From f5460a5037f0dda1b02873ee189bf38685933529 Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Mon, 10 May 2021 16:24:54 +0100
Subject: util.hashes: Add constant-time string comparison (binding to
 CRYPTO_memcmp)

---
 util-src/hashes.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/util-src/hashes.c b/util-src/hashes.c
index 903ecb6e..b16eb03f 100644
--- a/util-src/hashes.c
+++ b/util-src/hashes.c
@@ -23,6 +23,7 @@ typedef unsigned __int32 uint32_t;
 
 #include "lua.h"
 #include "lauxlib.h"
+#include <openssl/crypto.h>
 #include <openssl/sha.h>
 #include <openssl/md5.h>
 #include <openssl/hmac.h>
@@ -189,6 +190,18 @@ static int LscramHi(lua_State *L) {
 	return 1;
 }
 
+static int Lhash_equals(lua_State *L) {
+	size_t len1, len2;
+	const char *s1 = luaL_checklstring(L, 1, &len1);
+	const char *s2 = luaL_checklstring(L, 2, &len2);
+	if(len1 == len2) {
+		lua_pushboolean(L, CRYPTO_memcmp(s1, s2, len1) == 0);
+	} else {
+		lua_pushboolean(L, 0);
+	}
+	return 1;
+}
+
 static const luaL_Reg Reg[] = {
 	{ "sha1",		Lsha1		},
 	{ "sha224",		Lsha224		},
@@ -201,6 +214,7 @@ static const luaL_Reg Reg[] = {
 	{ "hmac_sha512",	Lhmac_sha512	},
 	{ "hmac_md5",		Lhmac_md5	},
 	{ "scram_Hi_sha1",	LscramHi	},
+	{ "equals",             Lhash_equals    },
 	{ NULL,			NULL		}
 };
 
-- 
cgit v1.2.3