From 67ac8cbe1706f9bf9b0c1d99add8226b923ed32f Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Thu, 8 Jun 2023 23:21:32 +0100
Subject: [PATCH] mosquitto_memcmp_const is now more constant time.

---
 ChangeLog.txt                   | 1 +
 plugins/dynamic-security/auth.c | 4 +---
 src/password_mosq.c             | 4 +---
 src/security_default.c          | 4 +---
 4 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/ChangeLog.txt b/ChangeLog.txt
index dbe24208..579944dc 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -19,6 +19,7 @@ Broker:
 - Broker will log warnings if sensitive files are world readable/writable, or
   if the owner/group is not the same as the user/group the broker is running
   as. In future versions the broker will refuse to open these files.
+- mosquitto_memcmp_const is now more constant time.
 
 Client library:
 - Use CLOCK_BOOTTIME when available, to keep track of time. This solves the
diff --git a/plugins/dynamic-security/auth.c b/plugins/dynamic-security/auth.c
index 1f62e1fb..03e4f6b9 100644
--- a/plugins/dynamic-security/auth.c
+++ b/plugins/dynamic-security/auth.c
@@ -163,9 +163,7 @@ static int memcmp_const(const void *a, const void *b, size_t len)
 	if(!a || !b) return 1;
 
 	for(i=0; i<len; i++){
-		if( ((char *)a)[i] != ((char *)b)[i] ){
-			rc = 1;
-		}
+		rc |= ((char *)a)[i] ^ ((char *)b)[i];
 	}
 	return rc;
 }
diff --git a/src/password_mosq.c b/src/password_mosq.c
index b8836f45..b11ef09c 100644
--- a/src/password_mosq.c
+++ b/src/password_mosq.c
@@ -201,9 +201,7 @@ int pw__memcmp_const(const void *a, const void *b, size_t len)
 	if(!a || !b) return 1;
 
 	for(i=0; i<len; i++){
-		if( ((char *)a)[i] != ((char *)b)[i] ){
-			rc = 1;
-		}
+		rc |= ((char *)a)[i] ^ ((char *)b)[i];
 	}
 	return rc;
 }
diff --git a/src/security_default.c b/src/security_default.c
index 015ce01b..f659ce4f 100644
--- a/src/security_default.c
+++ b/src/security_default.c
@@ -980,9 +980,7 @@ static int mosquitto__memcmp_const(const void *a, const void *b, size_t len)
 	if(!a || !b) return 1;
 
 	for(i=0; i<len; i++){
-		if( ((char *)a)[i] != ((char *)b)[i] ){
-			rc = 1;
-		}
+		rc |= ((char *)a)[i] ^ ((char *)b)[i];
 	}
 	return rc;
 }