Move timingSafeStrcmp to main

src/core/CNStructs.hpp

@@ -49,6 +49,7 @@ std::string U16toU8(char16_t* src, size_t max);
 size_t U8toU16(std::string src, char16_t* des, size_t max); // returns number of char16_t that was written at des
 time_t getTime();
 time_t getTimestamp();
+int timingSafeStrcmp(const char* a, const char* b);
 void terminate(int);
 
 // The PROTOCOL_VERSION definition can be defined by the build system.

src/db/login.cpp

@@ -1,17 +1,9 @@
+#include "core/CNStructs.hpp"
+
 #include "db/internal.hpp"
 
 #include "bcrypt/BCrypt.hpp"
 
-static int timingSafeStrcmp(const char* a, const char* b) {
-    int diff = 0;
-    while (*a && *b) {
-        diff |= *a++ ^ *b++;
-    }
-    diff |= *a;
-    diff |= *b;
-    return diff;
-}
-
 void Database::findAccount(Account* account, std::string login) {
     std::lock_guard<std::mutex> lock(dbCrit);
 

src/main.cpp

@@ -222,6 +222,17 @@ time_t getTimestamp() {
     return (time_t)value.count();
 }
 
+// timing safe strcmp implementation for e.g. cookie validation
+int timingSafeStrcmp(const char* a, const char* b) {
+    int diff = 0;
+    while (*a && *b) {
+        diff |= *a++ ^ *b++;
+    }
+    diff |= *a;
+    diff |= *b;
+    return diff;
+}
+
 // convert integer timestamp (in s) to FF systime struct
 sSYSTEMTIME timeStampToStruct(uint64_t time) {