aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDirkjan Bussink <d.bussink@gmail.com>2014-04-23 17:27:10 -0700
committerAndreas Schneider <asn@cryptomilk.org>2019-02-22 15:30:29 +0100
commit46d15b316103587e5c185d2af69e906477c35a8b (patch)
treec98efe1df92477a96ee2ce4859ca25187dccf0dc
parent1af10fcdb300e86de8a9930e1f9fd68443a94a52 (diff)
downloadlibssh-46d15b316103587e5c185d2af69e906477c35a8b.tar.gz
libssh-46d15b316103587e5c185d2af69e906477c35a8b.tar.xz
libssh-46d15b316103587e5c185d2af69e906477c35a8b.zip
Use constant time comparison function for HMAC comparison
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
-rw-r--r--src/packet_crypt.c13
1 files changed, 12 insertions, 1 deletions
diff --git a/src/packet_crypt.c b/src/packet_crypt.c
index c30264e5..a387152b 100644
--- a/src/packet_crypt.c
+++ b/src/packet_crypt.c
@@ -188,6 +188,17 @@ unsigned char *ssh_packet_encrypt(ssh_session session, void *data, uint32_t len)
return crypto->hmacbuf;
}
+static int secure_memcmp(const void *s1, const void *s2, size_t n)
+{
+ int rc = 0;
+ const unsigned char *p1 = s1;
+ const unsigned char *p2 = s2;
+ for (; n > 0; --n) {
+ rc |= *p1++ ^ *p2++;
+ }
+ return (rc != 0);
+}
+
/**
* @internal
*
@@ -234,7 +245,7 @@ int ssh_packet_hmac_verify(ssh_session session,
ssh_print_hexa("Computed mac",hmacbuf,len);
ssh_print_hexa("seq",(unsigned char *)&seq,sizeof(uint32_t));
#endif
- if (memcmp(mac, hmacbuf, len) == 0) {
+ if (secure_memcmp(mac, hmacbuf, len) == 0) {
return 0;
}