summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorDimitri Staessens <dimitri@ouroboros.rocks>2026-06-21 13:20:30 +0200
committerSander Vrijders <sander@ouroboros.rocks>2026-06-29 08:32:59 +0200
commit84e1a6c0e9f6a7aed3c367e5b6fce029db0fc453 (patch)
tree1182b290d3dda2820f4f94a98c77cf281e82b2ba /src
parenta169a1cef5332a409efc2db07bcc1ae9b72f217e (diff)
downloadouroboros-84e1a6c0e9f6a7aed3c367e5b6fce029db0fc453.tar.gz
ouroboros-84e1a6c0e9f6a7aed3c367e5b6fce029db0fc453.zip
lib: Add constant-time comparison helper
Add a function crypt_ct_cmp() that wraps CRYPTO_memcmp (OpenSSL) with a volatile-loop fallback, for comparing authentication tags without leaking timing. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src')
-rw-r--r--src/lib/crypt.c19
1 files changed, 19 insertions, 0 deletions
diff --git a/src/lib/crypt.c b/src/lib/crypt.c
index a34e7298..5da9d392 100644
--- a/src/lib/crypt.c
+++ b/src/lib/crypt.c
@@ -1033,6 +1033,25 @@ int crypt_load_privkey_raw_file(const char * path,
#endif
}
+int crypt_ct_cmp(const void * a,
+ const void * b,
+ size_t len)
+{
+#ifdef HAVE_OPENSSL
+ return CRYPTO_memcmp(a, b, len);
+#else
+ const volatile uint8_t * pa = a;
+ const volatile uint8_t * pb = b;
+ uint8_t d = 0;
+ size_t i;
+
+ for (i = 0; i < len; i++)
+ d |= pa[i] ^ pb[i];
+
+ return d != 0;
+#endif
+}
+
int crypt_cmp_key(const void * key1,
const void * key2)
{