Bertrand, Am 22.01.21 um 00:45 schrieb Bertrand Jacquin: >> The strcmp converter is not binary safe. It uses strncmp internally. > > It is not indeed, what do you think of improving current related strcmp > documentation and example to add an hex conversion to achieve the same > goal? This would be pretty slow, I'd be happy if you have something more > efficient to offer for this use case. Also, CRYPTO_memcmp() is
Do you have a specific use-case in mind? Where would you / one need to compare binary data outside something like hash comparisons? I'd say that users can figure out how to combine strcmp with the hex converter themselves. If performance is desired it might make sense to add a memcmp() converter that nicely complements strcmp and secure_memcmp. It's just that I did not yet have a need for this (and apparently no one else did). > relatively simple and could be rewritten in openssl compat as an inline > function too. I prefer to defer to a "known good" implementation. Getting this right across compilers is non-trivial to prevent the compiler from optimizing it. OpenSSL specifically includes Assembler implementations. IMO If users actually need secure_memcmp in HAProxy they should upgrade their OpenSSL. Best regards Tim Düsterhus
