General

Profile

arrtchiu (Matt U)

Issues

Activity

07/05/2016

09:51 AM Ruby trunk Feature #10098: [PATCH] Timing-safe string comparison for OpenSSL::HMAC
Yui, I'm a little confused. The patch you have in your comment looks timing-safe to me. Also I suggest taking a look ...

02/25/2016

07:01 AM Ruby trunk Bug #12109 (Rejected): Exception during class load can cause partially-loaded class
I noticed this bug using Rails, which lazy-loads classes (via ActiveSupport.)
Here's a minimal test case:
~~~ru...
06:42 AM Ruby trunk Feature #10098: [PATCH] Timing-safe string comparison for OpenSSL::HMAC
Aleksandrs ─╗edovskis wrote:
> Can someone clarify, what state is this feature in? Do we still need to get Matz's app...

09/18/2014

09:50 AM Ruby trunk Feature #10098: [PATCH] Timing-safe string comparison for OpenSSL::HMAC
Keen to hear feedback if any. Completely understand there are many more important tickets than this one, but it would...

08/23/2014

09:12 AM Ruby trunk Feature #10098: [PATCH] Timing-safe string comparison for OpenSSL::HMAC
Changelog:
* Renamed `rb_tsafe_eql` => `rb_consttime_memequal`.
* Renamed `rb_str_tsafe_eql` => `rb_str_consttime...

07/30/2014

02:07 AM Ruby trunk Feature #10098: [PATCH] Timing-safe string comparison for OpenSSL::HMAC
Nobuyoshi Nakada wrote:
> `rb_tsafe_eql()` doesn't need to be `VALUE`, `int` is OK.
> Tests for timing-safeness are...

07/29/2014

10:30 AM Ruby trunk Feature #10098: [PATCH] Timing-safe string comparison for OpenSSL::HMAC
What's your thoughts on this new patch?
At the moment I'm using OSX and Linux, unable to test `timingsafe_memcmp()...
05:59 AM Ruby trunk Feature #10098: [PATCH] Timing-safe string comparison for OpenSSL::HMAC
Nobuyoshi Nakada wrote:
> According to [notes on timingsafe_memcmp](http://www.tedunangst.com/flak/post/notes-on-tim...
03:56 AM Ruby trunk Feature #10098: [PATCH] Timing-safe string comparison for OpenSSL::HMAC
Nobuyoshi Nakada wrote:
> `slow` is not the main concern here, IMHO.
> The latter is more descriptive, but seems le...
01:39 AM Ruby trunk Feature #10098: [PATCH] Timing-safe string comparison for OpenSSL::HMAC
Thanks for the feedback!
Nobuyoshi Nakada wrote:
> * Indent style mismatch
> * Should try to convert the argumen...

Also available in: Atom