mirror of
https://github.com/RGBCube/serenity
synced 2025-07-27 14:27:35 +00:00
LibCrypto: Use AK::timing_safe_compare to validate sensitive data
Addresses one FIXME in GCM, and another similar issue in EMSA_PSS. We should be using constant time memory comparisons in all of our crypto code.
This commit is contained in:
parent
3ab2b90744
commit
0a5321b3f9
2 changed files with 4 additions and 3 deletions
|
@ -6,6 +6,7 @@
|
|||
|
||||
#pragma once
|
||||
|
||||
#include <AK/Memory.h>
|
||||
#include <AK/OwnPtr.h>
|
||||
#include <AK/StringBuilder.h>
|
||||
#include <AK/StringView.h>
|
||||
|
@ -124,12 +125,11 @@ public:
|
|||
block0.apply_initialization_vector({ auth_tag.data, array_size(auth_tag.data) });
|
||||
|
||||
auto test_consistency = [&] {
|
||||
if (block0.block_size() != tag.size() || __builtin_memcmp(block0.bytes().data(), tag.data(), tag.size()) != 0)
|
||||
if (block0.block_size() != tag.size() || !timing_safe_compare(block0.bytes().data(), tag.data(), tag.size()))
|
||||
return VerificationConsistency::Inconsistent;
|
||||
|
||||
return VerificationConsistency::Consistent;
|
||||
};
|
||||
// FIXME: This block needs constant-time comparisons.
|
||||
|
||||
if (in.is_empty()) {
|
||||
out = {};
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue