Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / libsrtp2 / 1e91fd41699653582d5cc386ad32885f1c844685
commit1e91fd41699653582d5cc386ad32885f1c844685[log] [tgz]
authorMatthew Riley <mattdr@google.com>Thu Jul 14 15:43:00 2016 -0700
committerMatthew Riley <mattdr@google.com>Fri Jul 15 11:26:08 2016 -0700
treea2a2f675d7c9f47ad4c82e417d9bf63980ef5010
parentf97b18d7686b6e9a750e55f93dc4bc1153ddee52 [diff]
Replace octet_string_is_eq with a constant-time implementation

This function is used to check authentication tags in srtp_unprotect.
The current early-exit implementation might offer a timing sidechannel,
enabling attackers to brute-force a correct HMAC to a forged message.

Such attacks shouldn't be possible if replay protection is enabled, but
this is nonetheless good defense in depth.

The implementation is similar to CRYPTO_memcmp from OpenSSL/BoringSSL.
2 files changed
tree: a2a2f675d7c9f47ad4c82e417d9bf63980ef5010
  1. crypto/
  2. doc/
  3. include/
  4. srtp/
  5. test/
  6. .gitignore
  7. .travis.yml
  8. CHANGES
  9. config.guess
  10. config.h_win32vc7
  11. config.hw
  12. config.sub
  13. config_in.h
  14. configure
  15. configure.in
  16. install-sh
  17. install-win.bat
  18. libsrtp2.pc.in
  19. LICENSE
  20. Makefile.in
  21. README
  22. srtp.def
  23. srtp.sln
  24. srtp.vcproj
  25. srtp7.sln
  26. srtp7.vcproj
  27. timing
  28. TODO
  29. undos.sh
  30. update.sh
  31. VERSION