Skip to content
Permalink
Browse files Browse the repository at this point in the history
driver: secure: use consttime_memequal for memory comparison
Do  not  use memcmp() to compare security critical data, such as
cryptographic secrets, because the required CPU time depends on the
number of equal bytes.
Instead, a function that performs comparisons in constant time is required.
Warning: consttime_memequal returns 0 if data are NOT equal, and 1 if they are
equal.

Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Reviewed-by: Nicolas Ferre <nicolas.ferre@microchip.com>
  • Loading branch information
ehristev committed Mar 30, 2020
1 parent bdb4693 commit 7753914
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion driver/secure.c
Expand Up @@ -103,7 +103,7 @@ int secure_decrypt(void *data, unsigned int data_length, int is_signed)
/* Check the CMAC */
fixed_length = at91_aes_roundup(data_length);
cmac = (const unsigned int *)((char *)data + fixed_length);
if (memcmp(cmac, computed_cmac, AT91_AES_BLOCK_SIZE_BYTE))
if (!consttime_memequal(cmac, computed_cmac, AT91_AES_BLOCK_SIZE_BYTE))
goto exit;
}

Expand Down

0 comments on commit 7753914

Please sign in to comment.