diff options
Diffstat (limited to 'usr.sbin/nsd/tsig.c')
-rw-r--r-- | usr.sbin/nsd/tsig.c | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/usr.sbin/nsd/tsig.c b/usr.sbin/nsd/tsig.c index b0e40116f74..a450a8b3029 100644 --- a/usr.sbin/nsd/tsig.c +++ b/usr.sbin/nsd/tsig.c @@ -19,6 +19,61 @@ #include "query.h" #include "rbtree.h" +#ifndef HAVE_SSL +/* we need fixed time compare */ +#define CRYPTO_memcmp memcmp_fixedtime +int memcmp_fixedtime(const void *s1, const void *s2, size_t n) +{ + size_t i; + const uint8_t* u1 = (const uint8_t*)s1; + const uint8_t* u2 = (const uint8_t*)s2; + int ret = 0, haveit = 0, bret = 0, bhaveit = 0; + /* this routine loops for every byte in the strings. + * every loop, it tests ==, < and >. All three. One succeeds, + * as every time it must be equal, smaller or larger. The one + * that succeeds has one if-comparison and two assignments. */ + for(i=0; i<n; i++) { + if(u1[i] == u2[i]) { + /* waste time equal to < and > statements */ + if(haveit) { + bret = -1; /* waste time */ + bhaveit = 1; + } else { + bret = 1; /* waste time */ + bhaveit = 1; + } + } + if(u1[i] < u2[i]) { + if(haveit) { + bret = -1; /* waste time equal to the else */ + bhaveit = 1; + } else { + ret = -1; + haveit = 1; + } + } + if(u1[i] > u2[i]) { + if(haveit) { + bret = 1; /* waste time equal to the else */ + bhaveit = 1; + } else { + ret = 1; + haveit = 1; + } + } + } + /* use the variables to stop the compiler from excluding them */ + if(bhaveit) { + if(bret == -2) + ret = 0; /* never happens */ + } else { + if(bret == -2) + ret = 0; /* never happens */ + } + return ret; +} +#endif + static region_type *tsig_region; struct tsig_key_table |