scip/pcp
1
0
Fork 0
mirror of https://codeberg.org/scip/pcp.git synced 2025-12-17 20:00:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

using constant time memcmp by C.Meessen

Browse Source
This commit is contained in:
TLINDEN
2015-08-27 11:19:24 +02:00
parent 1b7681ee83
commit bbdda67a6e
9 changed files with 63 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libpcp/crypto.c
View File

@@ -614,7 +614,7 @@ size_t pcp_decrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, byte *
if(verifiedhash == NULL)
out_size = 0;
else {
if(memcmp(verifiedhash, hash, crypto_generichash_BYTES_MAX) != 0) {
if(cst_time_memcmp(verifiedhash, hash, crypto_generichash_BYTES_MAX) != 0) {
/* sig verified, but the hash doesn't match */
fatal(ptx, "signed hash doesn't match actual hash of signed decrypted file content\n");
out_size = 0;