[tor-dev] memcmp() & co. timing info disclosures?
Chris Palmer
chris at eff.org
Sat May 7 05:11:06 UTC 2011
On May 6, 2011, at 8:53 PM, Robert Ransom wrote:
>> int memcmp(const void *m1, const void *m2, size_t n)
>> {
>> /*XXX I don't know if this is even right; I haven't tested it at all */
>> const uint8_t *b1 = m1, *b2 = m2;
>> int retval = 0;
>>
>> while (n--) {
>> const uint8_t v1 = b1[n], v2 = b2[n];
>> int diff = (int)v1 - (int)v2;
>> retval = (v1 == v2) * retval + diff;
>> }
>>
>> return retval;
>> }
>
> GCC is likely to turn (v1 == v2) into a backdoor.
Can you explain what you mean?
More information about the tor-dev
mailing list