===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/Attic/jpake.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- src/usr.bin/ssh/Attic/jpake.c	2009/03/05 07:18:19	1.2
+++ src/usr.bin/ssh/Attic/jpake.c	2010/07/13 11:52:06	1.3
@@ -1,4 +1,4 @@
-/* $OpenBSD: jpake.c,v 1.2 2009/03/05 07:18:19 djm Exp $ */
+/* $OpenBSD: jpake.c,v 1.3 2010/07/13 11:52:06 djm Exp $ */
 /*
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
  *
@@ -432,7 +432,7 @@
 	if (peer_confirm_hash_len != expected_confirm_hash_len)
 		error("%s: confirmation length mismatch (my %u them %u)",
 		    __func__, expected_confirm_hash_len, peer_confirm_hash_len);
-	else if (memcmp(peer_confirm_hash, expected_confirm_hash,
+	else if (timing_safe_cmp(peer_confirm_hash, expected_confirm_hash,
 	    expected_confirm_hash_len) == 0)
 		success = 1;
 	bzero(expected_confirm_hash, expected_confirm_hash_len);