New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Constant-Time bin2hex() implementation #909
Conversation
hmm... did you ever try to make after your fix?
where is hex's definition? and since hexconvtab not used anymore, the definition of it should also be removed. thanks |
How does this look now? :) |
Can you provide information as to how this performs compared to the previous implementation? I'm not fully convinced that PHP has need for a constant time bin2hex implementation. |
Do PHP developers use http://tonyarcieri.com/cream-the-scary-ssl-attack-youve-probably-never-heard-of (Spoiler: Yes, we do use these features to encode cryptographic secrets. So I would argue that they are a good enhancement to include in PHP 7) |
I think this needs some discussion on internals. If we worry about such things just replacing random functions is not enough - you should be sure all functions that handle your secret are constant-time, including the engine primitives, etc. I'm not sure just having one function does anything. But maybe I'm missing something here. |
This is just a start. I'd love to discuss it with "internals", but my only exposure to PHP's core dev is through github. |
@sarciszewski you can drop a mail to internals at lists.php.net :) |
@sarciszewski It must be added to the function entry list: https://github.com/sarciszewski/php-src/blob/patch-1/ext/standard/basic_functions.c#L2664. |
Ah, thank you. |
…sions to lowercase
…atched pattern and avoid zend_hash_find() calls for other paterns.
…d only if the right operand is interafce itself.
* PHP-5.6: Update NEWS Fixed bug #55618 (use case-insensitive cert name matching)
…test * 'typed_returns' of github.com:morrisonlevi/php-src: Implement return types
… , so it was already closed
* 'master' of https://git.php.net/push/php-src: Fixed #68868 (Segfault in clean_non_persistent_constants() in SugarCRM 6.5.20)
Conflicts: ext/phar/phar_object.c
* PHP-5.6: Fixed Bug #68941 mod_files.sh is a bash-script
Conflicts: UPGRADING
* pull-request/1016: Implement RFC: Introduce session_start() options
* PHP-5.6: Use bash rather than sh
Ugh, this got messy. Time to start over. |
Contant time bin2hex() implementation, taken from jedisct1/libsodium@814df1e