From cdb3441b5cd2c1bae49fae671dc4a496f7c96322 Mon Sep 17 00:00:00 2001 From: Gavin Andresen Date: Thu, 8 Aug 2013 19:58:57 +1000 Subject: Make RPC password resistant to timing attacks Fixes issue#2838; this is a tweaked version of pull#2845 that should not leak the length of the password and is more generic, in case we run into other situations where we need timing-attack-resistant comparisons. --- src/test/util_tests.cpp | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'src/test') diff --git a/src/test/util_tests.cpp b/src/test/util_tests.cpp index 1b0ccad511..9ca0eef7aa 100644 --- a/src/test/util_tests.cpp +++ b/src/test/util_tests.cpp @@ -323,4 +323,15 @@ BOOST_AUTO_TEST_CASE(util_seed_insecure_rand) } } +BOOST_AUTO_TEST_CASE(util_TimingResistantEqual) +{ + BOOST_CHECK(TimingResistantEqual(std::string(""), std::string(""))); + BOOST_CHECK(!TimingResistantEqual(std::string("abc"), std::string(""))); + BOOST_CHECK(!TimingResistantEqual(std::string(""), std::string("abc"))); + BOOST_CHECK(!TimingResistantEqual(std::string("a"), std::string("aa"))); + BOOST_CHECK(!TimingResistantEqual(std::string("aa"), std::string("a"))); + BOOST_CHECK(TimingResistantEqual(std::string("abc"), std::string("abc"))); + BOOST_CHECK(!TimingResistantEqual(std::string("abc"), std::string("aba"))); +} + BOOST_AUTO_TEST_SUITE_END() -- cgit v1.2.3