oroku_saki 1.1.0 → 1.1.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1bb2e0fe1dcd41017630398ac68646eb38d5afbb
4
- data.tar.gz: 8a95b019ba3f9514206da31bf880a1be35ea466f
3
+ metadata.gz: 7a969ea2bfd10a3057470e5ddf1f8224b146070b
4
+ data.tar.gz: 993dc9431b14b241a4827d39e346d98bd049e8a7
5
5
  SHA512:
6
- metadata.gz: 41bc12a28951a48f193ab84f348148de620629a9af0b32b483d87e1512ae1c038ddd163d57e48f71405176b1797b5a2029f175f8931829d776540c7c91985cc6
7
- data.tar.gz: e9c21b707a38c155c962a9b43a593cbad3eef76392176403753da5b21c450303a74206a3d08b6b63efc619c30fb73a3f72f35ad869709a851b88dccc699b4dd4
6
+ metadata.gz: 83631618395302ee122ff73b95cf94b9f236057a554058b230b2f877d0d8041495198353141cad20847d09687d12816f13d49863f72f08b8ac9a8a195fb535f6
7
+ data.tar.gz: 9b25c6035f28126972e0c3f89a3f9a34f2273987ae6a0660b6a51213667841a3b8f966c23f1fcd4560ff9c5db07eab6c2f47c763995deb746679fe3f93e8bda0
data/README.md CHANGED
@@ -38,17 +38,25 @@ second_secret = 'another sekret'
38
38
  second_secret.shred! # => "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000"
39
39
  ```
40
40
 
41
- Setting a string to be shredded before garbage collection:
41
+ Setting a string to be shredded before garbage collection via a finalizer:
42
+
42
43
  ```ruby
43
44
  my_secret = 'super sekret value!!!'
44
45
  OrokuSaki.shred_later(my_secret) # => nil
45
46
  puts my_secret # => "super sekret value!!!"
46
- # A finalizer shreds the str just before it gets collected.
47
47
 
48
48
  second_secret = 'another sekret'
49
49
  second_scret.shred_later
50
50
  ```
51
51
 
52
+ Comparing Strings in constant time (nearly as fast as `==` for small inputs):
53
+
54
+ ```ruby
55
+ hmac = '16b9b8ae8e164768d0505bcb16269efb35804643dd351084b3c6ebbc6f7db2c8'
56
+ other_hmac = '16b9b8ae8e164768d0505bcb16269efb35804643dd351084b3c6ebbc6f7db2c8'
57
+ OrokuSaki.secure_compare(hmac, other_hmac) #=> true
58
+ ```
59
+
52
60
  ## Development
53
61
 
54
62
  After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
@@ -39,9 +39,15 @@ int secure_compare(VALUE rb_str_a, VALUE rb_str_b) {
39
39
  return (1 & ((d - 1) >> 8)) - 1;
40
40
  }
41
41
 
42
- /* The C implementation of the secure compare, the return type is a Fixnum
43
- * to avoid certain optimizations that cause the branch predictor to leak timing
44
- * information.
42
+ /* The C implementation of secure compare, don't use!
43
+ *
44
+ * The return type is a Fixnum to avoid certain optimizations that cause the
45
+ * branch predictor to potentially leak timing information.
46
+ *
47
+ * @param [String] rb_str_a
48
+ * @param [String] rb_str_b
49
+ * @return [Fixnum] Zero for success, other values for failure.
50
+ * @api private
45
51
  */
46
52
  VALUE oroku_saki_secure_compare(VALUE rb_module, VALUE rb_str_a, VALUE rb_str_b) {
47
53
  raise_unless_string(rb_str_a, "OrokuSaki.secure_compare");
@@ -60,7 +66,7 @@ VALUE oroku_saki_secure_compare(VALUE rb_module, VALUE rb_str_a, VALUE rb_str_b)
60
66
  * it does not respect frozen states of strings so make sure you're actually
61
67
  * done with the String before using this method.
62
68
  *
63
- * @param [String] str The string to be zeroed out.
69
+ * @param [String] rb_str The string to be zeroed out.
64
70
  * @raise [TypeError] When passed something other than a String
65
71
  * @return [nil]
66
72
  */
@@ -29,7 +29,7 @@ module OrokuSaki
29
29
  raise TypeError,
30
30
  "OrokuSaki.shred_later received #{str} (#{str.class}), expected String!"
31
31
  end
32
- ObjectSpace.define_finalizer(str, STRING_FINALIZER)
32
+ ObjectSpace.define_finalizer(str, STRING_FINALIZER) unless str.frozen?
33
33
  str
34
34
  end
35
35
 
@@ -1,3 +1,3 @@
1
1
  module OrokuSaki
2
- VERSION = "1.1.0"
2
+ VERSION = "1.1.1"
3
3
  end
@@ -10,9 +10,10 @@ Gem::Specification.new do |spec|
10
10
  spec.email = ["t.pickett66@gmail.com"]
11
11
 
12
12
  spec.summary = %q{OrokuSaki, a.k.a. Shredder, is the destroyer of strings and attacker's worst nightmare!}
13
- spec.description = "OrokuSaki, a.k.a. Shredder, is a small collection for " \
14
- "ensuring the strings used in cryptographic operations remain secret. It is " \
15
- "based around a simple memzero C function."
13
+ spec.description = "OrokuSaki, a.k.a. Shredder, is a small collection of " \
14
+ "utilities for ensuring the strings used in cryptographic operations " \
15
+ "remain secret. This currently includes memory zeroing and constant time " \
16
+ "String comparisons."
16
17
  spec.homepage = "https://github.com/tpickett66/oroku_saki"
17
18
  spec.license = "MIT"
18
19
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oroku_saki
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tyler Pickett
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-04-13 00:00:00.000000000 Z
11
+ date: 2016-05-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -94,9 +94,9 @@ dependencies:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
96
  version: 0.8.7
97
- description: OrokuSaki, a.k.a. Shredder, is a small collection for ensuring the strings
98
- used in cryptographic operations remain secret. It is based around a simple memzero
99
- C function.
97
+ description: OrokuSaki, a.k.a. Shredder, is a small collection of utilities for ensuring
98
+ the strings used in cryptographic operations remain secret. This currently includes
99
+ memory zeroing and constant time String comparisons.
100
100
  email:
101
101
  - t.pickett66@gmail.com
102
102
  executables: []