s4:heimdal: import lorikeet-heimdal-201001120029 (commit a5e675fed7c5db8a7370b77ed0bfa724196aa84d)

author: Andrew Bartlett <abartlet@samba.org> 2010-01-12 18:16:45 +1100
committer: Andrew Bartlett <abartlet@samba.org> 2010-03-27 11:51:27 +1100
commit: 89eaef025376339ef25d07cdc4748920fceaa968 (patch)
tree: f514f4632c9d54a372a7f1f0ca845a0c3a488fbf /source4/heimdal/lib/hcrypto/des.c
parent: fac8ca52ade6e490eea3cf3d0fc98287da321c13 (diff)
download: samba-89eaef025376339ef25d07cdc4748920fceaa968.tar.gz
samba-89eaef025376339ef25d07cdc4748920fceaa968.tar.bz2
samba-89eaef025376339ef25d07cdc4748920fceaa968.zip
1 files changed, 7 insertions, 6 deletions
diff --git a/source4/heimdal/lib/hcrypto/des.c b/source4/heimdal/lib/hcrypto/des.c
index c9067d7bcc..43ff8a3f50 100644
--- a/source4/heimdal/lib/hcrypto/des.c
+++ b/source4/heimdal/lib/hcrypto/des.c
@@ -92,6 +92,8 @@
 #include <krb5-types.h>
 #include <assert.h>
 
+#include <roken.h>
+
 #include "des.h"
 #include "ui.h"
 
@@ -180,14 +182,13 @@ static DES_cblock weak_keys[] = {
 int
 DES_is_weak_key(DES_cblock *key)
 {
+    int weak = 0;
     int i;
 
-    /* Not constant time size if the key is weak, the app should not use it. */
-    for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++) {
-	if (memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0)
-	    return 1;
-    }
-    return 0;
+    for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++)
+	weak ^= (ct_memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0);
+
+    return !!weak;
 }
 
 /**
author	Andrew Bartlett <abartlet@samba.org>	2010-01-12 18:16:45 +1100
committer	Andrew Bartlett <abartlet@samba.org>	2010-03-27 11:51:27 +1100
commit	89eaef025376339ef25d07cdc4748920fceaa968 (patch)
tree	f514f4632c9d54a372a7f1f0ca845a0c3a488fbf /source4/heimdal/lib/hcrypto/des.c
parent	fac8ca52ade6e490eea3cf3d0fc98287da321c13 (diff)
download	samba-89eaef025376339ef25d07cdc4748920fceaa968.tar.gz samba-89eaef025376339ef25d07cdc4748920fceaa968.tar.bz2 samba-89eaef025376339ef25d07cdc4748920fceaa968.zip