Check HMAC in constant-time in crypt_and_hash

commit: 424cd6943c82b7efe22833125ed082f8d569fcd4 [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Thu Oct 31 14:22:08 2013 +0100
committer: Paul Bakker <p.j.bakker@polarssl.org> Thu Oct 31 14:22:08 2013 +0100
tree: 74b8e004d308b296a1ffd833b453d7d05372895c
parent: 0d7702c3ee952ddb2f4d922c52d014cf4bd193d1 [diff] [blame]
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index d2845de..50218e1 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c

@@ -76,6 +76,7 @@
     unsigned char digest[POLARSSL_MD_MAX_SIZE];
     unsigned char buffer[1024];
     unsigned char output[1024];
+    unsigned char diff;
 
     const cipher_info_t *cipher_info;
     const md_info_t *md_info;
@@ -476,7 +477,12 @@
             goto exit;
         }
 
-        if( memcmp( digest, buffer, md_get_size( md_info ) ) != 0 )
+        /* Use constant-time buffer comparison */
+        diff = 0;
+        for( i = 0; i < md_get_size( md_info ); i++ )
+            diff |= digest[i] ^ buffer[i];
+
+        if( diff != 0 )
         {
             fprintf( stderr, "HMAC check failed: wrong key, "
                              "or file corrupted.\n" );
commit	424cd6943c82b7efe22833125ed082f8d569fcd4	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Thu Oct 31 14:22:08 2013 +0100
committer	Paul Bakker <p.j.bakker@polarssl.org>	Thu Oct 31 14:22:08 2013 +0100
tree	74b8e004d308b296a1ffd833b453d7d05372895c
parent	0d7702c3ee952ddb2f4d922c52d014cf4bd193d1 [diff] [blame]