From 84e1a6c0e9f6a7aed3c367e5b6fce029db0fc453 Mon Sep 17 00:00:00 2001 From: Dimitri Staessens Date: Sun, 21 Jun 2026 13:20:30 +0200 Subject: lib: Add constant-time comparison helper Add a function crypt_ct_cmp() that wraps CRYPTO_memcmp (OpenSSL) with a volatile-loop fallback, for comparing authentication tags without leaking timing. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders --- src/lib/crypt.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'src') diff --git a/src/lib/crypt.c b/src/lib/crypt.c index a34e7298..5da9d392 100644 --- a/src/lib/crypt.c +++ b/src/lib/crypt.c @@ -1033,6 +1033,25 @@ int crypt_load_privkey_raw_file(const char * path, #endif } +int crypt_ct_cmp(const void * a, + const void * b, + size_t len) +{ +#ifdef HAVE_OPENSSL + return CRYPTO_memcmp(a, b, len); +#else + const volatile uint8_t * pa = a; + const volatile uint8_t * pb = b; + uint8_t d = 0; + size_t i; + + for (i = 0; i < len; i++) + d |= pa[i] ^ pb[i]; + + return d != 0; +#endif +} + int crypt_cmp_key(const void * key1, const void * key2) { -- cgit v1.2.3