Re: streql - Constant-time string comparison
* Joel Rees <joel.rees@gmail.com> [2014-10-30 08:38 +0900]:
> -----------------------------
> // The core function: test two regions of memory for bytewise equality
> with constant time.
> // If cmplength is less than min( xlen, ylen ), comparison is incomplete.
> static int equals_internal_constime(
> const char *x, unsigned int xlen,
> const char *y, unsigned int ylen,
> int cmplength) {
>
> int result = 0;
>
> while ( --cmplength >= 0 ) {
> char xtemp = 0;
> char ytemp = 0;
>
> if ( --xlen >= 0 ) xtemp = *x++;
> if ( --ylen >= 0 ) ytemp = *y++;
>
> result |= xtemp ^ ytemp;
> }
>
> return (xlen == ylen) && (result == 0);
> }
> -----------------------------
Perhaps I am missing the obvious, but 0-1 ist UINT_MAX, which is
bigger than zero.
And if this would work, the runtime of the loop's body would depend on
whether the assignments are executed or not.
Nicolas
Reply to: