From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Original-To: poffice@blade.nagaokaut.ac.jp Delivered-To: poffice@blade.nagaokaut.ac.jp Received: from kankan.nagaokaut.ac.jp (kankan.nagaokaut.ac.jp [133.44.2.24]) by blade.nagaokaut.ac.jp (Postfix) with ESMTP id F1B6617DB9B3 for ; Thu, 18 Sep 2014 19:09:48 +0900 (JST) Received: from funfun.nagaokaut.ac.jp (funfun.nagaokaut.ac.jp [133.44.2.201]) by kankan.nagaokaut.ac.jp (Postfix) with ESMTP id B0FC3B5D8C5 for ; Thu, 18 Sep 2014 18:50:34 +0900 (JST) Received: from funfun.nagaokaut.ac.jp (localhost.nagaokaut.ac.jp [127.0.0.1]) by funfun.nagaokaut.ac.jp (Postfix) with ESMTP id 21CD297A827 for ; Thu, 18 Sep 2014 18:50:36 +0900 (JST) X-Virus-Scanned: amavisd-new at nagaokaut.ac.jp Authentication-Results: funfun.nagaokaut.ac.jp (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=sendgrid.me Received: from funfun.nagaokaut.ac.jp ([127.0.0.1]) by funfun.nagaokaut.ac.jp (funfun.nagaokaut.ac.jp [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8tZQq9dSrzFY for ; Thu, 18 Sep 2014 18:50:35 +0900 (JST) Received: from voscc.nagaokaut.ac.jp (voscc.nagaokaut.ac.jp [133.44.1.100]) by funfun.nagaokaut.ac.jp (Postfix) with ESMTP id 8131B97A826 for ; Thu, 18 Sep 2014 18:50:35 +0900 (JST) Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75]) by voscc.nagaokaut.ac.jp (Postfix) with ESMTP id 3F9CD952446 for ; Thu, 18 Sep 2014 18:50:32 +0900 (JST) Received: from [221.186.184.76] (localhost [IPv6:::1]) by neon.ruby-lang.org (Postfix) with ESMTP id 144EB12045A; Thu, 18 Sep 2014 18:50:16 +0900 (JST) X-Original-To: ruby-core@ruby-lang.org Delivered-To: ruby-core@ruby-lang.org Received: from o2.heroku.sendgrid.net (o2.heroku.sendgrid.net [67.228.50.55]) by neon.ruby-lang.org (Postfix) with ESMTPS id B159E12044D for ; Thu, 18 Sep 2014 18:50:12 +0900 (JST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sendgrid.me; h=from:to:references:subject:mime-version:content-type:content-transfer-encoding:list-id; s=smtpapi; bh=mUT+9TN+zodkda0u8Ch6Qmu0gpk=; b=oilJFliJT70Dwp5RiF 3h/3RmF2N01KOdBNiTmsakFDAwCxrhriJzYWuFMkLoEfZn5W5gD9EsvmcdlDToIf /6tU7B7proQYTX1RBu7NdUabrQUT7glX9ixYR6EH8Cowwiohe5kgbiz7z2KpLEgW LoU+q7wBxSrtDw+gk96JOv6BU= Received: by mf157.sendgrid.net with SMTP id mf157.4735.541AAAD02B 2014-09-18 09:50:09.218593061 +0000 UTC Received: from herokuapp.com (ec2-54-92-153-156.compute-1.amazonaws.com [54.92.153.156]) by ismtpd-025.iad1.sendgrid.net (SG) with ESMTP id 148882b4056.66c2.108d6c0 Thu, 18 Sep 2014 09:50:09 +0000 (GMT) Date: Thu, 18 Sep 2014 09:50:08 +0000 From: arrtchiu@gmail.com To: ruby-core@ruby-lang.org Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Redmine-MailingListIntegration-Message-Ids: 39351 X-Redmine-Project: ruby-trunk X-Redmine-Issue-Id: 10098 X-Redmine-Issue-Author: arrtchiu X-Redmine-Sender: arrtchiu X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: OOF Auto-Submitted: auto-generated X-SG-EID: ync6xU2WACa70kv/Ymy4QrNMhiuLXJG8OTL2vJD1yS7DGdDvNEkJZG0BtZ0rL2cVaH1s7tv3czSBYPXjBkNhJdoh7LGLtldc35pNbVOyZq/xj1cdChCjjJUYgomRYePBme8S5SmC94Oyn2ag6NE7Nx2l1KV/orhUV0grQBvzbto= X-ML-Name: ruby-core X-Mail-Count: 65104 Subject: [ruby-core:65104] [ruby-trunk - Feature #10098] [PATCH] Timing-safe string comparison for OpenSSL::HMAC X-BeenThere: ruby-core@ruby-lang.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: Ruby developers List-Id: Ruby developers List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: ruby-core-bounces@ruby-lang.org Sender: "ruby-core" Issue #10098 has been updated by Matt U. Keen to hear feedback if any. Completely understand there are many more important tickets than this one, but it would be great to see this feature in MRI soon! Devise, one of the most popular frameworks currently implements a timing-safe string compare in Ruby manually: https://github.com/plataformatec/devise/blob/66db52ce31b5d8629f5813a1d7f03a8bc17e5d52/lib/devise.rb#L480-L488 ---------------------------------------- Feature #10098: [PATCH] Timing-safe string comparison for OpenSSL::HMAC https://bugs.ruby-lang.org/issues/10098#change-48961 * Author: Matt U * Status: Open * Priority: Normal * Assignee: * Category: ext/openssl * Target version: next minor ---------------------------------------- I could be totally wrong, but it seems the standard library doesn't provide a reliable way of comparing hashes in constant-time. * The docs for `OpenSSL::HMAC` encourage the use of `Digest#to_s` (see: http://ruby-doc.org/stdlib-2.1.0/libdoc/openssl/rdoc/OpenSSL/HMAC.html#method-c-new ) * Ruby's string comparison uses memcmp, which isn't timing safe (see: http://rxr.whitequark.org/mri/source/string.c#2382 ) With this patch I propose to add an additional method, `OpenSSL::HMAC#verify`, which takes a binary string with a digest and compares it against the computed hash. ---Files-------------------------------- hmac-timing.patch (2.5 KB) hmac-timing.patch (2.48 KB) tsafe_eql.patch (2.48 KB) tsafe_inline.patch (3.51 KB) 0001-add-timing-safe-string-compare-method.patch (4.31 KB) -- https://bugs.ruby-lang.org/