public inbox for [email protected]
help / color / mirror / Atom feedFrom: Heikki Linnakangas <[email protected]>
To: [email protected]
Subject: pgsql: Add timingsafe_bcmp(), for constant-time memory comparison
Date: Wed, 02 Apr 2025 12:42:13 +0000
Message-ID: <[email protected]> (raw)
Add timingsafe_bcmp(), for constant-time memory comparison
timingsafe_bcmp() should be used instead of memcmp() or a naive
for-loop, when comparing passwords or secret tokens, to avoid leaking
information about the secret token by timing. This commit just
introduces the function but does not change any existing code to use
it yet.
Co-authored-by: Jelte Fennema-Nio <[email protected]>
Discussion: https://www.postgresql.org/message-id/[email protected]
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/09be39112654c3f158098fdb5f820143c0330763
Modified Files
--------------
configure | 23 +++++++++++++++++++++++
configure.ac | 3 ++-
meson.build | 2 ++
src/include/port.h | 4 ++++
src/port/meson.build | 1 +
src/port/timingsafe_bcmp.c | 43 +++++++++++++++++++++++++++++++++++++++++++
6 files changed, 75 insertions(+), 1 deletion(-)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: pgsql: Add timingsafe_bcmp(), for constant-time memory comparison
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox