progs/catcrypt.c, progs/cc-sig.c: Compare MAC tags in constant time.

diff --git a/progs/catcrypt.c b/progs/catcrypt.c
index f4d10c9..5879ecb 100644 (file)
--- a/progs/catcrypt.c
+++ b/progs/catcrypt.c
@@ -44,6 +44,7 @@
 #include <mLib/sub.h>
 
 #include "buf.h"
+#include "ct.h"
 #include "rand.h"
 #include "noise.h"
 #include "mprand.h"
@@ -534,7 +535,7 @@ static int decrypt(int argc, char *argv[])
       exit(EXIT_FAILURE);
     }
     GH_HASH(h, BCUR(&b), BLEFT(&b));
-    if (memcmp(tag, GH_DONE(h, 0), GM_CLASS(m)->hashsz) != 0) {
+    if (!ct_memeq(tag, GH_DONE(h, 0), GM_CLASS(m)->hashsz)) {
       if (f & f_progress) fprogress_done(&ff);
       if (verb)
        printf("FAIL bad ciphertext chunk: authentication failure\n");

diff --git a/progs/cc-sig.c b/progs/cc-sig.c
index 14f5e10..e157e8d 100644 (file)
--- a/progs/cc-sig.c
+++ b/progs/cc-sig.c
@@ -37,6 +37,7 @@
 #include "sha.h"
 #include "has160.h"
 
+#include "ct.h"
 #include "ec.h"
 #include "ec-keys.h"
 #include "dh.h"
@@ -634,7 +635,7 @@ static int mac_vrfdoit(sig *s, dstr *d)
   const octet *t;
 
   t = GH_DONE(m->s.h, 0);
-  if (d->len != m->mc->hashsz || memcmp(d->buf, t, d->len) != 0)
+  if (d->len != m->mc->hashsz || !ct_memeq(d->buf, t, d->len))
     return (-1);
   return (0);
 }