Change cookie signature comparison to resist timing attacks (based on code suggested by Robin Green and Austin Seipp)

author: Adam Chlipala <adam@chlipala.net> 2011-07-19 09:18:50 -0400
committer: Adam Chlipala <adam@chlipala.net> 2011-07-19 09:18:50 -0400
commit: ac6fd6218962bf60b86cdfa64b8f7110ffc35ad3 (patch)
tree: 5a3ddc7abde84b7531e001931b0cf158d78938b5 /src/c/urweb.c
parent: 0b12664f70f258a5928d051b5e71715b84dd37b6 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/src/c/urweb.c b/src/c/urweb.c
index 238b27e2..4d2de1dd 100644
--- a/src/c/urweb.c
+++ b/src/c/urweb.c
@@ -3455,6 +3455,23 @@ uw_Basis_string uw_Basis_makeSigString(uw_context ctx, uw_Basis_string sig) {
   return r;
 }
 
+/* This bit of crafty code is intended to prevent GCC from performing
+ * optimizations that would enable timing attacks.  See:
+ *   http://www.impredicative.com/pipermail/ur/2011-July/000659.html
+ */
+int uw_streq(uw_Basis_string s1, uw_Basis_string s2) {
+  int i, x = 0, len1 = strlen(s1);
+
+  if (len1 != strlen(s2)) return 0;
+
+  for (i = 0; i < len1; ++i) {
+        __asm__ __volatile__ ("");
+        x |= s1[i] ^ s2[i];
+  }
+
+  return x == 0;
+}
+
 uw_Basis_string uw_Basis_sigString(uw_context ctx, uw_unit u) {
   return ctx->app->cookie_sig(ctx);
 }
author	Adam Chlipala <adam@chlipala.net>	2011-07-19 09:18:50 -0400
committer	Adam Chlipala <adam@chlipala.net>	2011-07-19 09:18:50 -0400
commit	ac6fd6218962bf60b86cdfa64b8f7110ffc35ad3 (patch)
tree	5a3ddc7abde84b7531e001931b0cf158d78938b5 /src/c/urweb.c
parent	0b12664f70f258a5928d051b5e71715b84dd37b6 (diff)