[gnutls-devel] GnuTLS | safe_memcmp: remove in favor of gnutls_memcmp (!1297)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Mon Jun 29 15:56:39 CEST 2020



Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1297

Branches: tmp-safe-memcmp to master
Author:    Daiki Ueno



This replaces the uses of `safe_memcmp` with `gnutls_memcmp` which is resilient against timing attacks. Note that this doesn't imply that the previous code was vulnerable: they were either (1) both arguments are public or (2) both arguments are confidential (and thus the attacker is not able to leverage it for timing attacks unless it has access to the data already).

Fixes #1042.

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1297
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200629/2f405f4f/attachment-0001.html>


More information about the Gnutls-devel mailing list