Use constant-time comparisons for checksums

6 files changed, 7 insertions, 7 deletions

diff --git a/src/lib/crypto/krb/checksum_confounder.c b/src/lib/crypto/krb/checksum_confounder.c
index 31c7cd3646..34941562c4 100644
--- a/src/lib/crypto/krb/checksum_confounder.c
+++ b/src/lib/crypto/krb/checksum_confounder.c
@@ -148,7 +148,7 @@ krb5_error_code krb5int_confounder_verify(const struct krb5_cksumtypes *ctp,
         goto cleanup;
 
     /* Compare the decrypted hash to the computed one. */
-    *valid = (memcmp(plaintext + blocksize, computed.data, hashsize) == 0);
+    *valid = (k5_bcmp(plaintext + blocksize, computed.data, hashsize) == 0);
 
 cleanup:
     zapfree(plaintext, input->length);
diff --git a/src/lib/crypto/krb/enc_dk_cmac.c b/src/lib/crypto/krb/enc_dk_cmac.c
index e27c862ad1..9bb3dbaecd 100644
--- a/src/lib/crypto/krb/enc_dk_cmac.c
+++ b/src/lib/crypto/krb/enc_dk_cmac.c
@@ -169,7 +169,7 @@ krb5int_dk_cmac_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
     ret = krb5int_cmac_checksum(enc, ki, data, num_data, &cksum);
     if (ret != 0)
         goto cleanup;
-    if (!data_eq(cksum, trailer->data))
+    if (k5_bcmp(cksum.data, trailer->data.data, enc->block_size) != 0)
         ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
 
 cleanup:
diff --git a/src/lib/crypto/krb/enc_dk_hmac.c b/src/lib/crypto/krb/enc_dk_hmac.c
index 217aa88f68..f16459ec21 100644
--- a/src/lib/crypto/krb/enc_dk_hmac.c
+++ b/src/lib/crypto/krb/enc_dk_hmac.c
@@ -256,7 +256,7 @@ krb5int_dk_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
         goto cleanup;
 
     /* Compare only the possibly truncated length. */
-    if (memcmp(cksum, trailer->data.data, hmacsize) != 0) {
+    if (k5_bcmp(cksum, trailer->data.data, hmacsize) != 0) {
         ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
         goto cleanup;
     }
diff --git a/src/lib/crypto/krb/enc_old.c b/src/lib/crypto/krb/enc_old.c
index a40f709425..1b02a59157 100644
--- a/src/lib/crypto/krb/enc_old.c
+++ b/src/lib/crypto/krb/enc_old.c
@@ -169,7 +169,7 @@ krb5int_old_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
      * the saved checksum.
      */
     ret = hash->hash(data, num_data, &checksum);
-    if (memcmp(checksum.data, saved_checksum, checksum.length) != 0) {
+    if (k5_bcmp(checksum.data, saved_checksum, checksum.length) != 0) {
         ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
         goto cleanup;
     }
diff --git a/src/lib/crypto/krb/enc_rc4.c b/src/lib/crypto/krb/enc_rc4.c
index 265e3c1d03..aac8508b13 100644
--- a/src/lib/crypto/krb/enc_rc4.c
+++ b/src/lib/crypto/krb/enc_rc4.c
@@ -277,7 +277,7 @@ krb5int_arcfour_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
         if (ret != 0)
             goto cleanup;
 
-        if (memcmp(checksum.data, comp_checksum.data, hash->hashsize) != 0) {
+        if (k5_bcmp(checksum.data, comp_checksum.data, hash->hashsize) != 0) {
             if (usage == 9) {
                 /*
                  * RFC 4757 specifies usage 8 for TGS-REP encrypted parts
diff --git a/src/lib/crypto/krb/verify_checksum_iov.c b/src/lib/crypto/krb/verify_checksum_iov.c
index efa2adcaad..fc76c0e269 100644
--- a/src/lib/crypto/krb/verify_checksum_iov.c
+++ b/src/lib/crypto/krb/verify_checksum_iov.c
@@ -71,8 +71,8 @@ krb5_k_verify_checksum_iov(krb5_context context,
 
     ret = ctp->checksum(ctp, key, usage, data, num_data, &computed);
     if (ret == 0) {
-        *valid = (memcmp(computed.data, checksum->data.data,
-                         ctp->output_size) == 0);
+        *valid = (k5_bcmp(computed.data, checksum->data.data,
+                          ctp->output_size) == 0);
     }
 
     zapfree(computed.data, ctp->compute_size);