From 8488487f0974f365bb51defabda91a3e5dcdfaa6 Mon Sep 17 00:00:00 2001 From: djm Date: Tue, 13 Jul 2010 11:52:06 +0000 Subject: implement a timing_safe_cmp() function to compare memory without leaking timing information by short-circuiting like memcmp() and use it for some of the more sensitive comparisons (though nothing high-value was readily attackable anyway); "looks ok" markus@ --- usr.bin/ssh/ssh-rsa.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'usr.bin/ssh/ssh-rsa.c') diff --git a/usr.bin/ssh/ssh-rsa.c b/usr.bin/ssh/ssh-rsa.c index e98533cbe18..dbb31d83143 100644 --- a/usr.bin/ssh/ssh-rsa.c +++ b/usr.bin/ssh/ssh-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-rsa.c,v 1.41 2010/04/16 01:47:26 djm Exp $ */ +/* $OpenBSD: ssh-rsa.c,v 1.42 2010/07/13 11:52:06 djm Exp $ */ /* * Copyright (c) 2000, 2003 Markus Friedl * @@ -27,6 +27,7 @@ #include "buffer.h" #include "key.h" #include "compat.h" +#include "misc.h" #include "ssh.h" static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *); @@ -246,11 +247,11 @@ openssh_RSA_verify(int type, u_char *hash, u_int hashlen, error("bad decrypted len: %d != %d + %d", len, hlen, oidlen); goto done; } - if (memcmp(decrypted, oid, oidlen) != 0) { + if (timing_safe_cmp(decrypted, oid, oidlen) != 0) { error("oid mismatch"); goto done; } - if (memcmp(decrypted + oidlen, hash, hlen) != 0) { + if (timing_safe_cmp(decrypted + oidlen, hash, hlen) != 0) { error("hash mismatch"); goto done; } -- cgit v1.2.3-59-g8ed1b