diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index 4c1f8ea4b..1239ca202 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -75,6 +75,7 @@ int main( int argc, char *argv[] ) unsigned char key[512]; unsigned char digest[32]; unsigned char buffer[1024]; + unsigned char diff; aes_context aes_ctx; sha256_context sha_ctx; @@ -397,7 +398,12 @@ int main( int argc, char *argv[] ) goto exit; } - if( memcmp( digest, buffer, 32 ) != 0 ) + /* Use constant-time buffer comparison */ + diff = 0; + for( i = 0; i < 32; i++ ) + diff |= digest[i] ^ buffer[i]; + + if( diff != 0 ) { fprintf( stderr, "HMAC check failed: wrong key, " "or file corrupted.\n" ); diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index 8ca4d9205..3f2905821 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -77,6 +77,7 @@ static int generic_check( const md_info_t *md_info, char *filename ) int nb_tot1, nb_tot2; unsigned char sum[POLARSSL_MD_MAX_SIZE]; char buf[POLARSSL_MD_MAX_SIZE * 2 + 1], line[1024]; + char diff; if( ( f = fopen( filename, "rb" ) ) == NULL ) { @@ -123,7 +124,12 @@ static int generic_check( const md_info_t *md_info, char *filename ) for( i = 0; i < md_info->size; i++ ) sprintf( buf + i * 2, "%02x", sum[i] ); - if( memcmp( line, buf, 2 * md_info->size ) != 0 ) + /* Use constant-time buffer comparison */ + diff = 0; + for( i = 0; i < 2 * md_info->size; i++ ) + diff |= line[i] ^ buf[i]; + + if( diff != 0 ) { nb_err2++; fprintf( stderr, "wrong checksum: %s\n", line + 66 ); diff --git a/programs/hash/md5sum.c b/programs/hash/md5sum.c index 6ddc673b4..d614aa1ea 100644 --- a/programs/hash/md5sum.c +++ b/programs/hash/md5sum.c @@ -77,6 +77,7 @@ static int md5_check( char *filename ) int nb_tot1, nb_tot2; unsigned char sum[16]; char buf[33], line[1024]; + char diff; if( ( f = fopen( filename, "rb" ) ) == NULL ) { @@ -117,7 +118,12 @@ static int md5_check( char *filename ) for( i = 0; i < 16; i++ ) sprintf( buf + i * 2, "%02x", sum[i] ); - if( memcmp( line, buf, 32 ) != 0 ) + /* Use constant-time buffer comparison */ + diff = 0; + for( i = 0; i < 32; i++ ) + diff |= line[i] ^ buf[i]; + + if( diff != 0 ) { nb_err2++; fprintf( stderr, "wrong checksum: %s\n", line + 34 ); diff --git a/programs/hash/sha1sum.c b/programs/hash/sha1sum.c index adde9161d..ff0514a09 100644 --- a/programs/hash/sha1sum.c +++ b/programs/hash/sha1sum.c @@ -77,6 +77,7 @@ static int sha1_check( char *filename ) int nb_tot1, nb_tot2; unsigned char sum[20]; char buf[41], line[1024]; + char diff; if( ( f = fopen( filename, "rb" ) ) == NULL ) { @@ -117,7 +118,12 @@ static int sha1_check( char *filename ) for( i = 0; i < 20; i++ ) sprintf( buf + i * 2, "%02x", sum[i] ); - if( memcmp( line, buf, 40 ) != 0 ) + /* Use constant-time buffer comparison */ + diff = 0; + for( i = 0; i < 40; i++ ) + diff |= line[i] ^ buf[i]; + + if( diff != 0 ) { nb_err2++; fprintf( stderr, "wrong checksum: %s\n", line + 42 ); diff --git a/programs/hash/sha2sum.c b/programs/hash/sha2sum.c index 2f3acf8de..c3f1a0d6b 100644 --- a/programs/hash/sha2sum.c +++ b/programs/hash/sha2sum.c @@ -77,6 +77,7 @@ static int sha256_check( char *filename ) int nb_tot1, nb_tot2; unsigned char sum[32]; char buf[65], line[1024]; + char diff; if( ( f = fopen( filename, "rb" ) ) == NULL ) { @@ -117,7 +118,12 @@ static int sha256_check( char *filename ) for( i = 0; i < 32; i++ ) sprintf( buf + i * 2, "%02x", sum[i] ); - if( memcmp( line, buf, 64 ) != 0 ) + /* Use constant-time buffer comparison */ + diff = 0; + for( i = 0; i < 64; i++ ) + diff |= line[i] ^ buf[i]; + + if( diff != 0 ) { nb_err2++; fprintf( stderr, "wrong checksum: %s\n", line + 66 );