diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index 1bc657414..f4fe48a3d 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -79,6 +79,7 @@ int main( int argc, char *argv[] ) unsigned char key[512]; unsigned char digest[32]; unsigned char buffer[1024]; + unsigned char diff; aes_context aes_ctx; sha2_context sha_ctx; @@ -401,7 +402,12 @@ int main( int argc, char *argv[] ) goto exit; } - if( memcmp( digest, buffer, 32 ) != 0 ) + /* Use constant-time buffer comparison */ + diff = 0; + for( i = 0; i < 32; i++ ) + diff |= digest[i] ^ buffer[i]; + + if( diff != 0 ) { fprintf( stderr, "HMAC check failed: wrong key, " "or file corrupted.\n" ); diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index 10692a98f..c55a63623 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -81,6 +81,7 @@ static int generic_check( const md_info_t *md_info, char *filename ) int nb_tot1, nb_tot2; unsigned char sum[POLARSSL_MD_MAX_SIZE]; char buf[POLARSSL_MD_MAX_SIZE * 2 + 1], line[1024]; + char diff; if( ( f = fopen( filename, "rb" ) ) == NULL ) { @@ -127,7 +128,12 @@ static int generic_check( const md_info_t *md_info, char *filename ) for( i = 0; i < md_info->size; i++ ) sprintf( buf + i * 2, "%02x", sum[i] ); - if( memcmp( line, buf, 2 * md_info->size ) != 0 ) + /* Use constant-time buffer comparison */ + diff = 0; + for( i = 0; i < 2 * md_info->size; i++ ) + diff |= line[i] ^ buf[i]; + + if( diff != 0 ) { nb_err2++; fprintf( stderr, "wrong checksum: %s\n", line + 66 ); diff --git a/programs/hash/md5sum.c b/programs/hash/md5sum.c index 1ca7e879f..ede3c4558 100644 --- a/programs/hash/md5sum.c +++ b/programs/hash/md5sum.c @@ -81,6 +81,7 @@ static int md5_check( char *filename ) int nb_tot1, nb_tot2; unsigned char sum[16]; char buf[33], line[1024]; + char diff; if( ( f = fopen( filename, "rb" ) ) == NULL ) { @@ -121,7 +122,12 @@ static int md5_check( char *filename ) for( i = 0; i < 16; i++ ) sprintf( buf + i * 2, "%02x", sum[i] ); - if( memcmp( line, buf, 32 ) != 0 ) + /* Use constant-time buffer comparison */ + diff = 0; + for( i = 0; i < 32; i++ ) + diff |= line[i] ^ buf[i]; + + if( diff != 0 ) { nb_err2++; fprintf( stderr, "wrong checksum: %s\n", line + 34 ); diff --git a/programs/hash/sha1sum.c b/programs/hash/sha1sum.c index 92f840662..c20323d57 100644 --- a/programs/hash/sha1sum.c +++ b/programs/hash/sha1sum.c @@ -81,6 +81,7 @@ static int sha1_check( char *filename ) int nb_tot1, nb_tot2; unsigned char sum[20]; char buf[41], line[1024]; + char diff; if( ( f = fopen( filename, "rb" ) ) == NULL ) { @@ -121,7 +122,12 @@ static int sha1_check( char *filename ) for( i = 0; i < 20; i++ ) sprintf( buf + i * 2, "%02x", sum[i] ); - if( memcmp( line, buf, 40 ) != 0 ) + /* Use constant-time buffer comparison */ + diff = 0; + for( i = 0; i < 40; i++ ) + diff |= line[i] ^ buf[i]; + + if( diff != 0 ) { nb_err2++; fprintf( stderr, "wrong checksum: %s\n", line + 42 ); diff --git a/programs/hash/sha2sum.c b/programs/hash/sha2sum.c index 83124cf3c..c01bb1cd2 100644 --- a/programs/hash/sha2sum.c +++ b/programs/hash/sha2sum.c @@ -81,6 +81,7 @@ static int sha2_check( char *filename ) int nb_tot1, nb_tot2; unsigned char sum[32]; char buf[65], line[1024]; + char diff; if( ( f = fopen( filename, "rb" ) ) == NULL ) { @@ -121,7 +122,12 @@ static int sha2_check( char *filename ) for( i = 0; i < 32; i++ ) sprintf( buf + i * 2, "%02x", sum[i] ); - if( memcmp( line, buf, 64 ) != 0 ) + /* Use constant-time buffer comparison */ + diff = 0; + for( i = 0; i < 64; i++ ) + diff |= line[i] ^ buf[i]; + + if( diff != 0 ) { nb_err2++; fprintf( stderr, "wrong checksum: %s\n", line + 66 );