# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1620660294 -3600
# Node ID 13b84682518e6e754dca3c6ab626d9a140c33901
# Parent  1937b3c3efb53079f5c57931383a477f8c4ce767
util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp)

diff -r 1937b3c3efb5 -r 13b84682518e util-src/hashes.c
--- a/util-src/hashes.c	Fri May 07 17:03:49 2021 +0100
+++ b/util-src/hashes.c	Mon May 10 16:24:54 2021 +0100
@@ -23,6 +23,7 @@
 
 #include "lua.h"
 #include "lauxlib.h"
+#include <openssl/crypto.h>
 #include <openssl/sha.h>
 #include <openssl/md5.h>
 #include <openssl/hmac.h>
@@ -189,6 +190,18 @@
 	return 1;
 }
 
+static int Lhash_equals(lua_State *L) {
+	size_t len1, len2;
+	const char *s1 = luaL_checklstring(L, 1, &len1);
+	const char *s2 = luaL_checklstring(L, 2, &len2);
+	if(len1 == len2) {
+		lua_pushboolean(L, CRYPTO_memcmp(s1, s2, len1) == 0);
+	} else {
+		lua_pushboolean(L, 0);
+	}
+	return 1;
+}
+
 static const luaL_Reg Reg[] = {
 	{ "sha1",		Lsha1		},
 	{ "sha224",		Lsha224		},
@@ -201,6 +214,7 @@
 	{ "hmac_sha512",	Lhmac_sha512	},
 	{ "hmac_md5",		Lhmac_md5	},
 	{ "scram_Hi_sha1",	LscramHi	},
+	{ "equals",             Lhash_equals    },
 	{ NULL,			NULL		}
 };