DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Add constant time memory comparison function os_memcmp_const

Browse source 
This function is meant for comparing passwords or hash values where
difference in execution time could provide external observer information
about the location of the difference in the memory buffers. The return
value does not behave like os_memcmp(), i.e., os_memcmp_const() cannot
be used to sort items into a defined order. Unlike os_memcmp(),
execution time of os_memcmp_const() does not depend on the contents of
the compared memory buffers, but only on the total compared length.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-06-29 19:33:19 +03:00
parent ee352f1e5a
commit afc3c8b07f
5 changed files with 64 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/utils/os_internal.c
View file

@ -463,6 +463,20 @@ size_t os_strlcpy(char *dest, const char *src, size_t siz)
}
int os_memcmp_const(const void *a, const void *b, size_t len)
{
const u8 *aa = a;
const u8 *bb = b;
size_t i;
u8 res;
for (res = 0, i = 0; i < len; i++)
res |= aa[i] ^ bb[i];
return res;
}
char * os_strstr(const char *haystack, const char *needle)
{
size_t len = os_strlen(needle);