projects / GitHub / WoltLab / WCF.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 19266db) | patch
Use constant time encoding / decoding of security critical code (#3699)
authorJoshua Rüsweg <ruesweg@woltlab.com>
Fri, 6 Nov 2020 16:00:10 +0000 (17:00 +0100)
committerGitHub <noreply@github.com>
Fri, 6 Nov 2020 16:00:10 +0000 (17:00 +0100)
commitc5fc8e591ee7d4c79e9cf55dce10bfa88e94ba49
tree00a6c83f2eff7f4b40c76dc5a1a3fca5a74de842tree | snapshot (tar.gz zip)
parent19266dbbec05d0670291fd6c2170ee762e0c4a0ccommit | diff
Use constant time encoding / decoding of security critical code (#3699)

* Use `Hex::decode` to convert hex2bin
Previously we used the internal PHP function `hex2bin` which has the problem with cache-timing leaks. The Hex class converts the given string without cache-timing leaks.

* Use `Hex::encode` to convert bin2hex
Previously we used the internal PHP function `bin2hex` which has the problem with cache-timing leaks. The Hex class converts the given string without cache-timing leaks.
37 files changed:
wcfsetup/install/files/lib/action/FacebookAuthAction.class.php diff | blob | blame | history
wcfsetup/install/files/lib/action/GithubAuthAction.class.php diff | blob | blame | history
wcfsetup/install/files/lib/action/GoogleAuthAction.class.php diff | blob | blame | history
wcfsetup/install/files/lib/action/TwitterAuthAction.class.php diff | blob | blame | history
wcfsetup/install/files/lib/data/style/StyleAction.class.php diff | blob | blame | history
wcfsetup/install/files/lib/data/user/UserAction.class.php diff | blob | blame | history
wcfsetup/install/files/lib/data/user/UserEditor.class.php diff | blob | blame | history
wcfsetup/install/files/lib/form/LostPasswordForm.class.php diff | blob | blame | history
wcfsetup/install/files/lib/form/RegisterForm.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/cronjob/DailyMailNotificationCronjob.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/email/Email.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/email/mime/AbstractMultipartMimePart.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/package/PackageInstallationDispatcher.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/session/SessionHandler.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/user/authentication/password/algorithm/CryptMD5.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Ipb2.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Ipb3.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla1.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla2.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Joomla3.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Mybb1.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Phpfox3.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Smf1.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Smf2.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/user/authentication/password/algorithm/TPhpass.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb3.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb4.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Vb5.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wcf1.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Wcf1e.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Xf1.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/user/notification/TestableUserNotificationEventHandler.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/user/notification/UserNotificationHandler.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/worker/SendNewPasswordWorker.class.php diff | blob | blame | history
wcfsetup/install/files/lib/util/FileUtil.class.php diff | blob | blame | history
wcfsetup/install/files/lib/util/HTTPRequest.class.php diff | blob | blame | history
wcfsetup/install/files/lib/util/StringUtil.class.php diff | blob | blame | history
WoltLab Suite Core (previously WoltLab Community Framework)