commit 27cc6205e4024a59c73a3318e1f1c77ee369aeff
parent 57bb8d536af02d03ef0170841067f200deefc927
Author: Christian Grothoff <grothoff@gnunet.org>
Date: Sat, 18 Jul 2026 00:58:36 +0200
add TALER_strcmp_ct()
Diffstat:
3 files changed, 33 insertions(+), 1 deletion(-)
diff --git a/meson.build b/meson.build
@@ -281,7 +281,7 @@ if not get_option('only-doc')
libltversions = [
- ['libtalerutil', '14:0:0'],
+ ['libtalerutil', '15:0:1'],
['libtalerjson', '7:0:3'],
['libtalercurl', '0:1:0'],
['libtalerpq', '1:0:0'],
diff --git a/src/include/taler/taler_util.h b/src/include/taler/taler_util.h
@@ -142,6 +142,24 @@ TALER_b2s (const void *buf,
/**
+ * Compare two NUL-terminated strings @a a and @a b in constant time
+ * with respect to their contents. Used for comparing secret/MAC
+ * material (authorization codes, PKCE challenges) to avoid leaking
+ * information via a timing oracle, as plain strcmp() short-circuits
+ * at the first differing byte. Note that the string lengths may
+ * still leak, which is acceptable here as the token length is not
+ * a secret at all.
+ *
+ * @param a first string
+ * @param b second string
+ * @return 0 if the strings are equal, non-zero otherwise
+ */
+int
+TALER_strcmp_ct (const char *a,
+ const char *b);
+
+
+/**
* Convert a fixed-sized object to a string using
* #TALER_b2s().
*
diff --git a/src/util/util.c b/src/util/util.c
@@ -27,6 +27,20 @@
#include <unistr.h>
+int
+TALER_strcmp_ct (const char *a,
+ const char *b)
+{
+ size_t alen = strlen (a);
+
+ if (strlen (b) != alen)
+ return 1;
+ return GNUNET_memcmp_ct_ (a,
+ b,
+ alen);
+}
+
+
const char *
TALER_b2s (const void *buf,
size_t buf_size)