[tor-bugs] #3122 [Tor Client]: Write and use constant-time comparison functions
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sat May 7 00:56:47 UTC 2011
#3122: Write and use constant-time comparison functions
-------------------------+--------------------------------------------------
Reporter: rransom | Owner: ioerror
Type: enhancement | Status: new
Priority: major | Milestone:
Component: Tor Client | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by nickm):
FWIW, it's trivial to do a data-independent equality check to drop in for
cases where we are just using memcmp for equality:
{{{
int mem_neq(const void *m1, const void *m2, size_t n)
{
const uint8_t *b1 = m1, *b2 = m2;
uint8_t diff = 0;
while (n--)
diff |= *b1++ ^ *b2++;
return diff != 0;
}
#define mem_eq(m1, m2, n) (!mem_neq((m1), (m2),(n)))
}}}
Actually implementing memcmp in a data-independent form that returns -1,
0, or 1 properly is harder. Fortunately, we almost never need that
version. Dropping in mem_neq as a replacement for nearly every memcmp
should do pretty well.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3122#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list