lib:crypto: Use constant time memory comparison to check HMAC

author Joseph Sutton <josephsutton@catalyst.net.nz>

Tue, 2 Aug 2022 02:34:55 +0000 (14:34 +1200)

committer Andrew Bartlett <abartlet@samba.org>

Mon, 12 Sep 2022 23:07:37 +0000 (23:07 +0000)
author Joseph Sutton <josephsutton@catalyst.net.nz>
Tue, 2 Aug 2022 02:34:55 +0000 (14:34 +1200)
committer Andrew Bartlett <abartlet@samba.org>
Mon, 12 Sep 2022 23:07:37 +0000 (23:07 +0000)
diff --git a/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c b/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c

index fc4d21f4ec56536f1ec33cdb7ead92d1f2e7f354..e0877a03f5299c672748bb520c96a027fe28515e 100644 (file)
--- a/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c
+++ b/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c
@@ -282,7 +282,7 @@ samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt(TALLOC_CTX *mem_ctx,
         uint8_t padding;
         size_t i;
         NTSTATUS status;
-       int cmp;
+       bool equal;
         int rc;
  
         if (cdk->length == 0 || ciphertext->length == 0 ||
@@ -333,8 +333,8 @@ samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt(TALLOC_CTX *mem_ctx,
         }
         gnutls_hmac_deinit(hmac_hnd, auth_data);
  
-       cmp = memcmp(auth_data, auth_tag, sizeof(auth_data));
-       if (cmp != 0) {
+       equal = mem_equal_const_time(auth_data, auth_tag, sizeof(auth_data));
+       if (!equal) {
                 return NT_STATUS_DECRYPTION_FAILED;
         }
author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Tue, 2 Aug 2022 02:34:55 +0000 (14:34 +1200)
committer	Andrew Bartlett <abartlet@samba.org>
	Mon, 12 Sep 2022 23:07:37 +0000 (23:07 +0000)