progs/catcrypt.c, progs/cc-sig.c: Compare MAC tags in constant time.

[catacomb] / progs / cc-sig.c

diff --git a/progs/cc-sig.c b/progs/cc-sig.c
index 14f5e108a331534703323fa18acdfc38e92d4d19..e157e8d1dab6eb7f83646e94a2a14cce2e4f413a 100644 (file)
--- a/progs/cc-sig.c
+++ b/progs/cc-sig.c
@@ -37,6 +37,7 @@
 #include "sha.h"
 #include "has160.h"
 
+#include "ct.h"
 #include "ec.h"
 #include "ec-keys.h"
 #include "dh.h"
@@ -634,7 +635,7 @@ static int mac_vrfdoit(sig *s, dstr *d)
   const octet *t;
 
   t = GH_DONE(m->s.h, 0);
-  if (d->len != m->mc->hashsz || memcmp(d->buf, t, d->len) != 0)
+  if (d->len != m->mc->hashsz || !ct_memeq(d->buf, t, d->len))
     return (-1);
   return (0);
 }