mirror/esphome
1
0
Fork 0
mirror of https://github.com/esphome/esphome.git synced 2026-03-03 03:08:21 -07:00
Code Issues Packages Projects Releases Wiki Activity

Use encoder output length and remove early return on length mismatch

Browse Source 
Use the out length from esp_crypto_base64_encode instead of strlen.
Fold length mismatch into the accumulator to make comparison fully
constant-time without early return.
This commit is contained in:
J. Nick Koston
2026-02-08 07:16:19 -06:00
parent 1dcffdc872
commit c90ca4df87
1 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
esphome/components/web_server_idf/web_server_idf.cpp
View File

@@ -356,14 +356,13 @@ bool AsyncWebServerRequest::authenticate(const char *username, const char *passw
// Constant-time comparison to avoid timing side channels
const char *provided = auth_str + auth_prefix_len;
size_t digest_len = strlen(digest.get());
size_t digest_len = out;
size_t provided_len = strlen(provided);
if (digest_len != provided_len) {
return false;
}
volatile uint8_t result = 0;
result |= static_cast<uint8_t>(digest_len ^ provided_len);
for (size_t i = 0; i < digest_len; i++) {
result |= digest.get()[i] ^ provided[i];
char provided_ch = (i < provided_len) ? provided[i] : 0;
result |= static_cast<uint8_t>(digest.get()[i] ^ provided_ch);
}
return result == 0;
}