From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Wed, 2 Jun 2021 13:31:56 +0000 (+0200)
Subject: Move constantTimeStringEquals to its own file
X-Git-Tag: dnsdist-1.7.0-alpha1~3^2~9
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fdb89daa60a4281c139fd4afbe7af222b1b54860;p=thirdparty%2Fpdns.git

Move constantTimeStringEquals to its own file
---

diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc
index e4f77e795f..f89acb68e1 100644
--- a/pdns/dnssecinfra.cc
+++ b/pdns/dnssecinfra.cc
@@ -45,6 +45,7 @@
 #include "pkcs11signers.hh"
 #endif
 #include "misc.hh"
+#include "string_compare.hh"
 
 using namespace boost::assign;
 
diff --git a/pdns/string_compare.hh b/pdns/string_compare.hh
new file mode 100644
index 0000000000..ad4712f3bc
--- /dev/null
+++ b/pdns/string_compare.hh
@@ -0,0 +1,53 @@
+/*
+ * This file is part of PowerDNS or dnsdist.
+ * Copyright -- PowerDNS.COM B.V. and its contributors
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * In addition, for the avoidance of any doubt, permission is granted to
+ * link this program with OpenSSL and to (re)distribute the binaries
+ * produced as the result of such linking.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <string>
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#ifdef HAVE_CRYPTO_MEMCMP
+#include <openssl/crypto.h>
+#endif
+
+static bool constantTimeStringEquals(const std::string& a, const std::string& b)
+{
+  if (a.size() != b.size()) {
+    return false;
+  }
+  const size_t size = a.size();
+#ifdef HAVE_CRYPTO_MEMCMP
+  return CRYPTO_memcmp(a.c_str(), b.c_str(), size) == 0;
+#else
+  const volatile unsigned char *_a = (const volatile unsigned char *) a.c_str();
+  const volatile unsigned char *_b = (const volatile unsigned char *) b.c_str();
+  unsigned char res = 0;
+
+  for (size_t idx = 0; idx < size; idx++) {
+    res |= _a[idx] ^ _b[idx];
+  }
+
+  return res == 0;
+#endif
+}
+