lib:crypto: Use constant time memory comparison to check HMAC

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 121e439e24a9c03ae900ffca1ae1dda8e059008c)
author: Joseph Sutton <josephsutton@catalyst.net.nz> 2022-08-02 14:34:55 +1200
committer: Jule Anger <janger@samba.org> 2022-09-19 04:02:12 +0000
commit: 1263a8a52130f095d946f019ea49125a43071f4e (patch)
tree: 89f0706d4bf8844c5386b48b08d285354c7b9b3f /lib
parent: af7c57e03763e1851a9eaff648a50e4c9611265f (diff)
download: samba-1263a8a52130f095d946f019ea49125a43071f4e.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c b/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c
index fc4d21f4ec5..e0877a03f52 100644
--- a/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c
+++ b/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c
@@ -282,7 +282,7 @@ samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt(TALLOC_CTX *mem_ctx,
 	uint8_t padding;
 	size_t i;
 	NTSTATUS status;
-	int cmp;
+	bool equal;
 	int rc;
 
 	if (cdk->length == 0 || ciphertext->length == 0 ||
@@ -333,8 +333,8 @@ samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt(TALLOC_CTX *mem_ctx,
 	}
 	gnutls_hmac_deinit(hmac_hnd, auth_data);
 
-	cmp = memcmp(auth_data, auth_tag, sizeof(auth_data));
-	if (cmp != 0) {
+	equal = mem_equal_const_time(auth_data, auth_tag, sizeof(auth_data));
+	if (!equal) {
 		return NT_STATUS_DECRYPTION_FAILED;
 	}
author	Joseph Sutton <josephsutton@catalyst.net.nz>	2022-08-02 14:34:55 +1200
committer	Jule Anger <janger@samba.org>	2022-09-19 04:02:12 +0000
commit	1263a8a52130f095d946f019ea49125a43071f4e (patch)
tree	89f0706d4bf8844c5386b48b08d285354c7b9b3f /lib
parent	af7c57e03763e1851a9eaff648a50e4c9611265f (diff)
download	samba-1263a8a52130f095d946f019ea49125a43071f4e.tar.gz