1 files changed, 23 insertions, 7 deletions

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 979ff3cfa..2de624c7d 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -724,19 +724,23 @@ crypto_pk_public_exponent_ok(crypto_pk_t *env)
   return BN_is_word(env->key->e, 65537);
 }
 
-/** Compare the public-key components of a and b.  Return -1 if a\<b, 0
- * if a==b, and 1 if a\>b.
+/** Compare the public-key components of a and b.  Return less than 0
+ * if a\<b, 0 if a==b, and greater than 0 if a\>b.  A NULL key is
+ * considered to be less than all non-NULL keys, and equal to itself.
+ *
+ * Note that this may leak information about the keys through timing.
  */
 int
 crypto_pk_cmp_keys(crypto_pk_t *a, crypto_pk_t *b)
 {
   int result;
+  char a_is_non_null = (a != NULL) && (a->key != NULL);
+  char b_is_non_null = (b != NULL) && (b->key != NULL);
+  char an_argument_is_null = !a_is_non_null | !b_is_non_null;
 
-  if (!a || !b)
-    return -1;
-
-  if (!a->key || !b->key)
-    return -1;
+  result = tor_memcmp(&a_is_non_null, &b_is_non_null, sizeof(a_is_non_null));
+  if (an_argument_is_null)
+    return result;
 
   tor_assert(PUBLIC_KEY_OK(a));
   tor_assert(PUBLIC_KEY_OK(b));
@@ -746,6 +750,18 @@ crypto_pk_cmp_keys(crypto_pk_t *a, crypto_pk_t *b)
   return BN_cmp((a->key)->e, (b->key)->e);
 }
 
+/** Compare the public-key components of a and b.  Return non-zero iff
+ * a==b.  A NULL key is considered to be distinct from all non-NULL
+ * keys, and equal to itself.
+ *
+ *  Note that this may leak information about the keys through timing.
+ */
+int
+crypto_pk_eq_keys(crypto_pk_t *a, crypto_pk_t *b)
+{
+  return (crypto_pk_cmp_keys(a, b) == 0);
+}
+
 /** Return the size of the public key modulus in <b>env</b>, in bytes. */
 size_t
 crypto_pk_keysize(crypto_pk_t *env)