From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Original-To: poffice@blade.nagaokaut.ac.jp Delivered-To: poffice@blade.nagaokaut.ac.jp Received: from kankan.nagaokaut.ac.jp (kankan.nagaokaut.ac.jp [133.44.2.24]) by blade.nagaokaut.ac.jp (Postfix) with ESMTP id 7B64017CDDB8 for ; Sat, 23 Aug 2014 18:36:11 +0900 (JST) Received: from funfun.nagaokaut.ac.jp (smtp.nagaokaut.ac.jp [133.44.2.201]) by kankan.nagaokaut.ac.jp (Postfix) with ESMTP id 43050B5D8A6 for ; Sat, 23 Aug 2014 18:13:09 +0900 (JST) Received: from funfun.nagaokaut.ac.jp (localhost.nagaokaut.ac.jp [127.0.0.1]) by funfun.nagaokaut.ac.jp (Postfix) with ESMTP id 7538C97A826 for ; Sat, 23 Aug 2014 18:13:11 +0900 (JST) X-Virus-Scanned: amavisd-new at nagaokaut.ac.jp Authentication-Results: funfun.nagaokaut.ac.jp (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=sendgrid.me Received: from funfun.nagaokaut.ac.jp ([127.0.0.1]) by funfun.nagaokaut.ac.jp (funfun.nagaokaut.ac.jp [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E4SO-v0ERdQl for ; Sat, 23 Aug 2014 18:13:10 +0900 (JST) Received: from voscc.nagaokaut.ac.jp (voscc.nagaokaut.ac.jp [133.44.1.100]) by funfun.nagaokaut.ac.jp (Postfix) with ESMTP id C1B7897A820 for ; Sat, 23 Aug 2014 18:13:10 +0900 (JST) Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75]) by voscc.nagaokaut.ac.jp (Postfix) with ESMTP id 1EC6495243A for ; Sat, 23 Aug 2014 18:13:07 +0900 (JST) Received: from [221.186.184.76] (localhost [IPv6:::1]) by neon.ruby-lang.org (Postfix) with ESMTP id 3A56312046E; Sat, 23 Aug 2014 18:13:00 +0900 (JST) X-Original-To: ruby-core@ruby-lang.org Delivered-To: ruby-core@ruby-lang.org Received: from o10.shared.sendgrid.net (o10.shared.sendgrid.net [173.193.132.135]) by neon.ruby-lang.org (Postfix) with ESMTPS id 32430120466 for ; Sat, 23 Aug 2014 18:12:57 +0900 (JST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sendgrid.me; h=from:to:references:subject:mime-version:content-type:content-transfer-encoding:list-id; s=smtpapi; bh=mLIRo3FkeeJyKYHdH6+Ws4USlgA=; b=zOKdSynDfrni/fkgUg gG68gyx9PEPLX0e/hK1YvnplV7K8ZXi+Q5qykokxKgPr5/cFl5IESD3OPTfzqKud jZDCG/6K+/ynd2dyQMhs5yQ3aHvq1dx0loOf47sg9V4SscUhipncVBMUaaHULtXg qTxliqem6tMlmWdFeeK97FLf8= Received: by mf269.sendgrid.net with SMTP id mf269.25019.53F85B151B 2014-08-23 09:12:54.085954734 +0000 UTC Received: from herokuapp.com (ec2-54-197-66-205.compute-1.amazonaws.com [54.197.66.205]) by ismtpd-026.iad1.sendgrid.net (SG) with ESMTP id 1480223cdb0.5e98.3b0437 Sat, 23 Aug 2014 09:12:53 +0000 (GMT) Date: Sat, 23 Aug 2014 09:12:53 +0000 From: arrtchiu@gmail.com To: ruby-core@ruby-lang.org Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Redmine-MailingListIntegration-Message-Ids: 38687 X-Redmine-Project: ruby-trunk X-Redmine-Issue-Id: 10098 X-Redmine-Issue-Author: arrtchiu X-Redmine-Sender: arrtchiu X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: OOF Auto-Submitted: auto-generated X-SG-EID: ync6xU2WACa70kv/Ymy4QrNMhiuLXJG8OTL2vJD1yS6+BBj8QFP0eO3fg85DHAJsgHrPDVPPNs8T+VW0KJkTWEeLtWOJReamYSGTkc2oiQxWX/hTQqF+lzmWMJAs9zwEnVIpjjVha3cAoWbIysfd2CQHnLzcIPHRyuPm0l8+2zA= X-SendGrid-Contentd-ID: {"test_id":"1408785174"} X-ML-Name: ruby-core X-Mail-Count: 64508 Subject: [ruby-core:64508] [ruby-trunk - Feature #10098] [PATCH] Timing-safe string comparison for OpenSSL::HMAC X-BeenThere: ruby-core@ruby-lang.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: Ruby developers List-Id: Ruby developers List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: ruby-core-bounces@ruby-lang.org Sender: "ruby-core" Issue #10098 has been updated by Matt U. File 0001-add-timing-safe-string-compare-method.patch added Changelog: * Renamed `rb_tsafe_eql` => `rb_consttime_memequal`. * Renamed `rb_str_tsafe_eql` => `rb_str_consttime_bytes_eq`. * Renamed `tsafe_eql?` => `consttime_bytes_eq?`. * `rb_consttime_memequal` now has return type `int`. * Updated documentation to reflect that encodings are ignored, and removed reference to `eql?`. * Added tests to ensure timing safety (delta of 0.25 sec allowed to account for GC/system noise). * Build on Travis passing: https://travis-ci.org/ruby/ruby/builds/33351019 ---------------------------------------- Feature #10098: [PATCH] Timing-safe string comparison for OpenSSL::HMAC https://bugs.ruby-lang.org/issues/10098#change-48453 * Author: Matt U * Status: Open * Priority: Normal * Assignee: * Category: ext/openssl * Target version: next minor ---------------------------------------- I could be totally wrong, but it seems the standard library doesn't provide a reliable way of comparing hashes in constant-time. * The docs for `OpenSSL::HMAC` encourage the use of `Digest#to_s` (see: http://ruby-doc.org/stdlib-2.1.0/libdoc/openssl/rdoc/OpenSSL/HMAC.html#method-c-new ) * Ruby's string comparison uses memcmp, which isn't timing safe (see: http://rxr.whitequark.org/mri/source/string.c#2382 ) With this patch I propose to add an additional method, `OpenSSL::HMAC#verify`, which takes a binary string with a digest and compares it against the computed hash. ---Files-------------------------------- hmac-timing.patch (2.5 KB) hmac-timing.patch (2.48 KB) tsafe_eql.patch (2.48 KB) tsafe_inline.patch (3.51 KB) 0001-add-timing-safe-string-compare-method.patch (4.31 KB) -- https://bugs.ruby-lang.org/