From a6bfd9bb41f5e37e200419558540d2745abea929 Mon Sep 17 00:00:00 2001
From: Love Hornquist Astrand <lha@h5l.org>
Date: Mon, 17 Aug 2009 12:01:06 +0200
Subject: [PATCH] use constant time memcmp

---
 lib/krb5/crypto.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c
index 559e4898f..670f161c7 100644
--- a/lib/krb5/crypto.c
+++ b/lib/krb5/crypto.c
@@ -1295,7 +1295,7 @@ des_verify(krb5_context context,
     EVP_DigestUpdate(m, data, len);
     EVP_DigestFinal_ex (m, res, NULL);
     EVP_MD_CTX_destroy(m);
-    if(memcmp(res, tmp + 8, sizeof(res)) != 0) {
+    if(ct_memcmp(res, tmp + 8, sizeof(res)) != 0) {
 	krb5_clear_error_message (context);
 	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
     }
@@ -1885,7 +1885,7 @@ verify_checksum(krb5_context context,
     }
 
     if(c.checksum.length != cksum->checksum.length ||
-       memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) {
+       ct_memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) {
 	krb5_clear_error_message (context);
 	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
     } else {
@@ -2269,7 +2269,7 @@ ARCFOUR_subdecrypt(krb5_context context,
     memset (k2_c_data, 0, sizeof(k2_c_data));
     memset (k3_c_data, 0, sizeof(k3_c_data));
 
-    if (memcmp (cksum.checksum.data, data, 16) != 0) {
+    if (ct_memcmp (cksum.checksum.data, data, 16) != 0) {
 	krb5_clear_error_message (context);
 	return KRB5KRB_AP_ERR_BAD_INTEGRITY;
     } else {