing.patch (2.48 KB)
tsafe_eql.patch (2.48 KB)


-- 
https://bugs.ruby-lang.org/