Commit 1fa1c3f9 authored by Matt Johnston's avatar Matt Johnston
Browse files

note about constant_time_strcmp and lengths

parent 91df7419
......@@ -33,6 +33,8 @@
#ifdef ENABLE_SVR_PASSWORD_AUTH
/* not constant time when strings are differing lengths.
string content isn't leaked, and crypt hashes are predictable length. */
static int constant_time_strcmp(const char* a, const char* b) {
size_t la = strlen(a);
size_t lb = strlen(b);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment