Make RPC password resistant to timing attacks

Fixes issue#2838; this is a tweaked version of pull#2845 that should not leak the length of the password and is more generic, in case we run into other situations where we need timing-attack-resistant comparisons.
author: Gavin Andresen <gavinandresen@gmail.com> 2013-08-08 19:58:57 +1000
committer: Gavin Andresen <gavinandresen@gmail.com> 2013-08-20 12:19:40 +1000
commit: cdb3441b5cd2c1bae49fae671dc4a496f7c96322 (patch)
tree: 920b43f3e70c3801375c10ab728070a8eaaa320e /src/test
parent: 38863afbcc6ddb8a247210ac1d7c5d9717265339 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/src/test/util_tests.cpp b/src/test/util_tests.cpp
index 1b0ccad511..9ca0eef7aa 100644
--- a/src/test/util_tests.cpp
+++ b/src/test/util_tests.cpp
@@ -323,4 +323,15 @@ BOOST_AUTO_TEST_CASE(util_seed_insecure_rand)
     }
 }
 
+BOOST_AUTO_TEST_CASE(util_TimingResistantEqual)
+{
+    BOOST_CHECK(TimingResistantEqual(std::string(""), std::string("")));
+    BOOST_CHECK(!TimingResistantEqual(std::string("abc"), std::string("")));
+    BOOST_CHECK(!TimingResistantEqual(std::string(""), std::string("abc")));
+    BOOST_CHECK(!TimingResistantEqual(std::string("a"), std::string("aa")));
+    BOOST_CHECK(!TimingResistantEqual(std::string("aa"), std::string("a")));
+    BOOST_CHECK(TimingResistantEqual(std::string("abc"), std::string("abc")));
+    BOOST_CHECK(!TimingResistantEqual(std::string("abc"), std::string("aba")));
+}
+
 BOOST_AUTO_TEST_SUITE_END()
author	Gavin Andresen <gavinandresen@gmail.com>	2013-08-08 19:58:57 +1000
committer	Gavin Andresen <gavinandresen@gmail.com>	2013-08-20 12:19:40 +1000
commit	cdb3441b5cd2c1bae49fae671dc4a496f7c96322 (patch)
tree	920b43f3e70c3801375c10ab728070a8eaaa320e /src/test
parent	38863afbcc6ddb8a247210ac1d7c5d9717265339 (diff)