summaryrefslogtreecommitdiff
path: root/auth-rsa.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth-rsa.c')
-rw-r--r--auth-rsa.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/auth-rsa.c b/auth-rsa.c
index 250e9cf78..7afcaee31 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth-rsa.c,v 1.74 2010/03/04 10:36:03 djm Exp $ */ 1/* $OpenBSD: auth-rsa.c,v 1.78 2010/07/13 23:13:16 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -34,11 +34,11 @@
34#include "uidswap.h" 34#include "uidswap.h"
35#include "match.h" 35#include "match.h"
36#include "buffer.h" 36#include "buffer.h"
37#include "auth-options.h"
38#include "pathnames.h" 37#include "pathnames.h"
39#include "log.h" 38#include "log.h"
40#include "servconf.h" 39#include "servconf.h"
41#include "key.h" 40#include "key.h"
41#include "auth-options.h"
42#include "hostfile.h" 42#include "hostfile.h"
43#include "auth.h" 43#include "auth.h"
44#ifdef GSSAPI 44#ifdef GSSAPI
@@ -116,7 +116,7 @@ auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16])
116 MD5_Final(mdbuf, &md); 116 MD5_Final(mdbuf, &md);
117 117
118 /* Verify that the response is the original challenge. */ 118 /* Verify that the response is the original challenge. */
119 if (memcmp(response, mdbuf, 16) != 0) { 119 if (timingsafe_bcmp(response, mdbuf, 16) != 0) {
120 /* Wrong answer. */ 120 /* Wrong answer. */
121 return (0); 121 return (0);
122 } 122 }
@@ -256,7 +256,8 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
256 */ 256 */
257 if (!auth_parse_options(pw, key_options, file, linenum)) 257 if (!auth_parse_options(pw, key_options, file, linenum))
258 continue; 258 continue;
259 259 if (key_is_cert_authority)
260 continue;
260 /* break out, this key is allowed */ 261 /* break out, this key is allowed */
261 allowed = 1; 262 allowed = 1;
262 break; 263 break;