- djm@cvs.openbsd.org 2010/07/13 11:52:06
[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c]
[packet.c ssh-rsa.c]
implement a timing_safe_cmp() function to compare memory without leaking
timing information by short-circuiting like memcmp() and use it for
some of the more sensitive comparisons (though nothing high-value was
readily attackable anyway); "looks ok" markus@
diff --git a/key.c b/key.c
index c4d9d57..4e31c84 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.88 2010/05/07 11:30:29 djm Exp $ */
+/* $OpenBSD: key.c,v 1.89 2010/07/13 11:52:06 djm Exp $ */
/*
* read_bignum():
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -52,6 +52,7 @@
#include "uuencode.h"
#include "buffer.h"
#include "log.h"
+#include "misc.h"
#include "ssh2.h"
static struct KeyCert *
@@ -227,7 +228,7 @@
return 0;
if (buffer_len(&a->certblob) != buffer_len(&b->certblob))
return 0;
- if (memcmp(buffer_ptr(&a->certblob), buffer_ptr(&b->certblob),
+ if (timing_safe_cmp(buffer_ptr(&a->certblob), buffer_ptr(&b->certblob),
buffer_len(&a->certblob)) != 0)
return 0;
return 1;