adam/znc
1
0
Fork 0
mirror of https://github.com/znc/znc.git synced 2026-06-29 06:21:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

User,Utils: move ConstantTimeEquals to CUtils and add tests (#2011)

Browse Source
This commit is contained in:
MarkLee131
2026-04-25 17:37:33 +08:00
parent 794ae6cd60
commit f0c3341e35
5 changed files with 102 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Utils.cpp
+17
View File
@@ -271,6 +271,23 @@ CString CUtils::SaltedHash(const CString& sPass, const CString& sSalt) {
#endif
}
bool CUtils::ConstantTimeEquals(const CString& a, const CString& b) {
// Length is leaked, but for the cases this is used in (fixed-size
// hex hashes for MD5 / SHA256) the lengths are constant. Plain-text
// mode does leak length, but plain-text passwords are deprecated and
// discouraged in znc.conf.
if (a.length() != b.length()) {
return false;
}
unsigned char acc = 0;
const unsigned char* pa = reinterpret_cast<const unsigned char*>(a.data());
const unsigned char* pb = reinterpret_cast<const unsigned char*>(b.data());
for (size_t i = 0; i < a.length(); ++i) {
acc |= static_cast<unsigned char>(pa[i] ^ pb[i]);
}
return acc == 0;
}
CString CUtils::GetPass(const CString& sPrompt) {
#ifdef HAVE_TCSETATTR
// Disable echo