comparison svr-authpasswd.c @ 817:a625f9e135a4

Constant time memcmp for the hmac and password crypt
author Matt Johnston <matt@ucc.asn.au>
date Thu, 03 Oct 2013 22:25:30 +0800
parents 7bd88d546627
children 50f8a24953e6
comparison
equal deleted inserted replaced
816:84e4259dae3e 817:a625f9e135a4
30 #include "dbutil.h" 30 #include "dbutil.h"
31 #include "auth.h" 31 #include "auth.h"
32 #include "runopts.h" 32 #include "runopts.h"
33 33
34 #ifdef ENABLE_SVR_PASSWORD_AUTH 34 #ifdef ENABLE_SVR_PASSWORD_AUTH
35
36 static int constant_time_strcmp(const char* a, const char* b) {
37 size_t la = strlen(a);
38 size_t lb = strlen(b);
39
40 if (la != lb) {
41 return 1;
42 }
43
44 return constant_time_memcmp(a, b, la);
45 }
35 46
36 /* Process a password auth request, sending success or failure messages as 47 /* Process a password auth request, sending success or failure messages as
37 * appropriate */ 48 * appropriate */
38 void svr_auth_password() { 49 void svr_auth_password() {
39 50
80 ses.authstate.pw_name); 91 ses.authstate.pw_name);
81 send_msg_userauth_failure(0, 1); 92 send_msg_userauth_failure(0, 1);
82 return; 93 return;
83 } 94 }
84 95
85 if (strcmp(testcrypt, passwdcrypt) == 0) { 96 if (constant_time_strcmp(testcrypt, passwdcrypt) == 0) {
86 /* successful authentication */ 97 /* successful authentication */
87 dropbear_log(LOG_NOTICE, 98 dropbear_log(LOG_NOTICE,
88 "Password auth succeeded for '%s' from %s", 99 "Password auth succeeded for '%s' from %s",
89 ses.authstate.pw_name, 100 ses.authstate.pw_name,
90 svr_ses.addrstring); 101 svr_ses.addrstring);