Constant time memcmp for the hmac and password crypt

author: Matt Johnston <matt@ucc.asn.au> 2013-10-03 22:25:30 +0800
committer: Matt Johnston <matt@ucc.asn.au> 2013-10-03 22:25:30 +0800
commit: e80daa98e9750d1045e5bc99b419c84ead70a684 (patch)
tree: 3a5081172fabd90b4befc733decafe0f2a388291 /svr-authpasswd.c
parent: 09eb32b6b53f6e09a713ce416051ad65a07c132a (diff)
download: dropbear-e80daa98e9750d1045e5bc99b419c84ead70a684.tar.gz
1 files changed, 12 insertions, 1 deletions
diff --git a/svr-authpasswd.c b/svr-authpasswd.c
index 17dd2a1..7a5a121 100644
--- a/svr-authpasswd.c
+++ b/svr-authpasswd.c
@@ -33,6 +33,17 @@
 
 #ifdef ENABLE_SVR_PASSWORD_AUTH
 
+static int constant_time_strcmp(const char* a, const char* b) {
+	size_t la = strlen(a);
+	size_t lb = strlen(b);
+
+	if (la != lb) {
+		return 1;
+	}
+
+	return constant_time_memcmp(a, b, la);
+}
+
 /* Process a password auth request, sending success or failure messages as
  * appropriate */
 void svr_auth_password() {
@@ -82,7 +93,7 @@ void svr_auth_password() {
 		return;
 	}
 
-	if (strcmp(testcrypt, passwdcrypt) == 0) {
+	if (constant_time_strcmp(testcrypt, passwdcrypt) == 0) {
 		/* successful authentication */
 		dropbear_log(LOG_NOTICE, 
 				"Password auth succeeded for '%s' from %s",
author	Matt Johnston <matt@ucc.asn.au>	2013-10-03 22:25:30 +0800
committer	Matt Johnston <matt@ucc.asn.au>	2013-10-03 22:25:30 +0800
commit	e80daa98e9750d1045e5bc99b419c84ead70a684 (patch)
tree	3a5081172fabd90b4befc733decafe0f2a388291 /svr-authpasswd.c
parent	09eb32b6b53f6e09a713ce416051ad65a07c132a (diff)
download	dropbear-e80daa98e9750d1045e5bc99b419c84ead70a684.tar.gz