Skip to content

Make bin2hex() and hex2bin() timing safe #1453

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 10, 2015
Merged

Make bin2hex() and hex2bin() timing safe #1453

merged 1 commit into from
Aug 10, 2015

Conversation

bwoebi
Copy link
Member

@bwoebi bwoebi commented Aug 4, 2015

See also: http://markmail.org/message/4wwjnqr3sz6cqaxh

bin2hex() is using a lookup table; there is potential for a cache timing attack if not aligned on 16 byte boundary.
Solved via explicit alignment. (No perf change)

hex2bin() is using branches to differ between 0-9 and a-f/A-F. Simple timing attack potential.
Using a branchless construct solves this [The only branch is early abort on malformed hex, which is not an issue]. (Performance in best-case is worse, but better than average-case [at least locally]. Currently average case has about 20% mispredictions (tested on just normal text), which makes it slower than the branchless code.)

That way hex2bin() even has a slight performance benefit in addition to time safety.

@php-pulls php-pulls merged commit ad4d139 into php:master Aug 10, 2015
@ghost ghost mentioned this pull request Jul 16, 2018
Closed
@jornane jornane mentioned this pull request Jul 16, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bwoebi @laruence @php-pulls