From: naruse@... Date: 2019-02-07T07:40:36+00:00 Subject: [ruby-core:91459] [Ruby trunk Feature#10098] [PATCH] Timing-safe string comparison for OpenSSL::HMAC Issue #10098 has been updated by naruse (Yui NARUSE). Assignee changed from matz (Yukihiro Matsumoto) to openssl Status changed from Feedback to Assigned This feature is now considered up to @rhenium. ---------------------------------------- Feature #10098: [PATCH] Timing-safe string comparison for OpenSSL::HMAC https://bugs.ruby-lang.org/issues/10098#change-76720 * Author: arrtchiu (Matt U) * Status: Assigned * Priority: Normal * Assignee: openssl * Target version: ---------------------------------------- I could be totally wrong, but it seems the standard library doesn't provide a reliable way of comparing hashes in constant-time. * The docs for `OpenSSL::HMAC` encourage the use of `Digest#to_s` (see: http://ruby-doc.org/stdlib-2.1.0/libdoc/openssl/rdoc/OpenSSL/HMAC.html#method-c-new ) * Ruby's string comparison uses memcmp, which isn't timing safe (see: http://rxr.whitequark.org/mri/source/string.c#2382 ) With this patch I propose to add an additional method, `OpenSSL::HMAC#verify`, which takes a binary string with a digest and compares it against the computed hash. ---Files-------------------------------- hmac-timing.patch (2.5 KB) hmac-timing.patch (2.48 KB) tsafe_eql.patch (2.48 KB) tsafe_inline.patch (3.51 KB) 0001-add-timing-safe-string-compare-method.patch (4.31 KB) -- https://bugs.ruby-lang.org/ Unsubscribe: