src - OpenBSD base system

diff options


context:
space:
mode:

author	Ted Unangst <tedu@cvs.openbsd.org>	2014-06-19 21:29:52 +0000
committer	Ted Unangst <tedu@cvs.openbsd.org>	2014-06-19 21:29:52 +0000
commit	f3cdfb4ce2276706248abf4f65d96a6ecc75e220 (patch)
tree	20bab87a954baf4300c1e37da596f889c12271bf /lib
parent	c8875cb7bb9304fbf8bd2c94eb5317b846932b68 (diff)

convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring

libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod

Diffstat (limited to 'lib')

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

lib/libssl/ssl_sess.c

-rw-r--r--

lib/libssl/t1_lib.c

-rw-r--r--

lib/libssl/t1_reneg.c

9 files changed, 22 insertions, 22 deletions

diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c
index aa2185d2ed3..d75f56beb63 100644
--- a/lib/libssl/d1_pkt.c
+++ b/lib/libssl/d1_pkt.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: d1_pkt.c,v 1.29 2014/06/15 15:29:25 jsing Exp $ */

+/* $OpenBSD: d1_pkt.c,v 1.30 2014/06/19 21:29:51 tedu Exp $ */

* DTLS implementation written by Nagendra Modadugu

* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.

@@ -414,7 +414,7 @@ dtls1_process_record(SSL *s)

}

i = s->method->ssl3_enc->mac(s, md, 0 /* not send */);

- if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)

+ if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)

enc_err = -1;

if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)

enc_err = -1;

diff --git a/lib/libssl/s3_both.c b/lib/libssl/s3_both.c
index 4f40adbb1a5..2da6b527e11 100644
--- a/lib/libssl/s3_both.c
+++ b/lib/libssl/s3_both.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: s3_both.c,v 1.24 2014/06/12 15:49:31 deraadt Exp $ */

+/* $OpenBSD: s3_both.c,v 1.25 2014/06/19 21:29:51 tedu Exp $ */

@@ -256,7 +256,7 @@ ssl3_get_finished(SSL *s, int a, int b)

goto f_err;

}

- if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) {

+ if (timingsafe_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) {

al = SSL_AD_DECRYPT_ERROR;

SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED);

goto f_err;

diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c
index d8036c40618..7257ba566d3 100644
--- a/lib/libssl/s3_clnt.c
+++ b/lib/libssl/s3_clnt.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: s3_clnt.c,v 1.70 2014/06/12 15:49:31 deraadt Exp $ */

+/* $OpenBSD: s3_clnt.c,v 1.71 2014/06/19 21:29:51 tedu Exp $ */

@@ -883,9 +883,9 @@ ssl3_get_server_hello(SSL *s)

}

if (j != 0 && j == s->session->session_id_length &&

- CRYPTO_memcmp(p, s->session->session_id, j) == 0) {

+ timingsafe_memcmp(p, s->session->session_id, j) == 0) {

if (s->sid_ctx_length != s->session->sid_ctx_length ||

- CRYPTO_memcmp(s->session->sid_ctx,

+ timingsafe_memcmp(s->session->sid_ctx,

s->sid_ctx, s->sid_ctx_length)) {

/* actually a client application bug */

al = SSL_AD_ILLEGAL_PARAMETER;

diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c
index f5d8bedbea1..a508d5ee495 100644
--- a/lib/libssl/s3_pkt.c
+++ b/lib/libssl/s3_pkt.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: s3_pkt.c,v 1.47 2014/06/13 10:52:24 jsing Exp $ */

+/* $OpenBSD: s3_pkt.c,v 1.48 2014/06/19 21:29:51 tedu Exp $ */

@@ -447,7 +447,7 @@ again:

i = s->method->ssl3_enc->mac(s,md,0 /* not send */);

if (i < 0 || mac == NULL ||

- CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)

+ timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)

enc_err = -1;

if (rr->length >

SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size)

diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index cab034d18f5..161534295fa 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: s3_srvr.c,v 1.65 2014/06/18 04:51:31 miod Exp $ */

+/* $OpenBSD: s3_srvr.c,v 1.66 2014/06/19 21:29:51 tedu Exp $ */

@@ -1024,7 +1024,7 @@ ssl3_get_client_hello(SSL *s)

goto f_err;

