[tor-bugs] #3122 [Tor Client]: Write and use constant-time comparison functions
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed May 11 00:52:57 UTC 2011
#3122: Write and use constant-time comparison functions
-------------------------+--------------------------------------------------
Reporter: rransom | Owner: ioerror
Type: enhancement | Status: needs_review
Priority: major | Milestone: Tor: 0.2.1.x-final
Component: Tor Client | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by rransom):
{{{
@@ -640,31 +640,36 @@ find_whitespace_eos(const char *s, const char *eos)
int
tor_mem_is_zero(const char *mem, size_t len)
{
static const char ZERO[] = {
0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
0,0,0,0,
};
while (len >= sizeof(ZERO)) {
- if (tor_memcmp(mem, ZERO, sizeof(ZERO)))
+ /* It's safe to use fast_memcmp here, since the very worst thing an
+ * attacker could learn is how many initial bytes of a secret were
zero */
+ if (fast_memcmp(mem, ZERO, sizeof(ZERO)))
return 0;
}}}
It's also safe to use fast_memneq here.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3122#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list