sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-01 05:47:28 +03:00
Code

lib:crypto: Use constant time memory comparison to check HMAC

Browse Source 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 121e439e24a9c03ae900ffca1ae1dda8e059008c)
This commit is contained in:
Joseph Sutton 2022-08-02 14:34:55 +12:00 committed by Jule Anger
parent af7c57e037
commit 1263a8a521
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c
View File

@ -282,7 +282,7 @@ samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt(TALLOC_CTX *mem_ctx,
uint8_t padding;
size_t i;
NTSTATUS status;
int cmp;
bool equal;
int rc;
if (cdk->length == 0 || ciphertext->length == 0 ||
@ -333,8 +333,8 @@ samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt(TALLOC_CTX *mem_ctx,
}
gnutls_hmac_deinit(hmac_hnd, auth_data);
cmp = memcmp(auth_data, auth_tag, sizeof(auth_data));
if (cmp != 0) {
equal = mem_equal_const_time(auth_data, auth_tag, sizeof(auth_data));
if (!equal) {
return NT_STATUS_DECRYPTION_FAILED;
}