Make all hash checking in programs constant-time
diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c
index 1bc6574..f4fe48a 100644
--- a/programs/aes/aescrypt2.c
+++ b/programs/aes/aescrypt2.c
@@ -79,6 +79,7 @@
unsigned char key[512];
unsigned char digest[32];
unsigned char buffer[1024];
+ unsigned char diff;
aes_context aes_ctx;
sha2_context sha_ctx;
@@ -401,7 +402,12 @@
goto exit;
}
- if( memcmp( digest, buffer, 32 ) != 0 )
+ /* Use constant-time buffer comparison */
+ diff = 0;
+ for( i = 0; i < 32; i++ )
+ diff |= digest[i] ^ buffer[i];
+
+ if( diff != 0 )
{
fprintf( stderr, "HMAC check failed: wrong key, "
"or file corrupted.\n" );
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index 10692a9..c55a636 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -81,6 +81,7 @@
int nb_tot1, nb_tot2;
unsigned char sum[POLARSSL_MD_MAX_SIZE];
char buf[POLARSSL_MD_MAX_SIZE * 2 + 1], line[1024];
+ char diff;
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
@@ -127,7 +128,12 @@
for( i = 0; i < md_info->size; i++ )
sprintf( buf + i * 2, "%02x", sum[i] );
- if( memcmp( line, buf, 2 * md_info->size ) != 0 )
+ /* Use constant-time buffer comparison */
+ diff = 0;
+ for( i = 0; i < 2 * md_info->size; i++ )
+ diff |= line[i] ^ buf[i];
+
+ if( diff != 0 )
{
nb_err2++;
fprintf( stderr, "wrong checksum: %s\n", line + 66 );
diff --git a/programs/hash/md5sum.c b/programs/hash/md5sum.c
index 1ca7e87..ede3c45 100644
--- a/programs/hash/md5sum.c
+++ b/programs/hash/md5sum.c
@@ -81,6 +81,7 @@
int nb_tot1, nb_tot2;
unsigned char sum[16];
char buf[33], line[1024];
+ char diff;
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
@@ -121,7 +122,12 @@
for( i = 0; i < 16; i++ )
sprintf( buf + i * 2, "%02x", sum[i] );
- if( memcmp( line, buf, 32 ) != 0 )
+ /* Use constant-time buffer comparison */
+ diff = 0;
+ for( i = 0; i < 32; i++ )
+ diff |= line[i] ^ buf[i];
+
+ if( diff != 0 )
{
nb_err2++;
fprintf( stderr, "wrong checksum: %s\n", line + 34 );
diff --git a/programs/hash/sha1sum.c b/programs/hash/sha1sum.c
index 92f8406..c20323d 100644
--- a/programs/hash/sha1sum.c
+++ b/programs/hash/sha1sum.c
@@ -81,6 +81,7 @@
int nb_tot1, nb_tot2;
unsigned char sum[20];
char buf[41], line[1024];
+ char diff;
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
@@ -121,7 +122,12 @@
for( i = 0; i < 20; i++ )
sprintf( buf + i * 2, "%02x", sum[i] );
- if( memcmp( line, buf, 40 ) != 0 )
+ /* Use constant-time buffer comparison */
+ diff = 0;
+ for( i = 0; i < 40; i++ )
+ diff |= line[i] ^ buf[i];
+
+ if( diff != 0 )
{
nb_err2++;
fprintf( stderr, "wrong checksum: %s\n", line + 42 );
diff --git a/programs/hash/sha2sum.c b/programs/hash/sha2sum.c
index 83124cf..c01bb1c 100644
--- a/programs/hash/sha2sum.c
+++ b/programs/hash/sha2sum.c
@@ -81,6 +81,7 @@
int nb_tot1, nb_tot2;
unsigned char sum[32];
char buf[65], line[1024];
+ char diff;
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
@@ -121,7 +122,12 @@
for( i = 0; i < 32; i++ )
sprintf( buf + i * 2, "%02x", sum[i] );
- if( memcmp( line, buf, 64 ) != 0 )
+ /* Use constant-time buffer comparison */
+ diff = 0;
+ for( i = 0; i < 64; i++ )
+ diff |= line[i] ^ buf[i];
+
+ if( diff != 0 )
{
nb_err2++;
fprintf( stderr, "wrong checksum: %s\n", line + 66 );