diff options
author | Gavin Andresen <gavinandresen@gmail.com> | 2013-08-08 19:58:57 +1000 |
---|---|---|
committer | Gavin Andresen <gavinandresen@gmail.com> | 2013-08-20 12:19:40 +1000 |
commit | cdb3441b5cd2c1bae49fae671dc4a496f7c96322 (patch) | |
tree | 920b43f3e70c3801375c10ab728070a8eaaa320e /src/util.h | |
parent | 38863afbcc6ddb8a247210ac1d7c5d9717265339 (diff) | |
download | bitcoin-cdb3441b5cd2c1bae49fae671dc4a496f7c96322.tar.xz |
Make RPC password resistant to timing attacks
Fixes issue#2838; this is a tweaked version of pull#2845 that
should not leak the length of the password and is more generic,
in case we run into other situations where we need
timing-attack-resistant comparisons.
Diffstat (limited to 'src/util.h')
-rw-r--r-- | src/util.h | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/util.h b/src/util.h index 3f3dd0f487..9b7e2573da 100644 --- a/src/util.h +++ b/src/util.h @@ -433,6 +433,21 @@ static inline uint32_t insecure_rand(void) */ void seed_insecure_rand(bool fDeterministic=false); +/** + * Timing-attack-resistant comparison. + * Takes time proportional to length + * of first argument. + */ +template <typename T> +bool TimingResistantEqual(const T& a, const T& b) +{ + if (b.size() == 0) return a.size() == 0; + size_t accumulator = a.size() ^ b.size(); + for (size_t i = 0; i < a.size(); i++) + accumulator |= a[i] ^ b[i%b.size()]; + return accumulator == 0; +} + /** Median filter over a stream of values. * Returns the median of the last N numbers */ |