esac
PKG_CHECK_MODULES([mLib], [mLib >= 2.1.0])
-PKG_CHECK_MODULES([catacomb], [catacomb >= 2.1.1])
+PKG_CHECK_MODULES([catacomb], [catacomb >= 2.1.4])
AM_CFLAGS="$AM_CFLAGS $mLib_CFLAGS $catacomb_CFLAGS"
+tripe (1.0.0pre13) experimental; urgency=low
+
+ * Compare MAC tags in constant time. (Fixes a timing attack performed
+ by an adversary who can watch the timestamp on the server log.)
+
+ -- Mark Wooding <mdw@distorted.org.uk> Mon, 27 May 2013 22:58:31 +0100
+
tripe (1.0.0pre12.2) experimental; urgency=low
* New `tripe-keys' command: `check' reports on keys which will expire
Priority: extra
Maintainer: Mark Wooding <mdw@distorted.org.uk>
XS-Python-Version: >= 2.4
-Build-Depends: catacomb-dev (>= 2.1.1), mlib-dev (>= 2.0.4),
+Build-Depends: catacomb-dev (>= 2.1.4), mlib-dev (>= 2.0.4),
tshark, wireshark-dev (>= 0.10.10), debhelper (>= 4.0.2),
python-central
Standards-Version: 3.1.1
}
h = GM_INIT(mac);
GH_HASH(h, p, 4);
- ok = (memcmp(GH_DONE(h, 0), p + 4, master->algs.tagsz) == 0);
+ ok = ct_memeq(GH_DONE(h, 0), p + 4, master->algs.tagsz);
GH_DESTROY(h);
if (!ok) {
a_warn("CHAL", "incorrect-tag", A_END);
GH_HASH(h, t, sizeof(t));
GH_HASH(h, pseq, SEQSZ + ivsz + sz);
mac = GH_DONE(h, 0);
- eq = !memcmp(mac, pmac, tagsz);
+ eq = ct_memeq(mac, pmac, tagsz);
IF_TRACING(T_KEYSET, {
trace_block(T_CRYPTO, "crypto: computed MAC", mac, tagsz);
})
#include <mLib/versioncmp.h>
#include <catacomb/buf.h>
+#include <catacomb/ct.h>
#include <catacomb/gcipher.h>
#include <catacomb/gmac.h>