}

/* else cookie verification succeeded */

- } else if (CRYPTO_memcmp(s->d1->rcvd_cookie, s->d1->cookie,

+ } else if (timingsafe_memcmp(s->d1->rcvd_cookie, s->d1->cookie,

s->d1->cookie_len) != 0) {

/* default verification */

al = SSL_AD_HANDSHAKE_FAILURE;

diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 04c33930532..f867daab0ec 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssl_lib.c,v 1.68 2014/06/17 01:41:01 tedu Exp $ */

+/* $OpenBSD: ssl_lib.c,v 1.69 2014/06/19 21:29:51 tedu Exp $ */

@@ -1678,7 +1678,7 @@ ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)

return (1);

if (a->session_id_length != b->session_id_length)

return (1);

- if (CRYPTO_memcmp(a->session_id, b->session_id, a->session_id_length) != 0)

+ if (timingsafe_memcmp(a->session_id, b->session_id, a->session_id_length) != 0)

return (1);

return (0);

}

diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c
index 273a7d68171..9046dce7f88 100644
--- a/lib/libssl/ssl_sess.c
+++ b/lib/libssl/ssl_sess.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssl_sess.c,v 1.32 2014/06/12 15:49:31 deraadt Exp $ */

+/* $OpenBSD: ssl_sess.c,v 1.33 2014/06/19 21:29:51 tedu Exp $ */

@@ -498,7 +498,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,

/* Now ret is non-NULL and we own one of its reference counts. */

if (ret->sid_ctx_length != s->sid_ctx_length

- || CRYPTO_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {

+ || timingsafe_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {

/* We have the session requested by the client, but we don't

* want to use it in this context. */

goto err; /* treat like cache miss */

diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index 054de0ceef1..7b3393820bc 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: t1_lib.c,v 1.47 2014/06/18 04:49:40 miod Exp $ */

+/* $OpenBSD: t1_lib.c,v 1.48 2014/06/19 21:29:51 tedu Exp $ */

@@ -1879,7 +1879,7 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,

renew_ticket = 1;

} else {

/* Check key name matches */

- if (CRYPTO_memcmp(etick, tctx->tlsext_tick_key_name, 16))

+ if (timingsafe_memcmp(etick, tctx->tlsext_tick_key_name, 16))

return 2;

HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,

tlsext_tick_md(), NULL);

@@ -1899,7 +1899,7 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,

HMAC_Update(&hctx, etick, eticklen);

HMAC_Final(&hctx, tick_hmac, NULL);

HMAC_CTX_cleanup(&hctx);

- if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) {

+ if (timingsafe_memcmp(tick_hmac, etick + eticklen, mlen)) {

EVP_CIPHER_CTX_cleanup(&ctx);

return 2;

}

diff --git a/lib/libssl/t1_reneg.c b/lib/libssl/t1_reneg.c
index 43ad73a5986..483d311e9cc 100644
--- a/lib/libssl/t1_reneg.c
+++ b/lib/libssl/t1_reneg.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: t1_reneg.c,v 1.6 2014/06/12 15:49:31 deraadt Exp $ */

+/* $OpenBSD: t1_reneg.c,v 1.7 2014/06/19 21:29:51 tedu Exp $ */

@@ -172,7 +172,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,

return 0;

}

- if (CRYPTO_memcmp(d, s->s3->previous_client_finished,

+ if (timingsafe_memcmp(d, s->s3->previous_client_finished,

s->s3->previous_client_finished_len)) {

SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,

SSL_R_RENEGOTIATION_MISMATCH);

@@ -259,7 +259,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,

return 0;

}

- if (CRYPTO_memcmp(d, s->s3->previous_client_finished,

+ if (timingsafe_memcmp(d, s->s3->previous_client_finished,

s->s3->previous_client_finished_len)) {

SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,

SSL_R_RENEGOTIATION_MISMATCH);

@@ -268,7 +268,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,

}

d += s->s3->previous_client_finished_len;

- if (CRYPTO_memcmp(d, s->s3->previous_server_finished,

+ if (timingsafe_memcmp(d, s->s3->previous_server_finished,

s->s3->previous_server_finished_len)) {

SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,

SSL_R_RENEGOTIATION_MISMATCH);