Add timingsafe_bcmp(3) to libc, mention that it's already in the

kernel in kern(9), and remove it from OpenSSH.

ok deraadt@, djm@

4 files changed, 64 insertions, 7 deletions

diff --git a/lib/libc/Makefile.inc b/lib/libc/Makefile.inc
index 170a44eeb5b..69d1c5c330c 100644
--- a/lib/libc/Makefile.inc
+++ b/lib/libc/Makefile.inc
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile.inc,v 1.15 2010/07/27 16:59:03 stsp Exp $
+#	$OpenBSD: Makefile.inc,v 1.16 2010/09/24 13:33:00 matthew Exp $
 #
 # This file contains make rules used to build libc
 #
@@ -62,7 +62,7 @@ CFLAGS+=-DNLS
 LIBKERN=	${LIBCSRCDIR}/../../sys/lib/libkern
 
 KSRCS=	bcmp.c bzero.c ffs.c strcat.c strcmp.c strcpy.c strlen.c strncmp.c \
-	strncpy.c htonl.c htons.c ntohl.c ntohs.c
+	strncpy.c htonl.c htons.c ntohl.c ntohs.c timingsafe_bcmp.c
 .if (${MACHINE_CPU} != "alpha")
 KSRCS+=	adddi3.c anddi3.c ashldi3.c ashrdi3.c cmpdi2.c divdi3.c iordi3.c \
 	lshldi3.c lshrdi3.c moddi3.c muldi3.c negdi2.c notdi2.c qdivrem.c \
diff --git a/lib/libc/string/Makefile.inc b/lib/libc/string/Makefile.inc
index 3264b799f17..34edd8eb334 100644
--- a/lib/libc/string/Makefile.inc
+++ b/lib/libc/string/Makefile.inc
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile.inc,v 1.22 2010/05/18 22:24:55 tedu Exp $
+#	$OpenBSD: Makefile.inc,v 1.23 2010/09/24 13:33:00 matthew Exp $
 
 # string sources
 .PATH: ${LIBCSRCDIR}/arch/${MACHINE_CPU}/string ${LIBCSRCDIR}/string
@@ -9,7 +9,8 @@ SRCS+=	bm.c memccpy.c memrchr.c strcasecmp.c strcasestr.c strcoll.c strdup.c \
 	wcscat.c wcschr.c wcscmp.c wcscpy.c wcscspn.c wcslcat.c wcslcpy.c \
 	wcslen.c wcsncat.c wcsncmp.c wcsncpy.c wcspbrk.c wcsrchr.c wcsspn.c \
 	wcsstr.c wcstok.c wcswcs.c wcswidth.c wmemchr.c wmemcmp.c wmemcpy.c \
-	wmemmove.c wmemset.c
+	wmemmove.c wmemset.c \
+	timingsafe_bcmp.c
 
 # machine-dependent net sources
 # m-d Makefile.inc must include sources for:
@@ -178,3 +179,4 @@ MLINKS+=wmemchr.3 wcspbrk.3
 MLINKS+=wmemchr.3 wcsrchr.3
 MLINKS+=wmemchr.3 wcsspn.3
 MLINKS+=wmemchr.3 wcsstr.3
+MLINKS+=bcmp.3 timingsafe_bcmp.3
diff --git a/lib/libc/string/bcmp.3 b/lib/libc/string/bcmp.3
index 57e1a0faded..1a777506276 100644
--- a/lib/libc/string/bcmp.3
+++ b/lib/libc/string/bcmp.3
@@ -27,18 +27,21 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"	$OpenBSD: bcmp.3,v 1.7 2007/05/31 19:19:32 jmc Exp $
+.\"	$OpenBSD: bcmp.3,v 1.8 2010/09/24 13:33:00 matthew Exp $
 .\"
-.Dd $Mdocdate: May 31 2007 $
+.Dd $Mdocdate: September 24 2010 $
 .Dt BCMP 3
 .Os
 .Sh NAME
-.Nm bcmp
+.Nm bcmp ,
+.Nm timingsafe_bcmp
 .Nd compare byte string
 .Sh SYNOPSIS
 .Fd #include <string.h>
 .Ft int
 .Fn bcmp "const void *b1" "const void *b2" "size_t len"
+.Ft int
+.Fn timingsafe_bcmp "const void *b1" "const void *b2" "size_t len"
 .Sh DESCRIPTION
 The
 .Fn bcmp
@@ -53,6 +56,20 @@ bytes long.
 Zero-length strings are always identical.
 .Pp
 The strings may overlap.
+.Pp
+The
+.Fn timingsafe_bcmp
+function has the same semantics as
+.Fn bcmp ,
+but its running time is independent of the contents of
+.Fa b1
+and
+.Fa b2 ,
+making it safe to use for comparing secret values such as cryptographic MACs.
+In contrast,
+.Fn bcmp
+returns after finding the first differing byte,
+making it vulnerable to timing attacks.
 .Sh SEE ALSO
 .Xr memcmp 3 ,
 .Xr strcasecmp 3 ,
@@ -64,3 +81,8 @@ A
 .Fn bcmp
 function first appeared in
 .Bx 4.2 .
+.Pp
+The
+.Fn timingsafe_bcmp
+function first appeared in
+.Ox 4.9 .
diff --git a/lib/libc/string/timingsafe_bcmp.c b/lib/libc/string/timingsafe_bcmp.c
new file mode 100644
index 00000000000..9c4287cf63c
--- /dev/null
+++ b/lib/libc/string/timingsafe_bcmp.c
@@ -0,0 +1,33 @@
+/*	$OpenBSD: timingsafe_bcmp.c,v 1.1 2010/09/24 13:33:00 matthew Exp $	*/
+/*
+ * Copyright (c) 2010 Damien Miller.  All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#if !defined(_KERNEL) && !defined(_STANDALONE)
+#include <string.h>
+#else
+#include <lib/libkern/libkern.h>
+#endif
+
+int
+timingsafe_bcmp(const void *b1, const void *b2, size_t n)
+{
+	const unsigned char *p1 = b1, *p2 = b2;
+	int ret = 0;
+
+	for (; n > 0; n--)
+		ret |= *p1++ ^ *p2++;
+	return (ret != 0);
+}