subject:"\[issue40791\] hmac.compare_digest could try harder to be constant\-time."

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-12-14 Thread Ned Deily

Ned Deily added the comment: > Any reason this wasn't backported to 3.6? Just an oversight. Thanks for pointing it out. -- versions: +Python 3.6 ___ Python tracker ___

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-12-14 Thread Ned Deily

Ned Deily added the comment: New changeset 8bef9ebb1b88cfa4b2a38b93fe4ea22015d8254a by Miss Islington (bot) in branch '3.6': bpo-40791: Make compare_digest more constant-time. (GH-23438) (GH-23767) https://github.com/python/cpython/commit/8bef9ebb1b88cfa4b2a38b93fe4ea22015d8254a --

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-12-14 Thread miss-islington

Change by miss-islington : -- pull_requests: +22623 pull_request: https://github.com/python/cpython/pull/23767 ___ Python tracker ___

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-12-14 Thread Michał Górny

Michał Górny added the comment: Any reason this wasn't backported to 3.6? FWICS it's supposed to be security supported still. -- nosy: +mgorny ___ Python tracker ___

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-11-22 Thread Benjamin Peterson

Change by Benjamin Peterson : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-11-22 Thread Benjamin Peterson

Benjamin Peterson added the comment: New changeset db95802bdfac4d13db3e2a391ec7b9e2f8d92dbe by Miss Islington (bot) in branch '3.7': bpo-40791: Make compare_digest more constant-time. (GH-23438) https://github.com/python/cpython/commit/db95802bdfac4d13db3e2a391ec7b9e2f8d92dbe --

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-11-21 Thread miss-islington

miss-islington added the comment: New changeset c1bbca5b004b3f74d240ef8a76ff445cc1a27efb by Miss Islington (bot) in branch '3.9': bpo-40791: Make compare_digest more constant-time. (GH-20444) https://github.com/python/cpython/commit/c1bbca5b004b3f74d240ef8a76ff445cc1a27efb --

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-11-21 Thread miss-islington

miss-islington added the comment: New changeset 97136d71a78a4b6b816f7e14acc52be426efcb6f by Miss Islington (bot) in branch '3.8': bpo-40791: Make compare_digest more constant-time. (GH-20444) https://github.com/python/cpython/commit/97136d71a78a4b6b816f7e14acc52be426efcb6f --

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-11-21 Thread miss-islington

Change by miss-islington : -- pull_requests: +22329 pull_request: https://github.com/python/cpython/pull/23437 ___ Python tracker ___

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-11-21 Thread miss-islington

Change by miss-islington : -- pull_requests: +22330 pull_request: https://github.com/python/cpython/pull/23438 ___ Python tracker ___

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-11-21 Thread miss-islington

Change by miss-islington : -- pull_requests: +22328 pull_request: https://github.com/python/cpython/pull/23436 ___ Python tracker ___

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-11-21 Thread Gregory P. Smith

Gregory P. Smith added the comment: New changeset 31729366e2bc09632e78f3896dbce0ae64914f28 by Devin Jeanpierre in branch 'master': bpo-40791: Make compare_digest more constant-time. (GH-20444) https://github.com/python/cpython/commit/31729366e2bc09632e78f3896dbce0ae64914f28 --

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-05-28 Thread miss-islington

miss-islington added the comment: New changeset 8183e11d87388e4e44e3242c42085b87a878f781 by Christian Heimes in branch '3.9': [3.9] bpo-40791: Use CRYPTO_memcmp() for compare_digest (GH-20456) (GH-20461) https://github.com/python/cpython/commit/8183e11d87388e4e44e3242c42085b87a878f781

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-05-27 Thread Christian Heimes

Change by Christian Heimes : -- pull_requests: +19714 pull_request: https://github.com/python/cpython/pull/20461 ___ Python tracker ___

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-05-27 Thread Christian Heimes

Christian Heimes added the comment: New changeset db5aed931f8a617f7b63e773f62db468fe9c5ca1 by Christian Heimes in branch 'master': bpo-40791: Use CRYPTO_memcmp() for compare_digest (#20456) https://github.com/python/cpython/commit/db5aed931f8a617f7b63e773f62db468fe9c5ca1 --

