Mercurial > urweb
comparison src/c/urweb.c @ 1512:dcc8abbc6dfd
Change cookie signature comparison to resist timing attacks (based on code suggested by Robin Green and Austin Seipp)
| author | Adam Chlipala <adam@chlipala.net> |
|---|---|
| date | Tue, 19 Jul 2011 09:18:50 -0400 |
| parents | 7f8ddcf12b20 |
| children | 3c0803c1acd7 |
comparison
equal
deleted
inserted
replaced
| 1511:e717e2b56b21 | 1512:dcc8abbc6dfd |
|---|---|
| 3453 sprintf(&r[2*i], "%.02X", ((unsigned char *)sig)[i]); | 3453 sprintf(&r[2*i], "%.02X", ((unsigned char *)sig)[i]); |
| 3454 | 3454 |
| 3455 return r; | 3455 return r; |
| 3456 } | 3456 } |
| 3457 | 3457 |
| 3458 /* This bit of crafty code is intended to prevent GCC from performing | |
| 3459 * optimizations that would enable timing attacks. See: | |
| 3460 * http://www.impredicative.com/pipermail/ur/2011-July/000659.html | |
| 3461 */ | |
| 3462 int uw_streq(uw_Basis_string s1, uw_Basis_string s2) { | |
| 3463 int i, x = 0, len1 = strlen(s1); | |
| 3464 | |
| 3465 if (len1 != strlen(s2)) return 0; | |
| 3466 | |
| 3467 for (i = 0; i < len1; ++i) { | |
| 3468 __asm__ __volatile__ (""); | |
| 3469 x |= s1[i] ^ s2[i]; | |
| 3470 } | |
| 3471 | |
| 3472 return x == 0; | |
| 3473 } | |
| 3474 | |
| 3458 uw_Basis_string uw_Basis_sigString(uw_context ctx, uw_unit u) { | 3475 uw_Basis_string uw_Basis_sigString(uw_context ctx, uw_unit u) { |
| 3459 return ctx->app->cookie_sig(ctx); | 3476 return ctx->app->cookie_sig(ctx); |
| 3460 } | 3477 } |
| 3461 | 3478 |
| 3462 uw_Basis_string uw_Basis_fileName(uw_context ctx, uw_Basis_file f) { | 3479 uw_Basis_string uw_Basis_fileName(uw_context ctx, uw_Basis_file f) { |