Use timingsafe_memcmp() in CRYPTO_gcm128_finish().

When checking the GCM tag, use timingsafe_memcmp() instead of memcmp(). ok tb@
author: jsing <> 2025-05-22 12:33:36 +0000
committer: jsing <> 2025-05-22 12:33:36 +0000
commit: 782008a26462e3082fdd7e188156e7d0374cf81d (patch)
tree: 04cb4f8df9aff3960cfc0f75367882e06bcb2c70 /src/lib/libcrypto/modes/gcm128.c
parent: f319211a5f338c8db89ed856127b1242825680c3 (diff)
download: openbsd-782008a26462e3082fdd7e188156e7d0374cf81d.tar.gz
openbsd-782008a26462e3082fdd7e188156e7d0374cf81d.tar.bz2
openbsd-782008a26462e3082fdd7e188156e7d0374cf81d.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libcrypto/modes/gcm128.c b/src/lib/libcrypto/modes/gcm128.c
index ab3388cac8..5ac00b0b48 100644
--- a/src/lib/libcrypto/modes/gcm128.c
+++ b/src/lib/libcrypto/modes/gcm128.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gcm128.c,v 1.45 2025/05/21 12:12:42 jsing Exp $ */
+/* $OpenBSD: gcm128.c,v 1.46 2025/05/22 12:33:36 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
 *
@@ -679,7 +679,7 @@ CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
        ctx->Xi.u[1] ^= ctx->EK0.u[1];
        if (tag && len <= sizeof(ctx->Xi))
-                return memcmp(ctx->Xi.c, tag, len);
+                return timingsafe_memcmp(ctx->Xi.c, tag, len);
        else
                return -1;
 }
author	jsing <>	2025-05-22 12:33:36 +0000
committer	jsing <>	2025-05-22 12:33:36 +0000
commit	782008a26462e3082fdd7e188156e7d0374cf81d (patch)
tree	04cb4f8df9aff3960cfc0f75367882e06bcb2c70 /src/lib/libcrypto/modes/gcm128.c
parent	f319211a5f338c8db89ed856127b1242825680c3 (diff)
download	openbsd-782008a26462e3082fdd7e188156e7d0374cf81d.tar.gz openbsd-782008a26462e3082fdd7e188156e7d0374cf81d.tar.bz2 openbsd-782008a26462e3082fdd7e188156e7d0374cf81d.zip

diff --git a/src/lib/libcrypto/modes/gcm128.c b/src/lib/libcrypto/modes/gcm128.c index ab3388cac8..5ac00b0b48 100644 --- a/src/lib/libcrypto/modes/gcm128.c +++ b/src/lib/libcrypto/modes/gcm128.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: gcm128.c,v 1.45 2025/05/21 12:12:42 jsing Exp $ */	1	/* $OpenBSD: gcm128.c,v 1.46 2025/05/22 12:33:36 jsing Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 2010 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 2010 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -679,7 +679,7 @@ CRYPTO_gcm128_finish(GCM128_CONTEXT ctx, const unsigned char tag,
679	ctx->Xi.u[1] ^= ctx->EK0.u[1];	679	ctx->Xi.u[1] ^= ctx->EK0.u[1];
680		680
681	if (tag && len <= sizeof(ctx->Xi))	681	if (tag && len <= sizeof(ctx->Xi))
682	return memcmp(ctx->Xi.c, tag, len);	682	return timingsafe_memcmp(ctx->Xi.c, tag, len);
683	else	683	else
684	return -1;	684	return -1;
685	}	685	}