| From: | Heikki Linnakangas <heikki(dot)linnakangas(at)iki(dot)fi> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Add timingsafe_bcmp(), for constant-time memory comparison |
| Date: | 2025-04-02 12:42:13 |
| Message-ID: | E1tzxQ5-002HzH-0N@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Add timingsafe_bcmp(), for constant-time memory comparison
timingsafe_bcmp() should be used instead of memcmp() or a naive
for-loop, when comparing passwords or secret tokens, to avoid leaking
information about the secret token by timing. This commit just
introduces the function but does not change any existing code to use
it yet.
Co-authored-by: Jelte Fennema-Nio <github-tech(at)jeltef(dot)nl>
Discussion: https://www.postgresql.org/message-id/7b86da3b-9356-4e50-aa1b-56570825e234@iki.fi
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/09be39112654c3f158098fdb5f820143c0330763
Modified Files
--------------
configure | 23 +++++++++++++++++++++++
configure.ac | 3 ++-
meson.build | 2 ++
src/include/port.h | 4 ++++
src/port/meson.build | 1 +
src/port/timingsafe_bcmp.c | 43 +++++++++++++++++++++++++++++++++++++++++++
6 files changed, 75 insertions(+), 1 deletion(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2025-04-02 12:47:19 | pgsql: Fix code comment |
| Previous Message | Andrew Dunstan | 2025-04-02 12:34:11 | Re: TEMP_CONFIG vs test_aio |