Project

General

Profile

Feature #10098

[PATCH] Timing-safe string comparison for OpenSSL::HMAC

Added by arrtchiu (Matt U) almost 6 years ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assignee:
openssl
Target version:
-
[ruby-core:64101]

Description

I could be totally wrong, but it seems the standard library doesn't provide a reliable way of comparing hashes in constant-time.

With this patch I propose to add an additional method, OpenSSL::HMAC#verify, which takes a binary string with a digest and compares it against the computed hash.


Files

hmac-timing.patch (2.5 KB) hmac-timing.patch arrtchiu (Matt U), 07/28/2014 02:58 PM
hmac-timing.patch (2.48 KB) hmac-timing.patch arrtchiu (Matt U), 07/28/2014 03:13 PM
tsafe_eql.patch (2.48 KB) tsafe_eql.patch arrtchiu (Matt U), 07/29/2014 03:56 AM
tsafe_inline.patch (3.51 KB) tsafe_inline.patch arrtchiu (Matt U), 07/29/2014 10:29 AM
0001-add-timing-safe-string-compare-method.patch (4.31 KB) 0001-add-timing-safe-string-compare-method.patch arrtchiu (Matt U), 08/23/2014 09:12 AM

Also available in: Atom PDF