Add constant time memcmp and use it for comparing keys.

There is perhaps no problem now, but it is a good practise to use constant time for key comaprison to avoid possible side channel issues.
2025-12-05 16:00:05 +01:00 · 2022-04-27 23:05:02 +02:00
parent 4f44bb40b7
commit 2bf0f537f6
12 changed files with 65 additions and 5 deletions
--- a/lib/crypto_backend/crypto_openssl.c
+++ b/lib/crypto_backend/crypto_openssl.c
@@ -30,6 +30,7 @@

 #include <string.h>
 #include <errno.h>
+#include <openssl/crypto.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/rand.h>
@@ -806,3 +807,8 @@ out:
 	return -ENOTSUP;
 #endif
 }
+
+int crypt_backend_memeq(const void *m1, const void *m2, size_t n)
+{
+	return CRYPTO_memcmp(m1, m2, n);
+}