Commit 0efbd84a authored by David Goulet's avatar David Goulet Committed by Ian Goldberg
Browse files

Add comment to clarify memory comparison in auth.c

Related to #20

 that submitted a wrong patch due to bad understanding
thus the reason of this commit.
Signed-off-by: default avatarDavid Goulet <>

Fixes #20
parent d5340738
......@@ -371,7 +371,11 @@ gcry_error_t otrl_auth_handle_commit(OtrlAuthInfo *auth,
* while in case some other logged in instance of our buddy
* replied with a DHKEY message. In that case, use the
* incoming parameters. Otherwise, compare the hashgx
* values to see which one wins. */
* values to see which one wins.
* This does NOT use constant time comparison because these
* are two public values thus don't need it. Also, this checks
* which pubkey is larger and not if they are the same. */
if (!is_master && memcmp(auth->hashgx, hashbuf, 32) > 0) {
/* Ours wins. Ignore the message we received, and just
* resend the same D-H Commit message again. */
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment