From ac7d07c2cc54e9f07fe81ac4c50bcc80ecc7ac54 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 2 Oct 2013 17:55:28 -0400 Subject: Add an internal constant-time comparison function k5_bcmp acts similarly to the deprecated Unix bcmp() function, returning zero if two memory regions are equal and nonzero if they are not. It is implemented such that it should take the same amount of time regardless of how many bytes are equal within the memory regions. --- src/include/k5-platform.h | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'src/include') diff --git a/src/include/k5-platform.h b/src/include/k5-platform.h index ad7888ab1..7203a994a 100644 --- a/src/include/k5-platform.h +++ b/src/include/k5-platform.h @@ -40,6 +40,7 @@ * + [v]asprintf * + mkstemp * + zap (support function; macro is in k5-int.h) + * + constant time memory comparison * + path manipulation * + _, N_, dgettext, bindtextdomain (for localization) */ @@ -1048,6 +1049,13 @@ extern int krb5int_gettimeofday(struct timeval *tp, void *ignore); extern void krb5int_zap(void *ptr, size_t len); +/* + * Return 0 if the n-byte memory regions p1 and p2 are equal, and nonzero if + * they are not. The function is intended to take the same amount of time + * regardless of how many bytes of p1 and p2 are equal. + */ +int k5_bcmp(const void *p1, const void *p2, size_t n); + /* * Split a path into parent directory and basename. Either output parameter * may be NULL if the caller doesn't need it. parent_out will be empty if path -- cgit