Add constant time memcmp and use it for comparing keys.

There is perhaps no problem now, but it is a good practise to use constant time for key comaprison to avoid possible side channel issues.
2025-12-05 16:00:05 +01:00 · 2022-04-27 23:05:02 +02:00
parent 4f44bb40b7
commit 2bf0f537f6
12 changed files with 65 additions and 5 deletions
--- a/lib/crypto_backend/crypto_nss.c
+++ b/lib/crypto_backend/crypto_nss.c
@@ -395,3 +395,8 @@ int crypt_bitlk_decrypt_key(const void *key, size_t key_length,
 	return crypt_bitlk_decrypt_key_kernel(key, key_length, in, out, length,
 					      iv, iv_length, tag, tag_length);
 }
+
+int crypt_backend_memeq(const void *m1, const void *m2, size_t n)
+{
+	return NSS_SecureMemcmp(m1, m2, n);
+}