diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2013-10-03 22:25:30 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2013-10-03 22:25:30 +0800 |
| commit | d1dec41f7656d7937f1cce64df1cc41121f3e44d (patch) | |
| tree | f188573e32fd2926e03f84bfa7ff4b26613377a6 /svr-authpasswd.c | |
| parent | 69a165db86bc61c02a6d400ca2de77d6f480f46d (diff) | |
Constant time memcmp for the hmac and password crypt
Diffstat (limited to 'svr-authpasswd.c')
| -rw-r--r-- | svr-authpasswd.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/svr-authpasswd.c b/svr-authpasswd.c index 17dd2a1..7a5a121 100644 --- a/svr-authpasswd.c +++ b/svr-authpasswd.c @@ -33,6 +33,17 @@ #ifdef ENABLE_SVR_PASSWORD_AUTH +static int constant_time_strcmp(const char* a, const char* b) { + size_t la = strlen(a); + size_t lb = strlen(b); + + if (la != lb) { + return 1; + } + + return constant_time_memcmp(a, b, la); +} + /* Process a password auth request, sending success or failure messages as * appropriate */ void svr_auth_password() { @@ -82,7 +93,7 @@ void svr_auth_password() { return; } - if (strcmp(testcrypt, passwdcrypt) == 0) { + if (constant_time_strcmp(testcrypt, passwdcrypt) == 0) { /* successful authentication */ dropbear_log(LOG_NOTICE, "Password auth succeeded for '%s' from %s", |