Issue #10098 has been updated by cremno phobia.


Matt U wrote:
> - Since Ruby has only the one `String` class for text and data, I think it does make sense to keep this method on the `String` class.

I agree with you!

> - The behaviour you've demonstrated is intended, we care about the bytes in the buffer; not the encoding.
> - Name and documentation is terrible, I agree :)

Then that encoding will be ignored has to be mentioned in the documentation. What happens if the length of both strings differ, too.

I don't know yet how I feel about (silently) ignoring encoding. Maybe only `ASCII-8BIT` strings should be allowed? But having `bytes` in the name is good anyway! Naming things is hard. I don't have a better idea either (`timingsafe_bytecmp?`, but there's also `casecmp`.

Are there any gems for this or is such a method part of one?

----------------------------------------
Feature #10098: [PATCH] Timing-safe string comparison for OpenSSL::HMAC
https://bugs.ruby-lang.org/issues/10098#change-48135

* Author: Matt U
* Status: Open
* Priority: Normal
* Assignee: 
* Category: ext/openssl
* Target version: next minor
----------------------------------------
I could be totally wrong, but it seems the standard library doesn't provideeliable way of comparing hashes in constant-time.

* The docs for `OpenSSL::HMAC` encourage the use of `Digest#to_s` (see: http://ruby-doc.org/stdlib-2.1.0/libdoc/openssl/rdoc/OpenSSL/HMAC.html#method-c-new )
* Ruby's string comparison uses memcmp, which isn't timing safe (see: http://rxr.whitequark.org/mri/source/string.c#2382 )

With this patch I propose to add an additional method, `OpenSSL::HMAC#verify`, which takes a binary string with a digest and compares it against the computed hash.


---Files--------------------------------
hmac-timing.patch (2.5 KB)
hmac-timing.patch (2.48 KB)
tsafe_eql.patch (2.48 KB)
tsafe_inline.patch (3.51 KB)


-- 
https://bugs.ruby-lang.org/