On May 6, 2011, at 10:25 PM, Robert Ransom wrote:
> I would expect GCC (and most other C compilers) to use a
> non-constant-time implementation of (v1 == v2).
Are there machines that implement uint8_t comparison in a data-dependent way?
What's an example?
--
Chris Palmer
Technolo
O0, in case that helps.
--
Chris Palmer
Technology Director, Electronic Frontier Foundation
https://www.eff.org/code
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
On May 6, 2011, at 8:53 PM, Robert Ransom wrote:
>> int memcmp(const void *m1, const void *m2, size_t n)
>> {
>> /*XXX I don't know if this is even right; I haven't tested it at all */
>> const uint8_t *b1 = m1, *b2 = m2;
>> int retval = 0;
>>
>> while (n--) {
>>const uint8_t v1 = b1[n], v
On May 6, 2011, at 5:08 PM, Jacob Appelbaum wrote:
> We can
> #define over memcmp but I fear that it's better to specifically
> eradicate each one by hand and really think things over on a case by
> case basis.
FWIW, I agree.
Nice work, Marsh!
--
Chris Palmer
Technology Dir
ng at two things:
--
Chris Palmer
Technology Director, Electronic Frontier Foundation
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
world, of which those CPE things
like printers and routers are just a subset, seems reasonable.
I don't know if it's possible to do better than to "just sort of look like a
web server with a self-signed cert".
--
Chris Palmer
Technology Director, Electronic Frontier Foun