From 8a0268f1b3f62292d4124f8d158e0587c4f7c330 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 16 Jul 2010 13:57:51 +1000 Subject: - djm@cvs.openbsd.org 2010/07/13 11:52:06 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] [packet.c ssh-rsa.c] implement a timing_safe_cmp() function to compare memory without leaking timing information by short-circuiting like memcmp() and use it for some of the more sensitive comparisons (though nothing high-value was readily attackable anyway); "looks ok" markus@ --- misc.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'misc.c') diff --git a/misc.c b/misc.c index 4500b7a37..3b98e3fc2 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.77 2010/07/02 04:32:44 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.78 2010/07/13 11:52:06 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -850,6 +850,18 @@ ms_to_timeval(struct timeval *tv, int ms) tv->tv_usec = (ms % 1000) * 1000; } +int +timing_safe_cmp(const void *_s1, const void *_s2, size_t n) +{ + u_char *s1 = (u_char *)_s1; + u_char *s2 = (u_char *)_s2; + int ret = 0; + + for (; n > 0; n--, s1++, s2++) + ret |= *s1 ^ *s2; + return ret; +} + void sock_set_v6only(int s) { -- cgit v1.2.3