From da4489a6ad91e564eaabd0d0ac170e5f53f5b977 Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Thu, 26 May 2016 09:26:09 +0100
Subject: [PATCH] progs/catcrypt.c, progs/cc-sig.c: Compare MAC tags in
 constant time.

---
 progs/catcrypt.c | 3 ++-
 progs/cc-sig.c   | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/progs/catcrypt.c b/progs/catcrypt.c
index f4d10c9a..5879ecbe 100644
--- a/progs/catcrypt.c
+++ b/progs/catcrypt.c
@@ -44,6 +44,7 @@
 #include <mLib/sub.h>
 
 #include "buf.h"
+#include "ct.h"
 #include "rand.h"
 #include "noise.h"
 #include "mprand.h"
@@ -534,7 +535,7 @@ static int decrypt(int argc, char *argv[])
       exit(EXIT_FAILURE);
     }
     GH_HASH(h, BCUR(&b), BLEFT(&b));
-    if (memcmp(tag, GH_DONE(h, 0), GM_CLASS(m)->hashsz) != 0) {
+    if (!ct_memeq(tag, GH_DONE(h, 0), GM_CLASS(m)->hashsz)) {
       if (f & f_progress) fprogress_done(&ff);
       if (verb)
 	printf("FAIL bad ciphertext chunk: authentication failure\n");
diff --git a/progs/cc-sig.c b/progs/cc-sig.c
index 14f5e108..e157e8d1 100644
--- a/progs/cc-sig.c
+++ b/progs/cc-sig.c
@@ -37,6 +37,7 @@
 #include "sha.h"
 #include "has160.h"
 
+#include "ct.h"
 #include "ec.h"
 #include "ec-keys.h"
 #include "dh.h"
@@ -634,7 +635,7 @@ static int mac_vrfdoit(sig *s, dstr *d)
   const octet *t;
 
   t = GH_DONE(m->s.h, 0);
-  if (d->len != m->mc->hashsz || memcmp(d->buf, t, d->len) != 0)
+  if (d->len != m->mc->hashsz || !ct_memeq(d->buf, t, d->len))
     return (-1);
   return (0);
 }
-- 
2.11.0