CVS: cvs.openbsd.org: src

Kenjiro NAKAYAMA Tue, 03 Jun 2025 01:42:37 -0700

CVSROOT:        /cvs
Module name:    src
Changes by:     kenj...@cvs.openbsd.org 2025/06/03 02:42:15


Modified files:
        lib/libcrypto/pkcs12: p12_mutl.c 
        lib/libcrypto/evp: e_aes.c 
        lib/libcrypto/aes: aes.c 

Log message:
Use timingsafe_memcmp when comparing authenticators

Replace memcmp() with timingsafe_memcmp() for authentication tag
comparison in AES-CCM, GCM, PKCS12 and AES key unwrap code paths
to ensure constant-time behavior and avoid potential timing side
channels.

This aligns with OpenSSL 1e4a355.

ok tb@

CVS: cvs.openbsd.org: src

Reply via email to