1 files changed, 11 insertions, 20 deletions

diff --git a/common/password.c b/common/password.c
index 74d328f4b2..55b2d1093a 100644
--- a/common/password.c
+++ b/common/password.c
@@ -1,18 +1,6 @@
+// SPDX-License-Identifier: GPL-2.0-only
 /*
  * Copyright (c) 2008-2010 Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
- *
- * See file CREDITS for list of people who contributed to this
- * project.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
  */
 
 #include <common.h>
@@ -30,6 +18,7 @@
 #include <init.h>
 #include <stdlib.h>
 #include <globalvar.h>
+#include <crypto.h>
 #include <generated/passwd.h>
 #include <crypto/pbkdf2.h>
 
@@ -159,14 +148,17 @@ static unsigned char to_hexa(unsigned char c)
 
 static int read_default_passwd(unsigned char *sum, size_t length)
 {
-	int i = 0;
-	int len = strlen(default_passwd);
+	int len, i = 0;
 	unsigned char *buf = (unsigned char *)default_passwd;
 	unsigned char c;
 
+	if (ARRAY_SIZE(default_passwd) == 1)
+		return -ENOSYS;
+
 	if (!sum || length < 1)
 		return -EINVAL;
 
+	len = strlen(default_passwd);
 	for (i = 0; i < len && length > 0; i++) {
 		c = buf[i];
 		i++;
@@ -182,7 +174,6 @@ static int read_default_passwd(unsigned char *sum, size_t length)
 
 	return 0;
 }
-EXPORT_SYMBOL(read_default_passwd);
 
 static int read_env_passwd(unsigned char *sum, size_t length)
 {
@@ -321,7 +312,7 @@ static int check_passwd(unsigned char *passwd, size_t length)
 		if (ret)
 			goto err;
 
-		if (strncmp(passwd1_sum, key, keylen) == 0)
+		if (!crypto_memneq(passwd1_sum, key, keylen))
 			ret = 1;
 	} else {
 		ret = digest_digest(d, passwd, length, passwd1_sum);
@@ -329,7 +320,7 @@ static int check_passwd(unsigned char *passwd, size_t length)
 		if (ret)
 			goto err;
 
-		if (strncmp(passwd1_sum, passwd2_sum, hash_len) == 0)
+		if (!crypto_memneq(passwd1_sum, passwd2_sum, hash_len))
 			ret = 1;
 	}
 
@@ -450,7 +441,7 @@ static int login_global_init(void)
 }
 late_initcall(login_global_init);
 
-BAREBOX_MAGICVAR_NAMED(global_login_fail_command, global.login.fail_command,
+BAREBOX_MAGICVAR(global.login.fail_command,
 		"command to run when password entry failed");
-BAREBOX_MAGICVAR_NAMED(global_login_timeout, global.login.timeout,
+BAREBOX_MAGICVAR(global.login.timeout,
 		"timeout to type the password");