diff options
Diffstat (limited to 'crypto/openssh/auth-rsa.c')
| -rw-r--r-- | crypto/openssh/auth-rsa.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/crypto/openssh/auth-rsa.c b/crypto/openssh/auth-rsa.c index 65571a8..56702d1 100644 --- a/crypto/openssh/auth-rsa.c +++ b/crypto/openssh/auth-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rsa.c,v 1.74 2010/03/04 10:36:03 djm Exp $ */ +/* $OpenBSD: auth-rsa.c,v 1.78 2010/07/13 23:13:16 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -34,11 +34,11 @@ #include "uidswap.h" #include "match.h" #include "buffer.h" -#include "auth-options.h" #include "pathnames.h" #include "log.h" #include "servconf.h" #include "key.h" +#include "auth-options.h" #include "hostfile.h" #include "auth.h" #ifdef GSSAPI @@ -116,7 +116,7 @@ auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16]) MD5_Final(mdbuf, &md); /* Verify that the response is the original challenge. */ - if (memcmp(response, mdbuf, 16) != 0) { + if (timingsafe_bcmp(response, mdbuf, 16) != 0) { /* Wrong answer. */ return (0); } @@ -256,7 +256,8 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) */ if (!auth_parse_options(pw, key_options, file, linenum)) continue; - + if (key_is_cert_authority) + continue; /* break out, this key is allowed */ allowed = 1; break; |
