apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yla...@apache.org
Subject svn commit: r1763669 - in /apr/apr/trunk: crypto/apr_crypto.c include/apr_crypto.h
Date Thu, 06 Oct 2016 22:25:23 GMT
Author: ylavic
Date: Thu Oct  6 22:25:22 2016
New Revision: 1763669

URL: http://svn.apache.org/viewvc?rev=1763669&view=rev
Log:
crypto: provide apr_crypto_equals(), a timing attacks safe buffers comparison
function.
 

Modified:
    apr/apr/trunk/crypto/apr_crypto.c
    apr/apr/trunk/include/apr_crypto.h

Modified: apr/apr/trunk/crypto/apr_crypto.c
URL: http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr_crypto.c?rev=1763669&r1=1763668&r2=1763669&view=diff
==============================================================================
--- apr/apr/trunk/crypto/apr_crypto.c (original)
+++ apr/apr/trunk/crypto/apr_crypto.c Thu Oct  6 22:25:22 2016
@@ -167,6 +167,21 @@ APR_DECLARE(apr_status_t) apr_crypto_mem
     return APR_SUCCESS;
 }
 
+APR_DECLARE(int) apr_crypto_equals(const void *buf1, const void *buf2,
+                                   apr_size_t size)
+{
+    const unsigned char *p1 = buf1;
+    const unsigned char *p2 = buf2;
+    unsigned char diff = 0;
+    apr_size_t i;
+
+    for (i = 0; i < size; ++i) {
+        diff |= p1[i] ^ p2[i];
+    }
+
+    return 1 & ((diff - 1) >> 8);
+}
+
 APR_DECLARE(apr_status_t) apr_crypto_get_driver(
         const apr_crypto_driver_t **driver, const char *name,
         const char *params, const apu_err_t **result, apr_pool_t *pool)

Modified: apr/apr/trunk/include/apr_crypto.h
URL: http://svn.apache.org/viewvc/apr/apr/trunk/include/apr_crypto.h?rev=1763669&r1=1763668&r2=1763669&view=diff
==============================================================================
--- apr/apr/trunk/include/apr_crypto.h (original)
+++ apr/apr/trunk/include/apr_crypto.h Thu Oct  6 22:25:22 2016
@@ -197,6 +197,18 @@ APR_DECLARE(apr_status_t) apr_crypto_cle
 APR_DECLARE(apr_status_t) apr_crypto_memzero(void *buffer, apr_size_t size);
 
 /**
+ * @brief Timing attacks safe buffers comparison, where the executing time does
+ * not depend on the bytes compared but solely on the number of bytes.
+ *
+ * @param buf1 - first buffer to compare
+ * @param buf2 - second buffer to compare
+ * @param size - size of the buffers to compare
+ * @return 1 if the buffers are equals, 0 otherwise.
+ */
+APR_DECLARE(int) apr_crypto_equals(const void *buf1, const void *buf2,
+                                   apr_size_t size);
+
+/**
  * @brief Get the driver struct for a name
  *
  * @param driver - pointer to driver struct.



Mime
View raw message