commit 3b2ba8d5037b6c75065deb8cccaa0a9165731319
parent 6e4f2b8aab871ccb5ceb21228f959164d38fa4eb
Author: Christian Grothoff <grothoff@gnunet.org>
Date: Sat, 18 Jul 2026 00:59:36 +0200
use TALER_strcmp_ct()
Diffstat:
1 file changed, 9 insertions(+), 32 deletions(-)
diff --git a/src/challenger/challenger-httpd_token.c b/src/challenger/challenger-httpd_token.c
@@ -33,32 +33,6 @@
#define MAX_RETRIES 3
-/**
- * Compare two NUL-terminated strings @a a and @a b in constant time
- * with respect to their contents. Used for comparing secret/MAC
- * material (authorization codes, PKCE challenges) to avoid leaking
- * information via a timing oracle, as plain strcmp() short-circuits
- * at the first differing byte. Note that the string lengths may
- * still leak, which is acceptable here as the token length is not
- * a secret at all.
- *
- * @param a first string
- * @param b second string
- * @return 0 if the strings are equal, non-zero otherwise
- */
-static int
-ct_strcmp (const char *a,
- const char *b)
-{
- size_t alen = strlen (a);
-
- if (strlen (b) != alen)
- return 1;
- return GNUNET_memcmp_ct_ (a,
- b,
- alen);
-}
-
/**
* Context for a /token operation.
@@ -639,8 +613,9 @@ CH_handler_token (struct CH_HandlerContext *hc,
"Failed to encode hash to Base64 URL");
}
- if (0 != ct_strcmp (encoded_hash,
- code_challenge))
+ if (0 !=
+ TALER_strcmp_ct (encoded_hash,
+ code_challenge))
{
GNUNET_break_op (0);
json_decref (address);
@@ -661,8 +636,9 @@ CH_handler_token (struct CH_HandlerContext *hc,
}
break;
case CHALLENGER_CM_PLAIN:
- if (0 != ct_strcmp (bc->code_verifier,
- code_challenge))
+ if (0 !=
+ TALER_strcmp_ct (bc->code_verifier,
+ code_challenge))
{
GNUNET_break_op (0);
json_decref (address);
@@ -723,8 +699,9 @@ CH_handler_token (struct CH_HandlerContext *hc,
GNUNET_free (client_redirect_uri);
GNUNET_free (client_state);
GNUNET_free (code_challenge);
- if (0 != ct_strcmp (code,
- bc->code))
+ if (0 !=
+ TALER_strcmp_ct (code,
+ bc->code))
{
GNUNET_break_op (0);
GNUNET_free (code);