Replace memcmp with a constant-time version in some places

author: Matthias Schiffer <mschiffer@universe-factory.net> 2014-08-31 16:21:24 +0200
committer: Matthias Schiffer <mschiffer@universe-factory.net> 2014-08-31 16:21:24 +0200
commit: 9225a4550abebd26ff3642d8f5ed4f96b2e4bff7 (patch)
tree: 5afffac11e8dff1dda0004df3ac5bed56a6bdd87 /src/sha256.c
parent: 46a82c570cf940479be968864eb9638407d7d84f (diff)
download: fastd-9225a4550abebd26ff3642d8f5ed4f96b2e4bff7.tar
fastd-9225a4550abebd26ff3642d8f5ed4f96b2e4bff7.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/src/sha256.c b/src/sha256.c
index 3d6401f..2e9a7a7 100644
--- a/src/sha256.c
+++ b/src/sha256.c
@@ -31,6 +31,7 @@
 
 
 #include "sha256.h"
+#include "crypto.h"
 
 #include <stdarg.h>
 #include <string.h>
@@ -261,7 +262,7 @@ bool fastd_hmacsha256_blocks_verify(const uint8_t mac[FASTD_SHA256_HASH_BYTES],
 	hmacsha256_blocks_va(&out, key, ap);
 	va_end(ap);
 
-	return !memcmp(out.b, mac, FASTD_SHA256_HASH_BYTES);
+	return secure_memequal(out.b, mac, FASTD_SHA256_HASH_BYTES);
 }
 
 /** Computes the HMAC-SHA256 of an arbitraty input buffer */
@@ -280,5 +281,5 @@ bool fastd_hmacsha256_verify(const uint8_t mac[FASTD_SHA256_HASH_BYTES], const u
 	fastd_sha256_t out;
 
 	fastd_hmacsha256(&out, key, in, len);
-	return !memcmp(out.b, mac, FASTD_SHA256_HASH_BYTES);
+	return secure_memequal(out.b, mac, FASTD_SHA256_HASH_BYTES);
 }
author	Matthias Schiffer <mschiffer@universe-factory.net>	2014-08-31 16:21:24 +0200
committer	Matthias Schiffer <mschiffer@universe-factory.net>	2014-08-31 16:21:24 +0200
commit	9225a4550abebd26ff3642d8f5ed4f96b2e4bff7 (patch)
tree	5afffac11e8dff1dda0004df3ac5bed56a6bdd87 /src/sha256.c
parent	46a82c570cf940479be968864eb9638407d7d84f (diff)
download	fastd-9225a4550abebd26ff3642d8f5ed4f96b2e4bff7.tar fastd-9225a4550abebd26ff3642d8f5ed4f96b2e4bff7.zip