1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index bfdfed8172..a0f192905d 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.68 2025/05/19 04:32:52 jsing Exp $ */
+/* $OpenBSD: e_aes.c,v 1.69 2025/06/03 08:42:15 kenjiro Exp $ */
 /* ====================================================================
 * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -1557,7 +1557,7 @@ aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN);
                /* If tag mismatch wipe buffer */
-                if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
+                if (timingsafe_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN) != 0) {
                        explicit_bzero(out, len);
                        goto err;
                }
@@ -2072,7 +2072,7 @@ aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                    cctx->str) : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
                        unsigned char tag[16];
                        if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
-                                if (!memcmp(tag, ctx->buf, cctx->M))
+                                if (timingsafe_memcmp(tag, ctx->buf, cctx->M) == 0)
                                        rv = len;
                        }
                }

diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c index bfdfed8172..a0f192905d 100644 --- a/src/lib/libcrypto/evp/e_aes.c +++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: e_aes.c,v 1.68 2025/05/19 04:32:52 jsing Exp $ */	1	/* $OpenBSD: e_aes.c,v 1.69 2025/06/03 08:42:15 kenjiro Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -1557,7 +1557,7 @@ aes_gcm_tls_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
1557	CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN);	1557	CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN);
1558		1558
1559	/* If tag mismatch wipe buffer */	1559	/* If tag mismatch wipe buffer */
1560	if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) {	1560	if (timingsafe_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN) != 0) {
1561	explicit_bzero(out, len);	1561	explicit_bzero(out, len);
1562	goto err;	1562	goto err;
1563	}	1563	}
@@ -2072,7 +2072,7 @@ aes_ccm_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
2072	cctx->str) : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {	2072	cctx->str) : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
2073	unsigned char tag[16];	2073	unsigned char tag[16];
2074	if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {	2074	if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
2075	if (!memcmp(tag, ctx->buf, cctx->M))	2075	if (timingsafe_memcmp(tag, ctx->buf, cctx->M) == 0)
2076	rv = len;	2076	rv = len;
2077	}	2077	}
2078	}	2078	}