You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@myfaces.apache.org by lu...@apache.org on 2010/10/01 03:10:48 UTC

svn commit: r1003345 - /myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java

Author: lu4242
Date: Fri Oct  1 01:10:48 2010
New Revision: 1003345

URL: http://svn.apache.org/viewvc?rev=1003345&view=rev
Log:
MYFACES-2934 Side-channel timing attack in StateUtils class may still allow padding oracle attack

Modified:
    myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java

Modified: myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java?rev=1003345&r1=1003344&r2=1003345&view=diff
==============================================================================
--- myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java (original)
+++ myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java Fri Oct  1 01:10:48 2010
@@ -475,7 +475,13 @@ public final class StateUtils {
                 if (signedDigestHash[i] != secure[secure.length-macLenght+i])
                 {
                     isMacEqual = false;
-                    break;
+                    // MYFACES-2934 Must compare *ALL* bytes of the hash, 
+                    // otherwise a side-channel timing attack is theorically possible
+                    // but with a very very low probability, because the
+                    // comparison time is too small to be measured compared to
+                    // the overall request time and in real life applications,
+                    // there are too many uncertainties involved.
+                    //break;
                 }
             }
             if (!isMacEqual)