Use a timing-safe memory compare to verify MACs.

[PuTTY.git] / sshsh256.c

diff --git a/sshsh256.c b/sshsh256.c
index 7ea25fbe1193c7ed1d062c798b63bc41c3fd2d77..fdc8a3a52b7537ccbc78b30f56b54ff9a3849fea 100644 (file)
--- a/sshsh256.c
+++ b/sshsh256.c
@@ -307,7 +307,7 @@ static int hmacsha256_verresult(void *handle, unsigned char const *hmac)
 {
     unsigned char correct[32];
     hmacsha256_genresult(handle, correct);
-    return !memcmp(correct, hmac, 32);
+    return smemeq(correct, hmac, 32);
 }
 
 static int sha256_verify(void *handle, unsigned char *blk, int len,
@@ -315,7 +315,7 @@ static int sha256_verify(void *handle, unsigned char *blk, int len,
 {
     unsigned char correct[32];
     sha256_do_hmac(handle, blk, len, seq, correct);
-    return !memcmp(correct, blk + len, 32);
+    return smemeq(correct, blk + len, 32);
 }
 
 const struct ssh_mac ssh_hmac_sha256 = {