Mercurial > dropbear

diff packet.c @ 817:a625f9e135a4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Constant time memcmp for the hmac and password crypt
author Matt Johnston <matt@ucc.asn.au>
date Thu, 03 Oct 2013 22:25:30 +0800
parents 0bf76f54de6f
children c19acba28590
line wrap: on
line diff
--- a/packet.c	Sat Sep 21 00:34:36 2013 +0800
+++ b/packet.c	Thu Oct 03 22:25:30 2013 +0800
@@ -376,7 +376,7 @@
 
 	/* compare the hash */
 	buf_setpos(ses.readbuf, contents_len);
-	if (memcmp(mac_bytes, buf_getptr(ses.readbuf, mac_size), mac_size) != 0) {
+	if (constant_time_memcmp(mac_bytes, buf_getptr(ses.readbuf, mac_size), mac_size) != 0) {
 		return DROPBEAR_FAILURE;
 	} else {
 		return DROPBEAR_SUCCESS;