From 41d131e9000a5e1bb02a6867ac4ee974073fff8c Mon Sep 17 00:00:00 2001
From: Dirkjan Bussink <d.bussink@gmail.com>
Date: Wed, 23 Apr 2014 17:27:10 -0700
Subject: [PATCH 1/6] Use constant time comparison function for HMAC comparison

Signed-off-by: Jon Simons <jon@jonsimons.org>
---
 src/packet_crypt.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/packet_crypt.c b/src/packet_crypt.c
index c30264e5..59a6dcc5 100644
--- a/src/packet_crypt.c
+++ b/src/packet_crypt.c
@@ -188,6 +188,16 @@ unsigned char *ssh_packet_encrypt(ssh_session session, void *data, uint32_t len)
   return crypto->hmacbuf;
 }
 
+static int secure_memcmp(const void *s1, const void *s2, size_t n) {
+  int rc = 0;
+  const unsigned char *p1 = s1;
+  const unsigned char *p2 = s2;
+  for(; n > 0; --n) {
+    rc |= *p1++ ^ *p2++;
+  }
+  return (rc != 0);
+}
+
 /**
  * @internal
  *
@@ -234,7 +244,7 @@ int ssh_packet_hmac_verify(ssh_session session,
   ssh_print_hexa("Computed mac",hmacbuf,len);
   ssh_print_hexa("seq",(unsigned char *)&seq,sizeof(uint32_t));
 #endif
-  if (memcmp(mac, hmacbuf, len) == 0) {
+  if (secure_memcmp(mac, hmacbuf, len) == 0) {
     return 0;
   }
 
-- 
2.11.0