I'm looking for a constant-time implementation of realpath() , does one exist?
I'm in a situation where a malicious actor may control the argument for realpath(), and could theoretically use a timing attack to deduce if realpath() pointed to a real file or not.
this should work,
for example, a realtime that always uses exactly 1 millisecond (should be more than enough for SSD-based servers, perhaps rotating harddrive based servers may need something closer to 10 milliseconds, i don't know):
and you can use $constant_time_success to check if it was actually constant-time, or if you needed to set a higher value..