From: Mark Wooding <mdw@distorted.org.uk>
Date: Fri, 28 Jun 2013 19:19:31 +0000 (+0100)
Subject: Use constant-time comparison for checking MAC tags.
X-Git-Tag: 1.0.1~6
X-Git-Url: https://git.distorted.org.uk/~mdw/udpkey/commitdiff_plain/a5f873bee5d69f4f12160360ec9a756b7c1c907a

Use constant-time comparison for checking MAC tags.
---

diff --git a/configure.ac b/configure.ac
index 0fbf6b7..ce56117 100644
--- a/configure.ac
+++ b/configure.ac
@@ -42,7 +42,7 @@ AX_CFLAGS_WARN_ALL
 AC_SUBST([AM_CFLAGS])
 
 PKG_CHECK_MODULES([mLib], [mLib >= 2.1.0])
-PKG_CHECK_MODULES([catacomb], [catacomb >= 2.1.1])
+PKG_CHECK_MODULES([catacomb], [catacomb >= 2.1.4])
 AM_CFLAGS="$AM_CFLAGS $mLib_CFLAGS $catacomb_CFLAGS"
 
 dnl--------------------------------------------------------------------------
diff --git a/debian/control b/debian/control
index 190af54..9abc7f4 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: udpkey
 Section: utils
 Priority: extra
 Maintainer: Mark Wooding <mdw@distorted.org.uk>
-Build-Depends: catacomb-dev (>= 2.1.1), mlib-dev (>= 2.1.0), debhelper (>= 8)
+Build-Depends: catacomb-dev (>= 2.1.4), mlib-dev (>= 2.1.0), debhelper (>= 8)
 Standards-Version: 3.1.1
 
 Package: udpkey
diff --git a/udpkey.c b/udpkey.c
index d8845e1..452a857 100644
--- a/udpkey.c
+++ b/udpkey.c
@@ -59,6 +59,7 @@
 #include <mLib/tv.h>
 
 #include <catacomb/buf.h>
+#include <catacomb/ct.h>
 #include <catacomb/dh.h>
 #include <catacomb/ec.h>
 #include <catacomb/ec-keys.h>
@@ -1044,7 +1045,7 @@ static int doquery(int argc, char *argv[])
 	h = GM_INIT(m);
 	GH_HASH(h, p, n);
 	tt = GH_DONE(h, 0);
-	if (memcmp(t, tt, s->k.tagsz) != 0) {
+	if (!ct_memeq(t, tt, s->k.tagsz)) {
 	  moan("incorrect tag from %s:%d",
 	       inet_ntoa(sin.sin_addr), ntohs(sin.sin_port));
 	  goto again;