From d1dec41f7656d7937f1cce64df1cc41121f3e44d Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Thu, 3 Oct 2013 22:25:30 +0800
Subject: Constant time memcmp for the hmac and password crypt

---
 packet.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'packet.c')

diff --git a/packet.c b/packet.c
index d458ccf..4ebd0d7 100644
--- a/packet.c
+++ b/packet.c
@@ -376,7 +376,7 @@ static int checkmac() {
 
 	/* compare the hash */
 	buf_setpos(ses.readbuf, contents_len);
-	if (memcmp(mac_bytes, buf_getptr(ses.readbuf, mac_size), mac_size) != 0) {
+	if (constant_time_memcmp(mac_bytes, buf_getptr(ses.readbuf, mac_size), mac_size) != 0) {
 		return DROPBEAR_FAILURE;
 	} else {
 		return DROPBEAR_SUCCESS;
-- 
cgit v1.2.3