summaryrefslogtreecommitdiff
path: root/ssh-rsa.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2010-07-16 13:57:51 +1000
committerDamien Miller <djm@mindrot.org>2010-07-16 13:57:51 +1000
commit8a0268f1b3f62292d4124f8d158e0587c4f7c330 (patch)
tree43493a3202569a2939f5616127d9de8689613a7b /ssh-rsa.c
parentd0244d498ba970b9d9348429eaf7a4a0ef2b903c (diff)
- djm@cvs.openbsd.org 2010/07/13 11:52:06
[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] [packet.c ssh-rsa.c] implement a timing_safe_cmp() function to compare memory without leaking timing information by short-circuiting like memcmp() and use it for some of the more sensitive comparisons (though nothing high-value was readily attackable anyway); "looks ok" markus@
Diffstat (limited to 'ssh-rsa.c')
-rw-r--r--ssh-rsa.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/ssh-rsa.c b/ssh-rsa.c
index bb9cc8e2..01f27f52 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-rsa.c,v 1.41 2010/04/16 01:47:26 djm Exp $ */
+/* $OpenBSD: ssh-rsa.c,v 1.42 2010/07/13 11:52:06 djm Exp $ */
/*
* Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org>
*
@@ -30,6 +30,7 @@
#include "buffer.h"
#include "key.h"
#include "compat.h"
+#include "misc.h"
#include "ssh.h"
static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *);
@@ -249,11 +250,11 @@ openssh_RSA_verify(int type, u_char *hash, u_int hashlen,
error("bad decrypted len: %d != %d + %d", len, hlen, oidlen);
goto done;
}
- if (memcmp(decrypted, oid, oidlen) != 0) {
+ if (timing_safe_cmp(decrypted, oid, oidlen) != 0) {
error("oid mismatch");
goto done;
}
- if (memcmp(decrypted + oidlen, hash, hlen) != 0) {
+ if (timing_safe_cmp(decrypted + oidlen, hash, hlen) != 0) {
error("hash mismatch");
goto done;
}