#include "../system.h"
+#include "../utils.h"
#include "../xalloc.h"
#include "chacha.h"
poly1305_auth(expected_tag, indata, inlen, poly_key);
- if(memcmp(expected_tag, tag, POLY1305_TAGLEN)) {
+ if(!mem_eq(expected_tag, tag, POLY1305_TAGLEN)) {
return false;
}
#include "ge.h"
#include "sc.h"
-static int consttime_equal(const unsigned char *x, const unsigned char *y) {
- unsigned char r = 0;
-
- r = x[0] ^ y[0];
-#define F(i) r |= x[i] ^ y[i]
- F(1);
- F(2);
- F(3);
- F(4);
- F(5);
- F(6);
- F(7);
- F(8);
- F(9);
- F(10);
- F(11);
- F(12);
- F(13);
- F(14);
- F(15);
- F(16);
- F(17);
- F(18);
- F(19);
- F(20);
- F(21);
- F(22);
- F(23);
- F(24);
- F(25);
- F(26);
- F(27);
- F(28);
- F(29);
- F(30);
- F(31);
-#undef F
-
- return !r;
-}
+#include "../utils.h"
int ed25519_verify(const unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key) {
unsigned char h[64];
ge_double_scalarmult_vartime(&R, h, &A, signature + 32);
ge_tobytes(checker, &R);
- if(!consttime_equal(checker, signature)) {
+ if(!mem_eq(checker, signature, sizeof checker)) {
return 0;
}
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
+#include "../utils.h"
#include "../system.h"
#include "digest.h"
size_t len = digest->maclength;
uint8_t *outdata = alloca(len);
- return digest_create(digest, indata, inlen, outdata) && !memcmp(cmpdata, outdata, len);
+ return digest_create(digest, indata, inlen, outdata) && mem_eq(cmpdata, outdata, len);
}
nid_t digest_get_nid(const digest_t *digest) {
return 1;
}
- if(memcmp(hishash, hash, 18)) {
+ if(!mem_eq(hishash, hash, 18)) {
fprintf(stderr, "Peer has an invalid key. Please make sure you're using the correct URL.\n%s\n", line + 2);
ecdsa_free(key);
return 1;
-
}
ecdsa_t *hiskey = ecdsa_set_base64_public_key(fingerprint);
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
+#include "../utils.h"
#include "../system.h"
#include <openssl/err.h>
size_t len = digest->maclength;
unsigned char *outdata = alloca(len);
- return digest_create(digest, indata, inlen, outdata) && !memcmp(cmpdata, outdata, digest->maclength);
+ return digest_create(digest, indata, inlen, outdata) && mem_eq(cmpdata, outdata, digest->maclength);
}
nid_t digest_get_nid(const digest_t *digest) {
/*
utils.c -- gathering of some stupid small functions
Copyright (C) 1999-2005 Ivo Timmermans
- 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+ 2000-2026 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
return !first == !second &&
!(first && second && strcmp(first, second));
}
+
+bool mem_eq(const void *s1, const void *s2, size_t n) {
+ uint8_t diff = 0;
+ const uint8_t *p1 = s1;
+ const uint8_t *p2 = s2;
+
+ for(size_t i = 0; i < n; i++) {
+ diff |= p1[i] ^ p2[i];
+ }
+
+ return diff == 0;
+}
/*
utils.h -- header file for utils.c
Copyright (C) 1999-2005 Ivo Timmermans
- 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+ 2000-2026 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
// NULL-safe wrapper around strcmp().
extern bool string_eq(const char *first, const char *second);
+extern bool mem_eq(const void* s1, const void* s2, size_t n);
+
#endif
projects / tinc / commitdiff