Double check for crypto_auth_verify()

2014-08-03 21:15:04 -07:00 · 2014-08-03 21:15:04 -07:00 · c5a9d46386
commit c5a9d46386
parent be41f72e0e
3 changed files with 9 additions and 3 deletions
--- a/src/libsodium/crypto_auth/hmacsha256/cp/verify_hmacsha256.c
+++ b/src/libsodium/crypto_auth/hmacsha256/cp/verify_hmacsha256.c
@ -1,9 +1,11 @@
 #include "api.h"
 #include "crypto_verify_32.h"
+#include "utils.h"

 int crypto_auth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
 {
  unsigned char correct[32];
  crypto_auth(correct,in,inlen,k);
-  return crypto_verify_32(h,correct);
+  return crypto_verify_32(h,correct) | (-(h - correct == 0)) |
+         sodium_memcmp(correct,h,32);
 }
--- a/src/libsodium/crypto_auth/hmacsha512/cp/verify_hmacsha512.c
+++ b/src/libsodium/crypto_auth/hmacsha512/cp/verify_hmacsha512.c
@ -1,10 +1,12 @@
 #include "api.h"
 #include "crypto_verify_64.h"
+#include "utils.h"

 int crypto_auth_verify(const unsigned char *h, const unsigned char *in,
                       unsigned long long inlen, const unsigned char *k)
 {
  unsigned char correct[64];
  crypto_auth(correct,in,inlen,k);
-  return crypto_verify_64(h,correct);
+  return crypto_verify_64(h,correct) | (-(h - correct == 0)) |
+         sodium_memcmp(correct,h,64);
 }
--- a/src/libsodium/crypto_auth/hmacsha512256/cp/verify_hmacsha512256.c
+++ b/src/libsodium/crypto_auth/hmacsha512256/cp/verify_hmacsha512256.c
@ -1,10 +1,12 @@
 #include "api.h"
 #include "crypto_verify_32.h"
+#include "utils.h"

 int crypto_auth_verify(const unsigned char *h, const unsigned char *in,
                       unsigned long long inlen, const unsigned char *k)
 {
  unsigned char correct[32];
  crypto_auth(correct,in,inlen,k);
-  return crypto_verify_32(h,correct);
+  return crypto_verify_32(h,correct) | (-(h - correct == 0)) |
+         sodium_memcmp(correct,h,32);
 }