aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDirkjan Bussink <d.bussink@gmail.com>2014-04-23 17:27:10 -0700
committerAndreas Schneider <asn@cryptomilk.org>2019-02-22 18:21:25 +0100
commit8892577296dba23fdd531d222e66b208b60f12c4 (patch)
tree2573d40a06ef00495e7ec11aa21d3c64e050df8a
parentac7c64a76915fa35287782ee9da685d2f59cabea (diff)
downloadlibssh-8892577296dba23fdd531d222e66b208b60f12c4.tar.gz
libssh-8892577296dba23fdd531d222e66b208b60f12c4.tar.xz
libssh-8892577296dba23fdd531d222e66b208b60f12c4.zip
Use constant time comparison function for HMAC comparison
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit 46d15b316103587e5c185d2af69e906477c35a8b)
-rw-r--r--src/packet_crypt.c13
1 files changed, 12 insertions, 1 deletions
diff --git a/src/packet_crypt.c b/src/packet_crypt.c
index 7306e4b3..ba1d4af9 100644
--- a/src/packet_crypt.c
+++ b/src/packet_crypt.c
@@ -176,6 +176,17 @@ unsigned char *ssh_packet_encrypt(ssh_session session, void *data, uint32_t len)
return session->current_crypto->hmacbuf;
}
+static int secure_memcmp(const void *s1, const void *s2, size_t n)
+{
+ int rc = 0;
+ const unsigned char *p1 = s1;
+ const unsigned char *p2 = s2;
+ for (; n > 0; --n) {
+ rc |= *p1++ ^ *p2++;
+ }
+ return (rc != 0);
+}
+
/**
* @internal
*
@@ -219,7 +230,7 @@ int ssh_packet_hmac_verify(ssh_session session,
ssh_print_hexa("Computed mac",hmacbuf,len);
ssh_print_hexa("seq",(unsigned char *)&seq,sizeof(uint32_t));
#endif
- if (memcmp(mac, hmacbuf, len) == 0) {
+ if (secure_memcmp(mac, hmacbuf, len) == 0) {
return 0;
}