Make all hash checking in programs constant-time

commit: 291f9af935e8cbe78216c93ae3b62728e4e62729 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Oct 28 12:51:32 2013 +0100
committer: Paul Bakker <p.j.bakker@polarssl.org> Thu Oct 31 14:22:27 2013 +0100
tree: c18b78c2645bd02cafeabb51d29bca4d63dad547
parent: 424cd6943c82b7efe22833125ed082f8d569fcd4 [diff] [blame]
diff --git a/programs/hash/sha2sum.c b/programs/hash/sha2sum.c
index 2f3acf8..c3f1a0d 100644
--- a/programs/hash/sha2sum.c
+++ b/programs/hash/sha2sum.c

@@ -77,6 +77,7 @@
     int nb_tot1, nb_tot2;
     unsigned char sum[32];
     char buf[65], line[1024];
+    char diff;
 
     if( ( f = fopen( filename, "rb" ) ) == NULL )
     {
@@ -117,7 +118,12 @@
         for( i = 0; i < 32; i++ )
             sprintf( buf + i * 2, "%02x", sum[i] );
 
-        if( memcmp( line, buf, 64 ) != 0 )
+        /* Use constant-time buffer comparison */
+        diff = 0;
+        for( i = 0; i < 64; i++ )
+            diff |= line[i] ^ buf[i];
+
+        if( diff != 0 )
         {
             nb_err2++;
             fprintf( stderr, "wrong checksum: %s\n", line + 66 );
commit	291f9af935e8cbe78216c93ae3b62728e4e62729	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon Oct 28 12:51:32 2013 +0100
committer	Paul Bakker <p.j.bakker@polarssl.org>	Thu Oct 31 14:22:27 2013 +0100
tree	c18b78c2645bd02cafeabb51d29bca4d63dad547
parent	424cd6943c82b7efe22833125ed082f8d569fcd4 [diff] [blame]