From 9c3f005cd02b40e370de9b1ede64b4bf61e542f0 Mon Sep 17 00:00:00 2001 From: yasuoka Date: Wed, 14 Aug 2024 04:50:31 +0000 Subject: [PATCH] timingsafe_bcmp() is better than timingsafe_memcmp() for the purpose. --- lib/libradius/radius.c | 6 +++--- lib/libradius/radius_msgauth.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/libradius/radius.c b/lib/libradius/radius.c index db351ea97cd..3fec6d9a3df 100644 --- a/lib/libradius/radius.c +++ b/lib/libradius/radius.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radius.c,v 1.5 2024/08/08 09:16:37 yasuoka Exp $ */ +/* $OpenBSD: radius.c,v 1.6 2024/08/14 04:50:31 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -261,7 +261,7 @@ radius_check_response_authenticator(const RADIUS_PACKET * packet, uint8_t authenticator[16]; radius_calc_response_authenticator(authenticator, packet, secret); - return (timingsafe_memcmp(authenticator, packet->pdata->authenticator, + return (timingsafe_bcmp(authenticator, packet->pdata->authenticator, 16)); } @@ -300,7 +300,7 @@ radius_check_accounting_request_authenticator(const RADIUS_PACKET * packet, radius_calc_accounting_request_authenticator(authenticator, packet, secret); - return (timingsafe_memcmp(authenticator, packet->pdata->authenticator, + return (timingsafe_bcmp(authenticator, packet->pdata->authenticator, 16)); } diff --git a/lib/libradius/radius_msgauth.c b/lib/libradius/radius_msgauth.c index 97170b65dbc..317fbe88026 100644 --- a/lib/libradius/radius_msgauth.c +++ b/lib/libradius/radius_msgauth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radius_msgauth.c,v 1.4 2024/08/08 09:16:37 yasuoka Exp $ */ +/* $OpenBSD: radius_msgauth.c,v 1.5 2024/08/14 04:50:31 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -149,5 +149,5 @@ radius_check_message_authenticator(RADIUS_PACKET * packet, const char *secret) if (len != sizeof(ma1)) return (-1); - return (timingsafe_memcmp(ma0, ma1, sizeof(ma1))); + return (timingsafe_bcmp(ma0, ma1, sizeof(ma1))); } -- 2.20.1