Re: small patch: CRYPTO_memcmp
On Wed, Apr 23, 2014 at 04:39:01AM +, Miod Vallat wrote: > > > + while (n-- > 0) > > > + x |= a[n] ^ b[n]; > > > > Won't compare the bytes at [0]. > > Uh? It will, n gets decremented after the test but before the x |= > statement. Heh. you're right. And both Ted and I were dumbasses. I have tied the Mr. Gumby hankerchief to my head. Although probably means that hack is really not readable enough to be worth saving 8 bytes of stack ;) > > > I think switching this to be > > timingsafe_bcmp would be better, then we only have copy. > > Agreed. > Yup.
Re: small patch: CRYPTO_memcmp
> > + while (n-- > 0) > > + x |= a[n] ^ b[n]; > > Won't compare the bytes at [0]. Uh? It will, n gets decremented after the test but before the x |= statement. > I think switching this to be > timingsafe_bcmp would be better, then we only have copy. Agreed.
Re: small patch: CRYPTO_memcmp
On Wed, Apr 23, 2014 at 09:05, Michael W. Bombardieri wrote: > CRYPTO_memcmp() is different to memcmp() because it can only check > for equality, not greater-than/less-than. > If we check the string in reverse order we can remove a variable > from the comparison loop. > > Does this look ok? Almost, but... > + while (n-- > 0) > + x |= a[n] ^ b[n]; Won't compare the bytes at [0]. I think switching this to be timingsafe_bcmp would be better, then we only have copy.
Re: small patch: CRYPTO_memcmp
Nope. One of those things is not like the other..
On Tue, Apr 22, 2014 at 7:05 PM, Michael W. Bombardieri wrote:
> Hi tech@,
>
> Sending this patch for comment...
>
> CRYPTO_memcmp() is different to memcmp() because it can only check
> for equality, not greater-than/less-than.
> If we check the string in reverse order we can remove a variable
> from the comparison loop.
>
> Does this look ok?
>
> - Michael
>
>
>
> Index: cryptlib.c
> ===
> RCS file: /cvs/src/lib/libssl/src/crypto/cryptlib.c,v
> retrieving revision 1.23
> diff -u -r1.23 cryptlib.c
> --- cryptlib.c 21 Apr 2014 11:19:28 - 1.23
> +++ cryptlib.c 23 Apr 2014 01:19:39 -
> @@ -727,15 +727,13 @@
> }
>
> int
> -CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
> +CRYPTO_memcmp(const void *in_a, const void *in_b, size_t n)
> {
> - size_t i;
> const unsigned char *a = in_a;
> const unsigned char *b = in_b;
> unsigned char x = 0;
>
> - for (i = 0; i < len; i++)
> - x |= a[i] ^ b[i];
> -
> + while (n-- > 0)
> + x |= a[n] ^ b[n];
> return x;
> }
>
small patch: CRYPTO_memcmp
Hi tech@,
Sending this patch for comment...
CRYPTO_memcmp() is different to memcmp() because it can only check
for equality, not greater-than/less-than.
If we check the string in reverse order we can remove a variable
from the comparison loop.
Does this look ok?
- Michael
Index: cryptlib.c
===
RCS file: /cvs/src/lib/libssl/src/crypto/cryptlib.c,v
retrieving revision 1.23
diff -u -r1.23 cryptlib.c
--- cryptlib.c 21 Apr 2014 11:19:28 - 1.23
+++ cryptlib.c 23 Apr 2014 01:19:39 -
@@ -727,15 +727,13 @@
}
int
-CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
+CRYPTO_memcmp(const void *in_a, const void *in_b, size_t n)
{
- size_t i;
const unsigned char *a = in_a;
const unsigned char *b = in_b;
unsigned char x = 0;
- for (i = 0; i < len; i++)
- x |= a[i] ^ b[i];
-
+ while (n-- > 0)
+ x |= a[n] ^ b[n];
return x;
}
