eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add constant time memcmp and use it for comparing keys.

Browse Source 
There is perhaps no problem now, but it is a good practise to use
constant time for key comaprison to avoid possible side channel
issues.
This commit is contained in:
Milan Broz
2022-04-27 23:05:02 +02:00
parent 4f44bb40b7
commit 2bf0f537f6
12 changed files with 65 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/luks2/luks2_digest_pbkdf2.c
View File

@@ -78,7 +78,7 @@ static int PBKDF2_digest_verify(struct crypt_device *cd,
mkDigestIterations, 0, 0) < 0) {
r = -EINVAL;
} else {
if (memcmp(checkHashBuf, mkDigest, len) == 0)
if (crypt_backend_memeq(checkHashBuf, mkDigest, len) == 0)
r = 0;
}
out: