1 files changed, 12 insertions, 15 deletions

diff --git a/paramiko/packet.py b/paramiko/packet.py
index b941c75b..fd1f0197 100644
--- a/paramiko/packet.py
+++ b/paramiko/packet.py
@@ -17,7 +17,7 @@
 # 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA.
 
 """
-Packetizer.
+Packet handling
 """
 
 import errno
@@ -104,7 +104,7 @@ class Packetizer (object):
 
     def set_log(self, log):
         """
-        Set the python log object to use for logging.
+        Set the Python log object to use for logging.
         """
         self.__logger = log
 
@@ -169,17 +169,15 @@ class Packetizer (object):
 
     def need_rekey(self):
         """
-        Returns C{True} if a new set of keys needs to be negotiated.  This
+        Returns ``True`` if a new set of keys needs to be negotiated.  This
         will be triggered during a packet read or write, so it should be
         checked after every read or write, or at least after every few.
-
-        @return: C{True} if a new set of keys needs to be negotiated
         """
         return self.__need_rekey
 
     def set_keepalive(self, interval, callback):
         """
-        Turn on/off the callback keepalive.  If C{interval} seconds pass with
+        Turn on/off the callback keepalive.  If ``interval`` seconds pass with
         no data read from or written to the socket, the callback will be
         executed and the timer will be reset.
         """
@@ -191,12 +189,11 @@ class Packetizer (object):
         """
         Read as close to N bytes as possible, blocking as long as necessary.
 
-        @param n: number of bytes to read
-        @type n: int
-        @return: the data read
-        @rtype: str
-        @raise EOFError: if the socket was closed before all the bytes could
-            be read
+        :param int n: number of bytes to read
+        :return: the data read, as a `str`
+
+        :raises EOFError:
+            if the socket was closed before all the bytes could be read
         """
         out = bytes()
         # handle over-reading from reading the banner line
@@ -333,8 +330,8 @@ class Packetizer (object):
         Only one thread should ever be in this function (no other locking is
         done).
 
-        @raise SSHException: if the packet is mangled
-        @raise NeedRekeyException: if the transport should rekey
+        :raises SSHException: if the packet is mangled
+        :raises NeedRekeyException: if the transport should rekey
         """
         header = self.read_all(self.__block_size_in, check_rekey=True)
         if self.__block_engine_in != None:
@@ -359,7 +356,7 @@ class Packetizer (object):
             mac = post_packet[:self.__mac_size_in]
             mac_payload = struct.pack('>II', self.__sequence_number_in, packet_size) + packet
             my_mac = compute_hmac(self.__mac_key_in, mac_payload, self.__mac_engine_in)[:self.__mac_size_in]
-            if my_mac != mac:
+            if not util.constant_time_bytes_eq(my_mac, mac):
                 raise SSHException('Mismatched MAC')
         padding = byte_ord(packet[0])
         payload = packet[1:packet_size - padding]