Home > mailing lists

pgsql: Add timingsafe_bcmp(), for constant-time memory comparison - Mailing list pgsql-committers

From	Heikki Linnakangas
Subject	pgsql: Add timingsafe_bcmp(), for constant-time memory comparison
Date	April 2 15:42:13
Msg-id	E1tzxQ5-002HzH-0N@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

Add timingsafe_bcmp(), for constant-time memory comparison

timingsafe_bcmp() should be used instead of memcmp() or a naive
for-loop, when comparing passwords or secret tokens, to avoid leaking
information about the secret token by timing. This commit just
introduces the function but does not change any existing code to use
it yet.

Co-authored-by: Jelte Fennema-Nio <github-tech@jeltef.nl>
Discussion: https://www.postgresql.org/message-id/7b86da3b-9356-4e50-aa1b-56570825e234@iki.fi

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/09be39112654c3f158098fdb5f820143c0330763

Modified Files
--------------
configure                  | 23 +++++++++++++++++++++++
configure.ac               |  3 ++-
meson.build                |  2 ++
src/include/port.h         |  4 ++++
src/port/meson.build       |  1 +
src/port/timingsafe_bcmp.c | 43 +++++++++++++++++++++++++++++++++++++++++++
6 files changed, 75 insertions(+), 1 deletion(-)

pgsql-committers by date:

From: Andres Freund
Date: 02 April, 15:31:02
Subject: pgsql: tests: Fix incompatibility of test_aio with *_FORCE_RELEASE

From: Peter Eisentraut
Date: 02 April, 15:47:19
Subject: pgsql: Fix code comment

pgsql: Add timingsafe_bcmp(), for constant-time memory comparison - Mailing list pgsql-committers

Previous

Next