/src/samba/third_party/heimdal/lib/roken/ct.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright (c) 2009 Kungliga Tekniska Högskolan |
3 | | * (Royal Institute of Technology, Stockholm, Sweden). |
4 | | * All rights reserved. |
5 | | * |
6 | | * Redistribution and use in source and binary forms, with or without |
7 | | * modification, are permitted provided that the following conditions |
8 | | * are met: |
9 | | * |
10 | | * 1. Redistributions of source code must retain the above copyright |
11 | | * notice, this list of conditions and the following disclaimer. |
12 | | * |
13 | | * 2. Redistributions in binary form must reproduce the above copyright |
14 | | * notice, this list of conditions and the following disclaimer in the |
15 | | * documentation and/or other materials provided with the distribution. |
16 | | * |
17 | | * 3. Neither the name of the Institute nor the names of its contributors |
18 | | * may be used to endorse or promote products derived from this software |
19 | | * without specific prior written permission. |
20 | | * |
21 | | * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND |
22 | | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
23 | | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
24 | | * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE |
25 | | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
26 | | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
27 | | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
28 | | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
29 | | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
30 | | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
31 | | * SUCH DAMAGE. |
32 | | */ |
33 | | |
34 | | #include <config.h> |
35 | | #include "roken.h" |
36 | | |
37 | | /** |
38 | | * Constant time compare to memory regions. The reason for making it |
39 | | * constant time is to make sure that timeing information leak from |
40 | | * where in the function the diffrence is. |
41 | | * |
42 | | * ct_memcmp() can't be used to order memory regions like memcmp(), |
43 | | * for example, use ct_memcmp() with qsort(). |
44 | | * |
45 | | * We use volatile to avoid optimizations where the compiler and/or |
46 | | * linker turn this ct_memcmp() into a plain memcmp(). The pointers |
47 | | * themselves are also marked volatile (not just the memory pointed at) |
48 | | * because in some GCC versions there is a bug which can be worked |
49 | | * around by doing this. |
50 | | * |
51 | | * @param p1 memory region 1 to compare |
52 | | * @param p2 memory region 2 to compare |
53 | | * @param len length of memory |
54 | | * |
55 | | * @return 0 when the memory regions are equal, non zero if not |
56 | | * |
57 | | * @ingroup roken |
58 | | */ |
59 | | |
60 | | int |
61 | | ct_memcmp(const volatile void * volatile p1, |
62 | | const volatile void * volatile p2, |
63 | | size_t len) |
64 | 0 | { |
65 | | /* |
66 | | * There's no need for s1 and s2 to be volatile; only p1 and p2 have |
67 | | * to be in order to work around GCC bugs. |
68 | | * |
69 | | * However, s1 and s2 do have to point to volatile, as we don't know |
70 | | * if the object was originally defined as volatile, and if it was |
71 | | * then we'd get undefined behavior here if s1/s2 were declared to |
72 | | * point to non-volatile memory. |
73 | | */ |
74 | 0 | const volatile unsigned char *s1 = p1; |
75 | 0 | const volatile unsigned char *s2 = p2; |
76 | 0 | size_t i; |
77 | 0 | int r = 0; |
78 | |
|
79 | 0 | for (i = 0; i < len; i++) |
80 | 0 | r |= (s1[i] ^ s2[i]); |
81 | 0 | return !!r; |
82 | 0 | } |