diff --git a/ChangeLog b/ChangeLog
index 5e130699099a903ac7bf1f687adc1c5534cbfcf4..56e4b4b91daa354ae6e61593696a28bb9b2054fd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -43,6 +43,14 @@
* tools/nettle-pbkdf2.c (main): Fix some pointer signedness warning.
* tools/nettle-hash.c (hash_file): Likewise.
+ * examples/rsa-decrypt.c (process_file): Use memeql_sec to check
+ the digest.
+
+ * memeql-sec.c (memeql_sec): New public function, moved from...
+ * ccm.c (memeql_sec): ... previous location.
+
+ * memops.h: New header file, generalizing memxor.h.
+
2016-08-29 Niels Möller <nisse@lysator.liu.se>
* sexp-format.c (strlen_u8): New helper function.
diff --git a/Makefile.in b/Makefile.in
index 9d47552b8e96f4c6dd350e13a9466b35de693fa9..135542f588df50170e29c978dc7d94cc89c75484 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -109,7 +109,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \
knuth-lfib.c \
md2.c md2-meta.c md4.c md4-meta.c \
md5.c md5-compress.c md5-compat.c md5-meta.c \
- memxor.c memxor3.c \
+ memeql-sec.c memxor.c memxor3.c \
nettle-meta-aeads.c nettle-meta-armors.c \
nettle-meta-ciphers.c nettle-meta-hashes.c \
pbkdf2.c pbkdf2-hmac-sha1.c pbkdf2-hmac-sha256.c \
@@ -193,7 +193,7 @@ HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h \
macros.h \
md2.h md4.h \
md5.h md5-compat.h \
- memxor.h \
+ memops.h memxor.h \
nettle-meta.h nettle-types.h \
pbkdf2.h \
pgp.h pkcs1.h realloc.h ripemd160.h rsa.h \
diff --git a/ccm.c b/ccm.c
index b98bc9cfc43438b4a8edcf6090f09c723a7bdc4c..bdbd595c60474f68024be120c6a3cd1d5e4ebcf3 100644
--- a/ccm.c
+++ b/ccm.c
@@ -44,7 +44,7 @@
#include "ccm.h"
#include "ctr.h"
-#include "memxor.h"
+#include "memops.h"
#include "nettle-internal.h"
#include "macros.h"
@@ -246,19 +246,6 @@ ccm_encrypt_message(const void *cipher, nettle_cipher_func *f,
ccm_digest(&ctx, cipher, f, tlength, tag);
}
-/* FIXME: Should be made public, under some suitable name. */
-static int
-memeql_sec (const void *a, const void *b, size_t n)
-{
- volatile const unsigned char *ap = (const unsigned char *) a;
- volatile const unsigned char *bp = (const unsigned char *) b;
- volatile unsigned char d;
- size_t i;
- for (d = i = 0; i < n; i++)
- d |= (ap[i] ^ bp[i]);
- return d == 0;
-}
-
int
ccm_decrypt_message(const void *cipher, nettle_cipher_func *f,
size_t nlength, const uint8_t *nonce,
diff --git a/examples/rsa-decrypt.c b/examples/rsa-decrypt.c
index 01688218f5a61ddd611cd3eff2d970bdf0cc1bfa..94c22190580c34aabbcee663b793f0f36fe9e8b7 100644
--- a/examples/rsa-decrypt.c
+++ b/examples/rsa-decrypt.c
@@ -49,6 +49,7 @@
#include "cbc.h"
#include "hmac.h"
#include "macros.h"
+#include "memops.h"
#include "rsa.h"
#include "yarrow.h"
@@ -189,7 +190,7 @@ process_file(struct rsa_session *ctx,
}
}
hmac_sha1_digest(&ctx->hmac, SHA1_DIGEST_SIZE, digest);
- if (memcmp(digest, buffer + AES_BLOCK_SIZE, SHA1_DIGEST_SIZE) != 0)
+ if (!memeql_sec(digest, buffer + AES_BLOCK_SIZE, SHA1_DIGEST_SIZE))
{
werror("Decryption failed: Invalid mac.\n");
return 0;
diff --git a/memeql-sec.c b/memeql-sec.c
new file mode 100644
index 0000000000000000000000000000000000000000..b19052eda4a13312662ff77439e6f5fbaf34cbc2
--- /dev/null
+++ b/memeql-sec.c
@@ -0,0 +1,51 @@
+/* memeql-sec.c
+
+ Copyright (C) 2016 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "memops.h"
+
+int
+memeql_sec (const void *a, const void *b, size_t n)
+{
+ volatile const unsigned char *ap = (const unsigned char *) a;
+ volatile const unsigned char *bp = (const unsigned char *) b;
+
+ volatile unsigned char diff;
+ size_t i;
+
+ for (i = diff = 0; i < n; i++)
+ diff |= (ap[i] ^ bp[i]);
+
+ return diff == 0;
+}
diff --git a/memops.h b/memops.h
new file mode 100644
index 0000000000000000000000000000000000000000..8e40594df6fc37d0d4698c5eea11fc42db6c02de
--- /dev/null
+++ b/memops.h
@@ -0,0 +1,51 @@
+/* memops.h
+
+ Copyright (C) 2016 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#ifndef NETTLE_MEMOPS_H_INCLUDED
+#define NETTLE_MEMOPS_H_INCLUDED
+
+#include "memxor.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Name mangling */
+#define memeql_sec nettle_memeql_sec
+
+int
+memeql_sec (const void *a, const void *b, size_t n);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NETTLE_MEMOPS_H_INCLUDED */