progs/cookie.c: Constant-time MAC tag checking.

author Mark Wooding <mdw@distorted.org.uk>

Sun, 30 Jun 2013 00:17:18 +0000 (01:17 +0100)

committer Mark Wooding <mdw@distorted.org.uk>

Sun, 30 Jun 2013 00:18:58 +0000 (01:18 +0100)
author Mark Wooding <mdw@distorted.org.uk>
Sun, 30 Jun 2013 00:17:18 +0000 (01:17 +0100)
committer Mark Wooding <mdw@distorted.org.uk>
Sun, 30 Jun 2013 00:18:58 +0000 (01:18 +0100)
diff --git a/progs/cookie.c b/progs/cookie.c

index 56849e5..6239eb0 100644 (file)
--- a/progs/cookie.c
+++ b/progs/cookie.c
@@ -45,6 +45,7 @@
  #include <mLib/sub.h>
  
  #include "cc.h"
+#include "ct.h"
  #include "key.h"
  #include "gmac.h"
  #include "getdate.h"
@@ -485,7 +486,7 @@ static int cmd_verify(int argc, char *argv[])
      GH_HASH(h, argv[optind + 1], strlen(argv[optind + 1]));
    t = GH_DONE(h, 0);
  
-  if (memcmp(t, d.buf + COOKIE_SZ, cbits / 8) != 0) {
+  if (!ct_memeq(t, d.buf + COOKIE_SZ, cbits / 8)) {
      if (v) printf("FAIL bad authentication token\n");
      goto fail;
    }
author	Mark Wooding <mdw@distorted.org.uk>
	Sun, 30 Jun 2013 00:17:18 +0000 (01:17 +0100)
committer	Mark Wooding <mdw@distorted.org.uk>
	Sun, 30 Jun 2013 00:18:58 +0000 (01:18 +0100)