diff options
| author |  vnugent <public@vaughnnugent.com> | 2024-02-12 22:06:50 -0500 |
|---|---|---|
| committer | vnugent <public@vaughnnugent.com> | 2024-02-12 22:06:50 -0500 |
| commit | b917b761120ed684af28d0707673ffadcf14b8fe (patch) | |
| tree | 30969c9b42536749b35f04edb227be3bc144b408 | |
| parent | 9f85fff3b9f25da7410569ea94f994b88feb3910 (diff) | |
fix: found the constant time memcompare function
| -rw-r--r-- | src/noscrypt.c | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/src/noscrypt.c b/src/noscrypt.c index 14f959b..df6814c 100644 --- a/src/noscrypt.c +++ b/src/noscrypt.c @@ -30,6 +30,7 @@ #include <mbedtls/hmac_drbg.h> #include <mbedtls/chacha20.h> #include <mbedtls/sha256.h> +#include <mbedtls/constant_time.h> /* Non win platforms may need an inline override */ #if !defined(_NC_IS_WINDOWS) && !defined(inline) @@ -970,13 +971,7 @@ NC_EXPORT NCResult NC_CC NCVerifyMacEx( } /* constant time compare the macs */ - - result = 0; - - for (int i = 0; i < NC_ENCRYPTION_MAC_SIZE; i++) - { - result |= args->mac[i] - hmacOut[i]; - } + result = mbedtls_ct_memcmp(hmacOut, args->mac, NC_ENCRYPTION_MAC_SIZE) == 0 ? NC_SUCCESS : E_OPERATION_FAILED; Cleanup: /* Clean up sensitive data */ |