From 42656ea2e552b027e174fdceab7348ffcb8245c4 Mon Sep 17 00:00:00 2001 From: Gavin Andresen Date: Thu, 8 Aug 2013 19:58:57 +1000 Subject: Make RPC password resistant to timing attacks Fixes issue#2838; this is a tweaked version of pull#2845 that should not leak the length of the password and is more generic, in case we run into other situations where we need timing-attack-resistant comparisons. --- src/util.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'src/util.h') diff --git a/src/util.h b/src/util.h index 9aea564406..c9614d3055 100644 --- a/src/util.h +++ b/src/util.h @@ -437,6 +437,21 @@ static inline uint32_t insecure_rand(void) */ void seed_insecure_rand(bool fDeterministic=false); +/** + * Timing-attack-resistant comparison. + * Takes time proportional to length + * of first argument. + */ +template +bool TimingResistantEqual(const T& a, const T& b) +{ + if (b.size() == 0) return a.size() == 0; + size_t accumulator = a.size() ^ b.size(); + for (size_t i = 0; i < a.size(); i++) + accumulator |= a[i] ^ b[i%b.size()]; + return accumulator == 0; +} + /** Median filter over a stream of values. * Returns the median of the last N numbers */ -- cgit v1.2.3