From 6d169e4a739d8dd9bd7f247520c19bdcf7dc4c6b Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Sun, 30 Jun 2013 01:17:18 +0100
Subject: [PATCH] progs/cookie.c: Constant-time MAC tag checking.

---
 progs/cookie.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/progs/cookie.c b/progs/cookie.c
index 56849e5..6239eb0 100644
--- a/progs/cookie.c
+++ b/progs/cookie.c
@@ -45,6 +45,7 @@
 #include <mLib/sub.h>
 
 #include "cc.h"
+#include "ct.h"
 #include "key.h"
 #include "gmac.h"
 #include "getdate.h"
@@ -485,7 +486,7 @@ static int cmd_verify(int argc, char *argv[])
     GH_HASH(h, argv[optind + 1], strlen(argv[optind + 1]));
   t = GH_DONE(h, 0);
 
-  if (memcmp(t, d.buf + COOKIE_SZ, cbits / 8) != 0) {
+  if (!ct_memeq(t, d.buf + COOKIE_SZ, cbits / 8)) {
     if (v) printf("FAIL bad authentication token\n");
     goto fail;
   }
-- 
2.11.0