Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:76983
Return-Path: <dunglas@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 91616 invoked from network); 31 Aug 2014 10:59:26 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 31 Aug 2014 10:59:26 -0000
Authentication-Results: pb1.pair.com smtp.mail=dunglas@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=dunglas@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.217.174 as permitted sender)
X-PHP-List-Original-Sender: dunglas@gmail.com
X-Host-Fingerprint: 209.85.217.174 mail-lb0-f174.google.com  
Received: from [209.85.217.174] ([209.85.217.174:37914] helo=mail-lb0-f174.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 27/60-22700-D0003045 for <internals@lists.php.net>; Sun, 31 Aug 2014 06:59:26 -0400
Received: by mail-lb0-f174.google.com with SMTP id p9so4543316lbv.5
        for <internals@lists.php.net>; Sun, 31 Aug 2014 03:59:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:from:date:message-id:subject:to:content-type;
        bh=/muSHV5iqntl4sXfmYybVmUHZ/iMjK29jnufFxgRoFM=;
        b=OZx84QieZuatGfs1AZfgcomv0lsDeuIF7jePv6jT+8WVJciLRtcrqeqsEpdH5+Yind
         42jpLoaRJL0zrpaju8UL+EiyBMGOH2o0hsS/s6xgBVL61tanqcmWQH6K5/jj149QejCB
         Y+ioVebw4jQOoC+CIBZc2Lp78MM1obTaBMl+F1RrUxB0pEvVctvak3TFMB4hDdA7R0nM
         F0T461gFCZaOikR0+h6h1dsU5R70cT9Ch7YwFFg8ItskFRXqTRluH0Dq8Id9QfaP2Lhv
         9/M7YSWWW329QB8dGJ6duQi0xdW2VBcaM7iSk+VWfDPTtFmeGpUDe4BXicc7Cjf6rHBA
         /iSw==
X-Received: by 10.152.37.168 with SMTP id z8mr7913838laj.24.1409482761414;
 Sun, 31 Aug 2014 03:59:21 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.114.161.164 with HTTP; Sun, 31 Aug 2014 03:59:01 -0700 (PDT)
Date: Sun, 31 Aug 2014 12:59:01 +0200
Message-ID: <CAOv1iQYUW6N4SMmVQqxsSBVpePe8OzOwgo1D35uFNB2PzSigHQ@mail.gmail.com>
To: internals@lists.php.net
Content-Type: multipart/alternative; boundary=089e014941fa4faf250501eac7b1
Subject: hash_equals: leak less information about length
From: dunglas@gmail.com (=?UTF-8?Q?K=C3=A9vin_Dunglas?=)

--089e014941fa4faf250501eac7b1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi,

I've submitted a PR to make the hash_equals function leak less information
about compared strings' lengths (benchmark and use cases available in
comments): https://github.com/php/php-src/pull/792

Trying to hide length is needed to replace Symfony and Joomla PHP
implementations by hash_equals (when available).

The idea:
- clearly advert in the documentation that this function can potentially
leak lengths
- Try to make it harder for an attacker by using a robuster implementation.

If there there is an agreement to use this kind of implementation, I'll
rework the PR to use some tricks from the CPython one (
https://github.com/python/cpython/blob/c7688b44387d116522ff53c0927169db4596=
9f0e/Modules/_operator.c#L175
- use of volatile and no modulo).

Best regards,
--=20
K=C3=A9vin Dunglas

http://dunglas.fr

--089e014941fa4faf250501eac7b1--