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-05-27 Thread Gregory P. Smith

Gregory P. Smith added the comment: I'd feel fine doing that for 3.9 given 3.9.0 is only in beta and this changes no public APIs. For 3.8 and 3.7 i wouldn't. Be sure to update the versionchanged in the docs if you choose to do it for 3.9. -- ___

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-05-27 Thread Christian Heimes

Christian Heimes added the comment: Greg, is GH-20456 a bug fix / security enhancement or a new feature? I'm hesitant to backport it to 3.7 and 3.8. 3.9 might be ok. -- ___ Python tracker

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-05-27 Thread Christian Heimes

Christian Heimes added the comment: GPS, I got you covered :) CRYPTO_memcmp() was on my TODO list for a while. Thanks for nagging me. _operator is a built-in module. I don't want to add libcrypto dependency to libpython. I copied the code, made some adjustments and added it to

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-05-27 Thread Christian Heimes

Change by Christian Heimes : -- pull_requests: +19711 pull_request: https://github.com/python/cpython/pull/20456 ___ Python tracker ___

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-05-27 Thread Gregory P. Smith

Gregory P. Smith added the comment: Christian - Devin could likely use some help with the build/ifdef plumbing required for (2) to use CRYPTO_memcmp from Modules/_operator.c when OpenSSL is available. -- assignee: -> christian.heimes ___ Python

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-05-27 Thread Raymond Hettinger

Raymond Hettinger added the comment: +1 for both of these suggestions -- nosy: +rhettinger type: -> security versions: -Python 3.5, Python 3.6 ___ Python tracker ___

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-05-27 Thread Zachary Ware

Change by Zachary Ware : -- nosy: +christian.heimes, gregory.p.smith ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-05-27 Thread Devin Jeanpierre

Change by Devin Jeanpierre : -- keywords: +patch pull_requests: +19700 stage: -> patch review pull_request: https://github.com/python/cpython/pull/20444 ___ Python tracker

[issue40791] hmac.compare_digest could try harder to be constant-time.

2020-05-27 Thread Devin Jeanpierre

New submission from Devin Jeanpierre : `hmac.compare_digest` (via `_tscmp`) does not mark the accumulator variable `result` as volatile, which means that the compiler is allowed to short-circuit the comparison loop as long as it still reads from both strings. In particular, when `result` is

[issue40791] hmac.compare_digest could try harder to be constant-time.

[issue40791] hmac.compare_digest could try harder to be constant-time.

[issue40791] hmac.compare_digest could try harder to be constant-time.

[issue40791] hmac.compare_digest could try harder to be constant-time.

[issue40791] hmac.compare_digest could try harder to be constant-time.

[issue40791] hmac.compare_digest could try harder to be constant-time.

[issue40791] hmac.compare_digest could try harder to be constant-time.

[issue40791] hmac.compare_digest could try harder to be constant-time.

[issue40791] hmac.compare_digest could try harder to be constant-time.

[issue40791] hmac.compare_digest could try harder to be constant-time.

[issue40791] hmac.compare_digest could try harder to be constant-time.

[issue40791] hmac.compare_digest could try harder to be constant-time.

[issue40791] hmac.compare_digest could try harder to be constant-time.

[issue40791] hmac.compare_digest could try harder to be constant-time.

[issue40791] hmac.compare_digest could try harder to be constant-time.

[issue40791] hmac.compare_digest could try harder to be constant-time.

[issue40791] hmac.compare_digest could try harder to be constant-time.

[issue40791] hmac.compare_digest could try harder to be constant-time.

[issue40791] hmac.compare_digest could try harder to be constant-time.

[issue40791] hmac.compare_digest could try harder to be constant-time.

[issue40791] hmac.compare_digest could try harder to be constant-time.

[issue40791] hmac.compare_digest could try harder to be constant-time.

[issue40791] hmac.compare_digest could try harder to be constant-time.

[issue40791] hmac.compare_digest could try harder to be constant-time.

24 matches

Site Navigation

Mail list logo

Footer information