From b917b761120ed684af28d0707673ffadcf14b8fe Mon Sep 17 00:00:00 2001
From: vnugent <public@vaughnnugent.com>
Date: Mon, 12 Feb 2024 22:06:50 -0500
Subject: fix: found the constant time memcompare function

---
 src/noscrypt.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/src/noscrypt.c b/src/noscrypt.c
index 14f959b..df6814c 100644
--- a/src/noscrypt.c
+++ b/src/noscrypt.c
@@ -30,6 +30,7 @@
 #include <mbedtls/hmac_drbg.h>
 #include <mbedtls/chacha20.h>
 #include <mbedtls/sha256.h>
+#include <mbedtls/constant_time.h>
 
 /* Non win platforms may need an inline override */
 #if !defined(_NC_IS_WINDOWS) && !defined(inline)
@@ -970,13 +971,7 @@ NC_EXPORT NCResult NC_CC NCVerifyMacEx(
 	}
 
 	/* constant time compare the macs */
-
-	result = 0;
-
-	for (int i = 0; i < NC_ENCRYPTION_MAC_SIZE; i++)
-	{
-		result |= args->mac[i] - hmacOut[i];
-	}
+	result = mbedtls_ct_memcmp(hmacOut, args->mac, NC_ENCRYPTION_MAC_SIZE) == 0 ? NC_SUCCESS : E_OPERATION_FAILED;
 
 Cleanup:
 	/* Clean up sensitive data */
-- 
cgit