From: Harlan Stenn <stenn@ntp.org>
Date: Sat, 23 Jan 2016 13:52:03 +0000 (+0000)
Subject: revert use of isc_tsmemcmp in sntp/crypto.c until it is in a more accessible place... 
X-Git-Tag: NTP_4_2_8P7~38^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1be586dbc27a5a09a63d1247e0d1f85a1161fcbb;p=thirdparty%2Fntp.git

revert use of isc_tsmemcmp in sntp/crypto.c until it is in a more accessible place.  This is not a critical use of that function.

bk: 56a38583qfFu93upBj8LSVQHZ42y9w
---

diff --git a/sntp/crypto.c b/sntp/crypto.c
index a50c88a44..a534239a3 100644
--- a/sntp/crypto.c
+++ b/sntp/crypto.c
@@ -57,11 +57,16 @@ auth_md5(
 	pkt_ptr = pkt_data;
 	hash_len = make_mac(pkt_ptr, pkt_size, sizeof(digest), cmp_key,
 			    digest);
-	if (!hash_len)
+	if (!hash_len) {
 		authentic = FALSE;
-	else
-		authentic = !isc_tsmemcmp(digest, pkt_data + pkt_size + 4,
+	} else {
+		/* isc_tsmemcmp will be better when its easy to link
+		 * with.  sntp is a 1-shot program, so snooping for
+		 * timing attacks is Harder.
+		 */
+		authentic = !memcmp(digest, pkt_data + pkt_size + 4,
 				    hash_len);
+	}
 	return authentic;
 }