From 8f1412d502f47c1c12b557f7c1d7da4f212b9e46 Mon Sep 17 00:00:00 2001
From: Michael Kirk <michael.code@endoftheworl.de>
Date: Mon, 13 Mar 2017 11:36:00 -0400
Subject: [PATCH] comment constant time compare per code review

// FREEBIE
---
 src/Util/NSData+OWSConstantTimeCompare.h | 3 +++
 src/Util/NSData+OWSConstantTimeCompare.m | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/src/Util/NSData+OWSConstantTimeCompare.h b/src/Util/NSData+OWSConstantTimeCompare.h
index 75260d798..cc017b367 100644
--- a/src/Util/NSData+OWSConstantTimeCompare.h
+++ b/src/Util/NSData+OWSConstantTimeCompare.h
@@ -6,6 +6,9 @@ NS_ASSUME_NONNULL_BEGIN
 
 @interface NSData (OWSConstantTimeCompare)
 
+/**
+ * Compares data in constant time so as to help avoid potential timing attacks.
+ */
 - (BOOL)ows_constantTimeIsEqualToData:(NSData *)other;
 
 @end
diff --git a/src/Util/NSData+OWSConstantTimeCompare.m b/src/Util/NSData+OWSConstantTimeCompare.m
index 08e710146..1333e3558 100644
--- a/src/Util/NSData+OWSConstantTimeCompare.m
+++ b/src/Util/NSData+OWSConstantTimeCompare.m
@@ -19,6 +19,8 @@ NS_ASSUME_NONNULL_BEGIN
     UInt8 *leftBytes = (UInt8 *)self.bytes;
     UInt8 *rightBytes = (UInt8 *)other.bytes;
     for (int i = 0; i < self.length; i++) {
+        // rather than returning as soon as we find a discrepency, we compare the rest of
+        // the byte stream to maintain a constant time comparison
         isEqual = isEqual && (leftBytes[i] == rightBytes[i]);
     }