Use constant-time memcmp when comparing sensitive buffers

This helps to avoid timing attacks.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>

lib/gssapi/krb5/8003.c

@@ -259,7 +259,7 @@ _gsskrb5_verify_8003_checksum(
     }
 
     if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
-	&& (memcmp(p, zeros, sizeof(zeros)) != 0 || client_asserted_cb)) {
+	&& (ct_memcmp(p, zeros, sizeof(zeros)) != 0 || client_asserted_cb)) {
 	if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) {
 	    *minor_status = 0;
 	    return GSS_S_BAD_BINDINGS;

lib/gssapi/krb5/arcfour.c

@@ -1359,7 +1359,7 @@ _gssapi_unwrap_iov_arcfour(OM_uint32 *minor_status,
 	return GSS_S_FAILURE;
     }
 
-    cmp = (memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */
+    cmp = (ct_memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */
     if (cmp) {
 	*minor_status = 0;
 	return GSS_S_BAD_MIC;

lib/gssapi/netlogon/crypto.c

@@ -588,7 +588,7 @@ _netlogon_unwrap_iov(OM_uint32 *minor_status,
 
     /* [MS-NRPC] 3.3.4.2.2.10: verify signature */
     _netlogon_digest(ctx, sig, iov, iov_count, checksum);
-    if (memcmp(sig->Checksum, checksum, _netlogon_checksum_length(sig)) != 0)
+    if (ct_memcmp(sig->Checksum, checksum, _netlogon_checksum_length(sig)) != 0)
         return GSS_S_BAD_SIG;
 
     HEIMDAL_MUTEX_lock(&ctx->Mutex);

lib/gssapi/ntlm/crypto.c

@@ -230,7 +230,7 @@ v2_verify_message(gss_buffer_t in,
     if (ret)
 	return ret;
 
-    if (memcmp(checksum, out, 16) != 0)
+    if (ct_memcmp(checksum, out, 16) != 0)
 	return GSS_S_BAD_MIC;
 
     return GSS_S_COMPLETE;