Make all hash checking in programs constant-time
diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c
index 4c1f8ea..1239ca2 100644
--- a/programs/aes/aescrypt2.c
+++ b/programs/aes/aescrypt2.c
@@ -75,6 +75,7 @@
unsigned char key[512];
unsigned char digest[32];
unsigned char buffer[1024];
+ unsigned char diff;
aes_context aes_ctx;
sha256_context sha_ctx;
@@ -397,7 +398,12 @@
goto exit;
}
- if( memcmp( digest, buffer, 32 ) != 0 )
+ /* Use constant-time buffer comparison */
+ diff = 0;
+ for( i = 0; i < 32; i++ )
+ diff |= digest[i] ^ buffer[i];
+
+ if( diff != 0 )
{
fprintf( stderr, "HMAC check failed: wrong key, "
"or file corrupted.\n" );
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index 8ca4d92..3f29058 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -77,6 +77,7 @@
int nb_tot1, nb_tot2;
unsigned char sum[POLARSSL_MD_MAX_SIZE];
char buf[POLARSSL_MD_MAX_SIZE * 2 + 1], line[1024];
+ char diff;
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
@@ -123,7 +124,12 @@
for( i = 0; i < md_info->size; i++ )
sprintf( buf + i * 2, "%02x", sum[i] );
- if( memcmp( line, buf, 2 * md_info->size ) != 0 )
+ /* Use constant-time buffer comparison */
+ diff = 0;
+ for( i = 0; i < 2 * md_info->size; i++ )
+ diff |= line[i] ^ buf[i];
+
+ if( diff != 0 )
{
nb_err2++;
fprintf( stderr, "wrong checksum: %s\n", line + 66 );
diff --git a/programs/hash/md5sum.c b/programs/hash/md5sum.c
index 6ddc673..d614aa1 100644
--- a/programs/hash/md5sum.c
+++ b/programs/hash/md5sum.c
@@ -77,6 +77,7 @@
int nb_tot1, nb_tot2;
unsigned char sum[16];
char buf[33], line[1024];
+ char diff;
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
@@ -117,7 +118,12 @@
for( i = 0; i < 16; i++ )
sprintf( buf + i * 2, "%02x", sum[i] );
- if( memcmp( line, buf, 32 ) != 0 )
+ /* Use constant-time buffer comparison */
+ diff = 0;
+ for( i = 0; i < 32; i++ )
+ diff |= line[i] ^ buf[i];
+
+ if( diff != 0 )
{
nb_err2++;
fprintf( stderr, "wrong checksum: %s\n", line + 34 );
diff --git a/programs/hash/sha1sum.c b/programs/hash/sha1sum.c
index adde916..ff0514a 100644
--- a/programs/hash/sha1sum.c
+++ b/programs/hash/sha1sum.c
@@ -77,6 +77,7 @@
int nb_tot1, nb_tot2;
unsigned char sum[20];
char buf[41], line[1024];
+ char diff;
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
@@ -117,7 +118,12 @@
for( i = 0; i < 20; i++ )
sprintf( buf + i * 2, "%02x", sum[i] );
- if( memcmp( line, buf, 40 ) != 0 )
+ /* Use constant-time buffer comparison */
+ diff = 0;
+ for( i = 0; i < 40; i++ )
+ diff |= line[i] ^ buf[i];
+
+ if( diff != 0 )
{
nb_err2++;
fprintf( stderr, "wrong checksum: %s\n", line + 42 );
diff --git a/programs/hash/sha2sum.c b/programs/hash/sha2sum.c
index 2f3acf8..c3f1a0d 100644
--- a/programs/hash/sha2sum.c
+++ b/programs/hash/sha2sum.c
@@ -77,6 +77,7 @@
int nb_tot1, nb_tot2;
unsigned char sum[32];
char buf[65], line[1024];
+ char diff;
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
@@ -117,7 +118,12 @@
for( i = 0; i < 32; i++ )
sprintf( buf + i * 2, "%02x", sum[i] );
- if( memcmp( line, buf, 64 ) != 0 )
+ /* Use constant-time buffer comparison */
+ diff = 0;
+ for( i = 0; i < 64; i++ )
+ diff |= line[i] ^ buf[i];
+
+ if( diff != 0 )
{
nb_err2++;
fprintf( stderr, "wrong checksum: %s\n", line + 66 );