bpo-40791: Make compare_digest more constant-time. (GH-20444) · python/cpython@c1bbca5

bpo-40791: Make compare_digest more constant-time. (GH-20444) · python/cpython@c1bbca5

File tree

2 files changed

lines changed

Misc/NEWS.d/next/Security

2 files changed

lines changed

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+Add ``volatile`` to the accumulator variable in ``hmac.compare_digest``, making constant-time-defeating optimizations less likely.

Original file line number	Diff line number	Diff line change
`@@ -735,7 +735,7 @@ _tscmp(const unsigned char a, const unsigned char b,`
`735`	`735`	`volatile const unsigned char *left;`
`736`	`736`	`volatile const unsigned char *right;`
`737`	`737`	`Py_ssize_t i;`
`738`		`-unsigned char result;`
	`738`	`+volatile unsigned char result;`
`739`	`739`
`740`	`740`	`/* loop count depends on length of b */`
`741`	`741`	`length = len_b;`