Use timingsafe_memcmp() in CRYPTO_gcm128_finish().

When checking the GCM tag, use timingsafe_memcmp() instead of memcmp(). ok tb@
author: jsing <> 2025-05-22 12:33:36 +0000
committer: jsing <> 2025-05-22 12:33:36 +0000
commit: d19325f59fd7a16b2759c55d0837d754c2f532f4 (patch)
tree: 04cb4f8df9aff3960cfc0f75367882e06bcb2c70
parent: e7ce70963ad3b03728962b079041b3235a136ef5 (diff)
download: openbsd-d19325f59fd7a16b2759c55d0837d754c2f532f4.tar.gz
openbsd-d19325f59fd7a16b2759c55d0837d754c2f532f4.tar.bz2
openbsd-d19325f59fd7a16b2759c55d0837d754c2f532f4.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libcrypto/modes/gcm128.c b/src/lib/libcrypto/modes/gcm128.c
index ab3388cac8..5ac00b0b48 100644
--- a/src/lib/libcrypto/modes/gcm128.c
+++ b/src/lib/libcrypto/modes/gcm128.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gcm128.c,v 1.45 2025/05/21 12:12:42 jsing Exp $ */
+/* $OpenBSD: gcm128.c,v 1.46 2025/05/22 12:33:36 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
 *
@@ -679,7 +679,7 @@ CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
        ctx->Xi.u[1] ^= ctx->EK0.u[1];
        if (tag && len <= sizeof(ctx->Xi))
-                return memcmp(ctx->Xi.c, tag, len);
+                return timingsafe_memcmp(ctx->Xi.c, tag, len);
        else
                return -1;
 }
author	jsing <>	2025-05-22 12:33:36 +0000
committer	jsing <>	2025-05-22 12:33:36 +0000
commit	d19325f59fd7a16b2759c55d0837d754c2f532f4 (patch)
tree	04cb4f8df9aff3960cfc0f75367882e06bcb2c70
parent	e7ce70963ad3b03728962b079041b3235a136ef5 (diff)
download	openbsd-d19325f59fd7a16b2759c55d0837d754c2f532f4.tar.gz openbsd-d19325f59fd7a16b2759c55d0837d754c2f532f4.tar.bz2 openbsd-d19325f59fd7a16b2759c55d0837d754c2f532f4.zip

diff --git a/src/lib/libcrypto/modes/gcm128.c b/src/lib/libcrypto/modes/gcm128.c index ab3388cac8..5ac00b0b48 100644 --- a/src/lib/libcrypto/modes/gcm128.c +++ b/src/lib/libcrypto/modes/gcm128.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: gcm128.c,v 1.45 2025/05/21 12:12:42 jsing Exp $ */	1	/* $OpenBSD: gcm128.c,v 1.46 2025/05/22 12:33:36 jsing Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 2010 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 2010 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -679,7 +679,7 @@ CRYPTO_gcm128_finish(GCM128_CONTEXT ctx, const unsigned char tag,
679	ctx->Xi.u[1] ^= ctx->EK0.u[1];	679	ctx->Xi.u[1] ^= ctx->EK0.u[1];
680		680
681	if (tag && len <= sizeof(ctx->Xi))	681	if (tag && len <= sizeof(ctx->Xi))
682	return memcmp(ctx->Xi.c, tag, len);	682	return timingsafe_memcmp(ctx->Xi.c, tag, len);
683	else	683	else
684	return -1;	684	return -1;
685	}	685	}