scip/pcp
1
0
Fork 0
mirror of https://codeberg.org/scip/pcp.git synced 2025-12-17 03:50:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

using constant time memcmp by C.Meessen

Browse Source
This commit is contained in:
TLINDEN
2015-08-27 11:19:24 +02:00
parent 1b7681ee83
commit bbdda67a6e
9 changed files with 63 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libpcp/mgmt.c
View File

@@ -181,7 +181,7 @@ int _check_hash_keysig(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p, pcp_keysig_t
crypto_generichash_final(st, hash, crypto_generichash_BYTES_MAX);
/* compare them */
if(memcmp(hash, verifyhash, crypto_generichash_BYTES_MAX) != 0) {
if(cst_time_memcmp(hash, verifyhash, crypto_generichash_BYTES_MAX) != 0) {
fatal(ptx, "Signature verifies but signed hash doesn't match signature contents\n");
goto chker2;
}