From: aleksandrs@... Date: 2016-02-06T17:28:43+00:00 Subject: [ruby-core:73724] [Ruby trunk Feature#10098] [PATCH] Timing-safe string comparison for OpenSSL::HMAC Issue #10098 has been updated by Aleksandrs ��edovskis. Can someone clarify, what state is this feature in? Do we still need to get Matz's approval of String API change, or in light of Zachary's change "openssl" group gives the final call? ---------------------------------------- Feature #10098: [PATCH] Timing-safe string comparison for OpenSSL::HMAC https://bugs.ruby-lang.org/issues/10098#change-56910 * Author: Matt U * Status: Assigned * Priority: Normal * Assignee: openssl ---------------------------------------- I could be totally wrong, but it seems the standard library doesn't provide a reliable way of comparing hashes in constant-time. * The docs for `OpenSSL::HMAC` encourage the use of `Digest#to_s` (see: http://ruby-doc.org/stdlib-2.1.0/libdoc/openssl/rdoc/OpenSSL/HMAC.html#method-c-new ) * Ruby's string comparison uses memcmp, which isn't timing safe (see: http://rxr.whitequark.org/mri/source/string.c#2382 ) With this patch I propose to add an additional method, `OpenSSL::HMAC#verify`, which takes a binary string with a digest and compares it against the computed hash. ---Files-------------------------------- hmac-timing.patch (2.5 KB) hmac-timing.patch (2.48 KB) tsafe_eql.patch (2.48 KB) tsafe_inline.patch (3.51 KB) 0001-add-timing-safe-string-compare-method.patch (4.31 KB) -- https://bugs.ruby-lang.org/ Unsubscribe: