Re: [tor-bugs] #3122 [Tor Client]: Write and use constant-time comparison functions

["Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>]

#3122: Write and use constant-time comparison functions
-------------------------+--------------------------------------------------
 Reporter:  rransom      |          Owner:  ioerror
     Type:  enhancement  |         Status:  new    
 Priority:  major        |      Milestone:         
Component:  Tor Client   |        Version:         
 Keywords:               |         Parent:         
   Points:               |   Actualpoints:         
-------------------------+--------------------------------------------------

Comment(by nickm):

 FWIW, it's trivial to do a data-independent equality check to drop in for
 cases where we are just using memcmp for equality:

 {{{
 int mem_neq(const void *m1, const void *m2, size_t n)
 {
   const uint8_t *b1 = m1, *b2 = m2;
   uint8_t diff = 0;
   while (n--)
     diff |= *b1++ ^ *b2++;
   return diff != 0;
 }
 #define mem_eq(m1, m2, n) (!mem_neq((m1), (m2),(n)))
 }}}

 Actually implementing memcmp in a data-independent form that returns -1,
 0, or 1 properly is harder.  Fortunately, we almost never need that
 version.  Dropping in mem_neq as a replacement for nearly every memcmp
 should do pretty well.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3122#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs