projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 85d799b) | patch
Add timingsafe_bcmp(), for constant-time memory comparison
authorHeikki Linnakangas <heikki.linnakangas@iki.fi>
Wed, 2 Apr 2025 12:32:40 +0000 (15:32 +0300)
committerHeikki Linnakangas <heikki.linnakangas@iki.fi>
Wed, 2 Apr 2025 12:32:40 +0000 (15:32 +0300)
commit09be39112654c3f158098fdb5f820143c0330763
tree1864a2d06bac4af18cd9c62dbd2db638a8815991tree
parent85d799ba8a7fe3f6a462fcccbb449e08d21f4ea4commit | diff
Add timingsafe_bcmp(), for constant-time memory comparison

timingsafe_bcmp() should be used instead of memcmp() or a naive
for-loop, when comparing passwords or secret tokens, to avoid leaking
information about the secret token by timing. This commit just
introduces the function but does not change any existing code to use
it yet.

Co-authored-by: Jelte Fennema-Nio <github-tech@jeltef.nl>
Discussion: https://www.postgresql.org/message-id/7b86da3b-9356-4e50-aa1b-56570825e234@iki.fi
configure diff | blob | blame | history
configure.ac diff | blob | blame | history
meson.build diff | blob | blame | history
src/include/port.h diff | blob | blame | history
src/port/meson.build diff | blob | blame | history
src/port/timingsafe_bcmp.c [new file with mode: 0644] blob
This is the main PostgreSQL git repository.