On Fri, 6 May 2011 23:16:14 -0700
Chris Palmer <chris@xxxxxxx> wrote:
> On May 6, 2011, at 10:25 PM, Robert Ransom wrote:
>
> > I would expect GCC (and most other C compilers) to use a
> > non-constant-time implementation of (v1 == v2).
>
> Are there machines that implement uint8_t comparison in a data-dependent way? What's an example?
That comparison expression can be implemented in non-constant time on
IA-32 processors:
; ECX = v1; EDX = v2; result in EAX
XOR EAX, EAX
CMP ECX, EDX
JE done
INC EAX
done:
I think I've seen GCC emit something similar to that within the last
few years, and I assume that some compilers still emit code containing
a conditional branch for that expression. In general, we don't want to
assume that conditional expressions are safe to use, even if a compiler
*could* implement them in a safe way (e.g. by compiling Nick's function
into something resembling mine).
Robert Ransom
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev