From 46d15b316103587e5c185d2af69e906477c35a8b Mon Sep 17 00:00:00 2001
From: Dirkjan Bussink <d.bussink@gmail.com>
Date: Wed, 23 Apr 2014 17:27:10 -0700
Subject: Use constant time comparison function for HMAC comparison

Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
 src/packet_crypt.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/packet_crypt.c b/src/packet_crypt.c
index c30264e5..a387152b 100644
--- a/src/packet_crypt.c
+++ b/src/packet_crypt.c
@@ -188,6 +188,17 @@ unsigned char *ssh_packet_encrypt(ssh_session session, void *data, uint32_t len)
   return crypto->hmacbuf;
 }
 
+static int secure_memcmp(const void *s1, const void *s2, size_t n)
+{
+    int rc = 0;
+    const unsigned char *p1 = s1;
+    const unsigned char *p2 = s2;
+    for (; n > 0; --n) {
+        rc |= *p1++ ^ *p2++;
+    }
+    return (rc != 0);
+}
+
 /**
  * @internal
  *
@@ -234,7 +245,7 @@ int ssh_packet_hmac_verify(ssh_session session,
   ssh_print_hexa("Computed mac",hmacbuf,len);
   ssh_print_hexa("seq",(unsigned char *)&seq,sizeof(uint32_t));
 #endif
-  if (memcmp(mac, hmacbuf, len) == 0) {
+  if (secure_memcmp(mac, hmacbuf, len) == 0) {
     return 0;
   }
 
-- 
cgit v1.2.3