Use constant-time comparisons for checksums

author: Greg Hudson <ghudson@mit.edu> 2013-10-02 17:58:06 -0400
committer: Greg Hudson <ghudson@mit.edu> 2013-10-03 15:26:00 -0400
commit: 07d68eec2788bfe80686608813f644838707c168 (patch)
tree: 59c01da03dc85a005b5936ecf836eac4fe71c98b /src/lib/crypto/krb/verify_checksum_iov.c
parent: ac7d07c2cc54e9f07fe81ac4c50bcc80ecc7ac54 (diff)
download: krb5-07d68eec2788bfe80686608813f644838707c168.tar.gz
krb5-07d68eec2788bfe80686608813f644838707c168.tar.xz
krb5-07d68eec2788bfe80686608813f644838707c168.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/crypto/krb/verify_checksum_iov.c b/src/lib/crypto/krb/verify_checksum_iov.c
index efa2adcaa..fc76c0e26 100644
--- a/src/lib/crypto/krb/verify_checksum_iov.c
+++ b/src/lib/crypto/krb/verify_checksum_iov.c
@@ -71,8 +71,8 @@ krb5_k_verify_checksum_iov(krb5_context context,
 
     ret = ctp->checksum(ctp, key, usage, data, num_data, &computed);
     if (ret == 0) {
-        *valid = (memcmp(computed.data, checksum->data.data,
-                         ctp->output_size) == 0);
+        *valid = (k5_bcmp(computed.data, checksum->data.data,
+                          ctp->output_size) == 0);
     }
 
     zapfree(computed.data, ctp->compute_size);
author	Greg Hudson <ghudson@mit.edu>	2013-10-02 17:58:06 -0400
committer	Greg Hudson <ghudson@mit.edu>	2013-10-03 15:26:00 -0400
commit	07d68eec2788bfe80686608813f644838707c168 (patch)
tree	59c01da03dc85a005b5936ecf836eac4fe71c98b /src/lib/crypto/krb/verify_checksum_iov.c
parent	ac7d07c2cc54e9f07fe81ac4c50bcc80ecc7ac54 (diff)
download	krb5-07d68eec2788bfe80686608813f644838707c168.tar.gz krb5-07d68eec2788bfe80686608813f644838707c168.tar.xz krb5-07d68eec2788bfe80686608813f644838707c168.zip