Mercurial > dropbear
comparison svr-authpasswd.c @ 817:a625f9e135a4
Constant time memcmp for the hmac and password crypt
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 03 Oct 2013 22:25:30 +0800 |
| parents | 7bd88d546627 |
| children | 50f8a24953e6 |
comparison
equal
deleted
inserted
replaced
| 816:84e4259dae3e | 817:a625f9e135a4 |
|---|---|
| 30 #include "dbutil.h" | 30 #include "dbutil.h" |
| 31 #include "auth.h" | 31 #include "auth.h" |
| 32 #include "runopts.h" | 32 #include "runopts.h" |
| 33 | 33 |
| 34 #ifdef ENABLE_SVR_PASSWORD_AUTH | 34 #ifdef ENABLE_SVR_PASSWORD_AUTH |
| 35 | |
| 36 static int constant_time_strcmp(const char* a, const char* b) { | |
| 37 size_t la = strlen(a); | |
| 38 size_t lb = strlen(b); | |
| 39 | |
| 40 if (la != lb) { | |
| 41 return 1; | |
| 42 } | |
| 43 | |
| 44 return constant_time_memcmp(a, b, la); | |
| 45 } | |
| 35 | 46 |
| 36 /* Process a password auth request, sending success or failure messages as | 47 /* Process a password auth request, sending success or failure messages as |
| 37 * appropriate */ | 48 * appropriate */ |
| 38 void svr_auth_password() { | 49 void svr_auth_password() { |
| 39 | 50 |
| 80 ses.authstate.pw_name); | 91 ses.authstate.pw_name); |
| 81 send_msg_userauth_failure(0, 1); | 92 send_msg_userauth_failure(0, 1); |
| 82 return; | 93 return; |
| 83 } | 94 } |
| 84 | 95 |
| 85 if (strcmp(testcrypt, passwdcrypt) == 0) { | 96 if (constant_time_strcmp(testcrypt, passwdcrypt) == 0) { |
| 86 /* successful authentication */ | 97 /* successful authentication */ |
| 87 dropbear_log(LOG_NOTICE, | 98 dropbear_log(LOG_NOTICE, |
| 88 "Password auth succeeded for '%s' from %s", | 99 "Password auth succeeded for '%s' from %s", |
| 89 ses.authstate.pw_name, | 100 ses.authstate.pw_name, |
| 90 svr_ses.addrstring); | 101 svr_ses.addrstring); |