chiark
/
gitweb
/
~mdw
/
catacomb
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
progs/catcrypt.c, progs/cc-sig.c: Compare MAC tags in constant time.
[catacomb]
/
progs
/
catcrypt.c
diff --git
a/progs/catcrypt.c
b/progs/catcrypt.c
index f4d10c9a768b873a3953df38109c9c48d4f300f7..5879ecbe968e1e3628a19c8a0b2e5434b0f237b6 100644
(file)
--- a/
progs/catcrypt.c
+++ b/
progs/catcrypt.c
@@
-44,6
+44,7
@@
#include <mLib/sub.h>
#include "buf.h"
#include <mLib/sub.h>
#include "buf.h"
+#include "ct.h"
#include "rand.h"
#include "noise.h"
#include "mprand.h"
#include "rand.h"
#include "noise.h"
#include "mprand.h"
@@
-534,7
+535,7
@@
static int decrypt(int argc, char *argv[])
exit(EXIT_FAILURE);
}
GH_HASH(h, BCUR(&b), BLEFT(&b));
exit(EXIT_FAILURE);
}
GH_HASH(h, BCUR(&b), BLEFT(&b));
- if (
memcmp(tag, GH_DONE(h, 0), GM_CLASS(m)->hashsz) != 0
) {
+ if (
!ct_memeq(tag, GH_DONE(h, 0), GM_CLASS(m)->hashsz)
) {
if (f & f_progress) fprogress_done(&ff);
if (verb)
printf("FAIL bad ciphertext chunk: authentication failure\n");
if (f & f_progress) fprogress_done(&ff);
if (verb)
printf("FAIL bad ciphertext chunk: authentication failure\n");
~mdw / catacomb / blobdiff