[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] memcmp() & co. timing info disclosures?
On May 6, 2011, at 8:53 PM, Robert Ransom wrote:
>> int memcmp(const void *m1, const void *m2, size_t n)
>> {
>> /*XXX I don't know if this is even right; I haven't tested it at all */
>> const uint8_t *b1 = m1, *b2 = m2;
>> int retval = 0;
>>
>> while (n--) {
>> const uint8_t v1 = b1[n], v2 = b2[n];
>> int diff = (int)v1 - (int)v2;
>> retval = (v1 == v2) * retval + diff;
>> }
>>
>> return retval;
>> }
>
> GCC is likely to turn (v1 == v2) into a backdoor.
Can you explain what you mean?
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev