- djm@cvs.openbsd.org 2010/07/13 11:52:06

[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] [packet.c ssh-rsa.c] implement a timing_safe_cmp() function to compare memory without leaking timing information by short-circuiting like memcmp() and use it for some of the more sensitive comparisons (though nothing high-value was readily attackable anyway); "looks ok" markus@
author: Damien Miller <djm@mindrot.org> 2010-07-16 13:57:51 +1000
committer: Damien Miller <djm@mindrot.org> 2010-07-16 13:57:51 +1000
commit: 8a0268f1b3f62292d4124f8d158e0587c4f7c330 (patch)
tree: 43493a3202569a2939f5616127d9de8689613a7b /auth-rsa.c
parent: d0244d498ba970b9d9348429eaf7a4a0ef2b903c (diff)
download: openssh-git-8a0268f1b3f62292d4124f8d158e0587c4f7c330.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/auth-rsa.c b/auth-rsa.c
index ef6767bf..71abadf6 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rsa.c,v 1.76 2010/05/11 02:58:04 djm Exp $ */
+/* $OpenBSD: auth-rsa.c,v 1.77 2010/07/13 11:52:06 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -116,7 +116,7 @@ auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16])
 	MD5_Final(mdbuf, &md);
 
 	/* Verify that the response is the original challenge. */
-	if (memcmp(response, mdbuf, 16) != 0) {
+	if (timing_safe_cmp(response, mdbuf, 16) != 0) {
 		/* Wrong answer. */
 		return (0);
 	}
author	Damien Miller <djm@mindrot.org>	2010-07-16 13:57:51 +1000
committer	Damien Miller <djm@mindrot.org>	2010-07-16 13:57:51 +1000
commit	8a0268f1b3f62292d4124f8d158e0587c4f7c330 (patch)
tree	43493a3202569a2939f5616127d9de8689613a7b /auth-rsa.c
parent	d0244d498ba970b9d9348429eaf7a4a0ef2b903c (diff)
download	openssh-git-8a0268f1b3f62292d4124f8d158e0587c4f7c330.tar.gz