From: Harlan Stenn <stenn@ntp.org>
Date: Sat, 23 Jan 2016 13:52:03 +0000 (+0000)
Subject: revert use of isc_tsmemcmp in sntp/crypto.c until it is in a more accessible place... 
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=85f18c0d840874892fd702df5373e0c3e496e877;p=thirdparty%2Fntp.git

revert use of isc_tsmemcmp in sntp/crypto.c until it is in a more accessible place.  This is not a critical use of that function.

bk: 56a38583qfFu93upBj8LSVQHZ42y9w
---

diff --git a/sntp/crypto.c b/sntp/crypto.c
index a50c88a44..a534239a3 100644
--- a/sntp/crypto.c
+++ b/sntp/crypto.c
@@ -57,11 +57,16 @@ auth_md5(
 	pkt_ptr = pkt_data;
 	hash_len = make_mac(pkt_ptr, pkt_size, sizeof(digest), cmp_key,
 			    digest);
-	if (!hash_len)
+	if (!hash_len) {
 		authentic = FALSE;
-	else
-		authentic = !isc_tsmemcmp(digest, pkt_data + pkt_size + 4,
+	} else {
+		/* isc_tsmemcmp will be better when its easy to link
+		 * with.  sntp is a 1-shot program, so snooping for
+		 * timing attacks is Harder.
+		 */
+		authentic = !memcmp(digest, pkt_data + pkt_size + 4,
 				    hash_len);
+	}
 	return authentic;
 }