~mdw / udpkey / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 46716e8)
Use constant-time comparison for checking MAC tags.
authorMark Wooding <mdw@distorted.org.uk>
Fri, 28 Jun 2013 19:19:31 +0000 (20:19 +0100)
committerMark Wooding <mdw@distorted.org.uk>
Sat, 29 Jun 2013 09:43:49 +0000 (10:43 +0100)
configure.ac patch | blob | blame | history
debian/control patch | blob | blame | history
udpkey.c patch | blob | blame | history

diff --git a/configure.ac b/configure.ac
index 0fbf6b7..ce56117 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -42,7 +42,7 @@ AX_CFLAGS_WARN_ALL
 AC_SUBST([AM_CFLAGS])
 
 PKG_CHECK_MODULES([mLib], [mLib >= 2.1.0])
-PKG_CHECK_MODULES([catacomb], [catacomb >= 2.1.1])
+PKG_CHECK_MODULES([catacomb], [catacomb >= 2.1.4])
 AM_CFLAGS="$AM_CFLAGS $mLib_CFLAGS $catacomb_CFLAGS"
 
 dnl--------------------------------------------------------------------------
diff --git a/debian/control b/debian/control
index 190af54..9abc7f4 100644 (file)
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: udpkey
 Section: utils
 Priority: extra
 Maintainer: Mark Wooding <mdw@distorted.org.uk>
-Build-Depends: catacomb-dev (>= 2.1.1), mlib-dev (>= 2.1.0), debhelper (>= 8)
+Build-Depends: catacomb-dev (>= 2.1.4), mlib-dev (>= 2.1.0), debhelper (>= 8)
 Standards-Version: 3.1.1
 
 Package: udpkey
diff --git a/udpkey.c b/udpkey.c
index d8845e1..452a857 100644 (file)
--- a/udpkey.c
+++ b/udpkey.c
@@ -59,6 +59,7 @@
 #include <mLib/tv.h>
 
 #include <catacomb/buf.h>
+#include <catacomb/ct.h>
 #include <catacomb/dh.h>
 #include <catacomb/ec.h>
 #include <catacomb/ec-keys.h>
@@ -1044,7 +1045,7 @@ static int doquery(int argc, char *argv[])
        h = GM_INIT(m);
        GH_HASH(h, p, n);
        tt = GH_DONE(h, 0);
-       if (memcmp(t, tt, s->k.tagsz) != 0) {
+       if (!ct_memeq(t, tt, s->k.tagsz)) {
          moan("incorrect tag from %s:%d",
               inet_ntoa(sin.sin_addr), ntohs(sin.sin_port));
          goto again;
Transmit and receive cryptographic keys over UDP; useful during boot.