src - OpenBSD base system

diff options


context:
space:
mode:

author	Matthew Dempsky <matthew@cvs.openbsd.org>	2010-07-20 15:36:04 +0000
committer	Matthew Dempsky <matthew@cvs.openbsd.org>	2010-07-20 15:36:04 +0000
commit	f95bf0159b9d317656e04f36a7b45f5984a04918 (patch)
tree	ad30ebd92f81eada1f3fafedd81cc6fbf3209fa4 /sys/net80211
parent	c423123010a4d3b4ee7bbd318a9d01bad08b80a2 (diff)

Switch some obvious network stack MAC comparisons from bcmp() to

timingsafe_bcmp(). ok deraadt@; committed over WPA.

Diffstat (limited to 'sys/net80211')

-rw-r--r--

sys/net80211/ieee80211_crypto.c

-rw-r--r--

sys/net80211/ieee80211_crypto_bip.c

-rw-r--r--

sys/net80211/ieee80211_crypto_ccmp.c

-rw-r--r--

sys/net80211/ieee80211_crypto_tkip.c

4 files changed, 8 insertions, 8 deletions

diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c
index 64ab098eae5..28afffa824c 100644
--- a/sys/net80211/ieee80211_crypto.c
+++ b/sys/net80211/ieee80211_crypto.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ieee80211_crypto.c,v 1.58 2009/02/13 17:24:54 damien Exp $ */

+/* $OpenBSD: ieee80211_crypto.c,v 1.59 2010/07/20 15:36:03 matthew Exp $ */

/*-

@@ -485,7 +485,7 @@ ieee80211_eapol_key_check_mic(struct ieee80211_eapol_key *key,

memset(key->mic, 0, EAPOL_KEY_MIC_LEN);

ieee80211_eapol_key_mic(key, kck);

- return memcmp(key->mic, mic, EAPOL_KEY_MIC_LEN) != 0;

+ return timingsafe_bcmp(key->mic, mic, EAPOL_KEY_MIC_LEN) != 0;

}

#ifndef IEEE80211_STA_ONLY

diff --git a/sys/net80211/ieee80211_crypto_bip.c b/sys/net80211/ieee80211_crypto_bip.c
index efa96835521..b69fac41d73 100644
--- a/sys/net80211/ieee80211_crypto_bip.c
+++ b/sys/net80211/ieee80211_crypto_bip.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ieee80211_crypto_bip.c,v 1.2 2009/01/26 19:09:41 damien Exp $ */

+/* $OpenBSD: ieee80211_crypto_bip.c,v 1.3 2010/07/20 15:36:03 matthew Exp $ */

/*-

@@ -201,7 +201,7 @@ ieee80211_bip_decap(struct ieee80211com *ic, struct mbuf *m0,

AES_CMAC_Final(mic, &ctx->cmac);

/* check that MIC matches the one in MMIE */

- if (memcmp(mic, mic0, 8) != 0) {

+ if (timingsafe_bcmp(mic, mic0, 8) != 0) {

ic->ic_stats.is_cmac_icv_errs++;

m_freem(m0);

return NULL;

diff --git a/sys/net80211/ieee80211_crypto_ccmp.c b/sys/net80211/ieee80211_crypto_ccmp.c
index d491c20168f..4b246d088aa 100644
--- a/sys/net80211/ieee80211_crypto_ccmp.c
+++ b/sys/net80211/ieee80211_crypto_ccmp.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ieee80211_crypto_ccmp.c,v 1.10 2009/09/24 16:03:10 damien Exp $ */

+/* $OpenBSD: ieee80211_crypto_ccmp.c,v 1.11 2010/07/20 15:36:03 matthew Exp $ */

/*-

@@ -445,7 +445,7 @@ ieee80211_ccmp_decrypt(struct ieee80211com *ic, struct mbuf *m0,

/* check that it matches the MIC in received frame */

m_copydata(m, moff, IEEE80211_CCMP_MICLEN, mic0);

- if (memcmp(mic0, b, IEEE80211_CCMP_MICLEN) != 0) {

+ if (timingsafe_bcmp(mic0, b, IEEE80211_CCMP_MICLEN) != 0) {

ic->ic_stats.is_ccmp_dec_errs++;

m_freem(m0);

m_freem(n0);

diff --git a/sys/net80211/ieee80211_crypto_tkip.c b/sys/net80211/ieee80211_crypto_tkip.c
index ffd04f79e87..08375f263ad 100644
--- a/sys/net80211/ieee80211_crypto_tkip.c
+++ b/sys/net80211/ieee80211_crypto_tkip.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ieee80211_crypto_tkip.c,v 1.17 2009/10/30 20:32:25 damien Exp $ */

+/* $OpenBSD: ieee80211_crypto_tkip.c,v 1.18 2010/07/20 15:36:03 matthew Exp $ */

/*-

@@ -454,7 +454,7 @@ ieee80211_tkip_decrypt(struct ieee80211com *ic, struct mbuf *m0,

/* compute TKIP MIC over decrypted message */

ieee80211_tkip_mic(n0, hdrlen, ctx->rxmic, mic);

/* check that it matches the MIC in received frame */

- if (memcmp(mic0, mic, IEEE80211_TKIP_MICLEN) != 0) {

+ if (timingsafe_bcmp(mic0, mic, IEEE80211_TKIP_MICLEN) != 0) {

m_freem(m0);

m_freem(n0);

ic->ic_stats.is_rx_locmicfail++;