From dd04b1d7ba3d650b2561736cfadfef8cbd8701f2 Mon Sep 17 00:00:00 2001
From: Love Hornquist Astrand <lha@h5l.org>
Date: Fri, 1 Jan 2010 13:08:04 +0100
Subject: [PATCH] make DES_is_weak_key ct

---
 lib/hcrypto/des.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/lib/hcrypto/des.c b/lib/hcrypto/des.c
index c9067d7bc..43ff8a3f5 100644
--- a/lib/hcrypto/des.c
+++ b/lib/hcrypto/des.c
@@ -92,6 +92,8 @@
 #include <krb5-types.h>
 #include <assert.h>
 
+#include <roken.h>
+
 #include "des.h"
 #include "ui.h"
 
@@ -180,14 +182,13 @@ static DES_cblock weak_keys[] = {
 int
 DES_is_weak_key(DES_cblock *key)
 {
+    int weak = 0;
     int i;
 
-    /* Not constant time size if the key is weak, the app should not use it. */
-    for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++) {
-	if (memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0)
-	    return 1;
-    }
-    return 0;
+    for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++)
+	weak ^= (ct_memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0);
+
+    return !!weak;
 }
 
 /**