Make all hash checking in programs constant-time
diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c
index 4c1f8ea..1239ca2 100644
--- a/programs/aes/aescrypt2.c
+++ b/programs/aes/aescrypt2.c
@@ -75,6 +75,7 @@
unsigned char key[512];
unsigned char digest[32];
unsigned char buffer[1024];
+ unsigned char diff;
aes_context aes_ctx;
sha256_context sha_ctx;
@@ -397,7 +398,12 @@
goto exit;
}
- if( memcmp( digest, buffer, 32 ) != 0 )
+ /* Use constant-time buffer comparison */
+ diff = 0;
+ for( i = 0; i < 32; i++ )
+ diff |= digest[i] ^ buffer[i];
+
+ if( diff != 0 )
{
fprintf( stderr, "HMAC check failed: wrong key, "
"or file corrupted.\n" );