[tor-bugs] #3122 [Tor Client]: Write and use constant-time comparison functions
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed May 11 15:34:49 UTC 2011
#3122: Write and use constant-time comparison functions
-------------------------+--------------------------------------------------
Reporter: rransom | Owner: ioerror
Type: enhancement | Status: needs_review
Priority: major | Milestone: Tor: 0.2.1.x-final
Component: Tor Client | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by Sebastian):
I looked through all the different transformations of memcmp (the last two
patches in the branch) and didn't spot anything obvious.
Maybe we should add something (maybe to make test, or make check-spaces,
or even something new for this purpose) that prints a warning if we're
using memcmp anywhere in src/ other than src/common/di_ops* with the
possible exception of unit tests? The cleanup would be easy - only two
comments (one in dirserv.c, one in routerlist.c) remain.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3122#comment:25>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list