lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-29 01:03:57 +03:00
Code Activity

libcrypto: Use CRYPTO_memcmp() instead of memcmp

Browse Source 
When comparing the authentication tag for chacha20-poly1305, use the
constant time CRYPTO_memcmp() instead of memcmp().

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Anderson Toshiyuki Sasaki
2020-12-11 12:34:27 +01:00
parent c3ae1336fb
commit 486ad81974
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/libcrypto.c
View File

@@ -1098,7 +1098,7 @@ chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
#endif /* DEBUG_CRYPTO */ #endif /* DEBUG_CRYPTO */
/* Verify the calculated MAC matches the attached MAC */ /* Verify the calculated MAC matches the attached MAC */
cmp = memcmp(tag, mac, POLY1305_TAGLEN); cmp = CRYPTO_memcmp(tag, mac, POLY1305_TAGLEN);
if (cmp != 0) { if (cmp != 0) {
/* mac error */ /* mac error */
SSH_LOG(SSH_LOG_PACKET, "poly1305 verify error"); SSH_LOG(SSH_LOG_PACKET, "poly1305 verify error");