diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2022-08-02 14:34:55 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2022-09-12 23:07:37 +0000 |
commit | 121e439e24a9c03ae900ffca1ae1dda8e059008c (patch) | |
tree | 0fb4171628c850d35fbc2958033e26f1a05d5e83 /lib/crypto | |
parent | cec59b82f7041a305c228091a84257c28e0818d5 (diff) | |
download | samba-121e439e24a9c03ae900ffca1ae1dda8e059008c.tar.gz |
lib:crypto: Use constant time memory comparison to check HMAC
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'lib/crypto')
-rw-r--r-- | lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c b/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c index fc4d21f4ec5..e0877a03f52 100644 --- a/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c +++ b/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c @@ -282,7 +282,7 @@ samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt(TALLOC_CTX *mem_ctx, uint8_t padding; size_t i; NTSTATUS status; - int cmp; + bool equal; int rc; if (cdk->length == 0 || ciphertext->length == 0 || @@ -333,8 +333,8 @@ samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt(TALLOC_CTX *mem_ctx, } gnutls_hmac_deinit(hmac_hnd, auth_data); - cmp = memcmp(auth_data, auth_tag, sizeof(auth_data)); - if (cmp != 0) { + equal = mem_equal_const_time(auth_data, auth_tag, sizeof(auth_data)); + if (!equal) { return NT_STATUS_DECRYPTION_FAILED; } |