2014/10/30 16:52 "Nicolas Rachinsky" <deb-securit...@ml.turing-complete.org
>:
>
> * Joel Rees <joel.r...@gmail.com> [2014-10-30 08:38 +0900]:
> > -----------------------------
> > // The core function: test two regions of memory for bytewise equality
> > with constant time.
> > // If cmplength is less than min( xlen, ylen ), comparison is
incomplete.
> > static int equals_internal_constime(
> > const char *x, unsigned int xlen,
> > const char *y, unsigned int ylen,
> > int cmplength) {
> >
> > int result = 0;
> >
> > while ( --cmplength >= 0 ) {
> > char xtemp = 0;
> > char ytemp = 0;
> >
> > if ( --xlen >= 0 ) xtemp = *x++;
> > if ( --ylen >= 0 ) ytemp = *y++;
> >
> > result |= xtemp ^ ytemp;
> > }
> >
> > return (xlen == ylen) && (result == 0);
> > }
> > -----------------------------
>
> Perhaps I am missing the obvious, but 0-1 ist UINT_MAX, which is
> bigger than zero.
How embarrassing. One test would have caught that. Okay, use postdec mode
and greater than instead of greater than or equal. Or something similar.
And I should code instead of theorize.
> And if this would work, the runtime of the loop's body would depend on
> whether the assignments are executed or not.
It's the difference between having an indexed load or not. I think we can
assume the strings will be in cache after the first access.
Okay, don't initialize the local copy variables, use a two-way branch. And
you'll still have some slop because clearing a variable is quicker than
loading indexed.
Anyway, it's better than just dropping out of the loop.
(I have to get some way to write useful code on this lousy tablet.)
I'll be on the train for about an hour. You're welcome to fix the code
while I'm off-line.
--
Joel Rees
Computer memory is just fancy paper,
CPUs just fancy pens.
All is a stream of text
flowing from the past into the future.
