diff options
| author | Florian Obser <florian@cvs.openbsd.org> | 2020-02-25 18:10:18 +0000 |
|---|---|---|
| committer | Florian Obser <florian@cvs.openbsd.org> | 2020-02-25 18:10:18 +0000 |
| commit | 7c5a2253f2004bacb44d6f60388ebc1c50494654 (patch) | |
| tree | 6178ca35dcb4d14522ab12a0f6d9ac2ff6bc01fe /usr.bin/dig/lib | |
| parent | cb8c7a125e4341ddaebd9d0ff00b6be0d87bab07 (diff) | |
use timingsafe_bcmp and get rid of now unused safe.c
Diffstat (limited to 'usr.bin/dig/lib')
| -rw-r--r-- | usr.bin/dig/lib/dns/dst_api.c | 5 | ||||
| -rw-r--r-- | usr.bin/dig/lib/dns/hmac_link.c | 3 | ||||
| -rw-r--r-- | usr.bin/dig/lib/isc/Makefile.inc | 4 | ||||
| -rw-r--r-- | usr.bin/dig/lib/isc/hmacsha.c | 17 | ||||
| -rw-r--r-- | usr.bin/dig/lib/isc/include/isc/safe.h | 35 | ||||
| -rw-r--r-- | usr.bin/dig/lib/isc/safe.c | 35 |
6 files changed, 13 insertions, 86 deletions
diff --git a/usr.bin/dig/lib/dns/dst_api.c b/usr.bin/dig/lib/dns/dst_api.c index be9154041d0..fcce2293afd 100644 --- a/usr.bin/dig/lib/dns/dst_api.c +++ b/usr.bin/dig/lib/dns/dst_api.c @@ -33,16 +33,15 @@ /* * Principal Author: Brian Wellington - * $Id: dst_api.c,v 1.14 2020/02/25 17:06:08 deraadt Exp $ + * $Id: dst_api.c,v 1.15 2020/02/25 18:10:17 florian Exp $ */ /*! \file */ #include <stdlib.h> +#include <string.h> #include <isc/buffer.h> #include <isc/refcount.h> -#include <isc/safe.h> -#include <string.h> #include <isc/util.h> #include <dns/keyvalues.h> diff --git a/usr.bin/dig/lib/dns/hmac_link.c b/usr.bin/dig/lib/dns/hmac_link.c index 76ef776957a..56c886b9e2f 100644 --- a/usr.bin/dig/lib/dns/hmac_link.c +++ b/usr.bin/dig/lib/dns/hmac_link.c @@ -33,7 +33,7 @@ /* * Principal Author: Brian Wellington - * $Id: hmac_link.c,v 1.8 2020/02/25 17:06:08 deraadt Exp $ + * $Id: hmac_link.c,v 1.9 2020/02/25 18:10:17 florian Exp $ */ #include <string.h> @@ -41,7 +41,6 @@ #include <isc/buffer.h> #include <isc/hmacsha.h> #include <isc/sha1.h> -#include <isc/safe.h> #include <isc/util.h> #include <dst/result.h> diff --git a/usr.bin/dig/lib/isc/Makefile.inc b/usr.bin/dig/lib/isc/Makefile.inc index f2c78e7ce26..41240e1a80d 100644 --- a/usr.bin/dig/lib/isc/Makefile.inc +++ b/usr.bin/dig/lib/isc/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.5 2020/02/24 15:09:14 jsg Exp $ +# $OpenBSD: Makefile.inc,v 1.6 2020/02/25 18:10:17 florian Exp $ .PATH: ${.CURDIR}/lib/isc @@ -6,6 +6,6 @@ SRCS+= assertions.c base32.c base64.c netaddr.c buffer.c bufferlist.c SRCS+= error.c event.c hash.c heap.c hex.c hmacsha.c SRCS+= lex.c log.c regex.c sockaddr.c SRCS+= task.c result.c parseint.c refcount.c timer.c -SRCS+= safe.c serial.c sha1.c sha2.c symtab.c +SRCS+= serial.c sha1.c sha2.c symtab.c diff --git a/usr.bin/dig/lib/isc/hmacsha.c b/usr.bin/dig/lib/isc/hmacsha.c index 2548675b7e6..0229c4d2278 100644 --- a/usr.bin/dig/lib/isc/hmacsha.c +++ b/usr.bin/dig/lib/isc/hmacsha.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: hmacsha.c,v 1.5 2020/02/25 16:54:24 deraadt Exp $ */ +/* $Id: hmacsha.c,v 1.6 2020/02/25 18:10:17 florian Exp $ */ /* * This code implements the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384 @@ -22,12 +22,11 @@ * draft-ietf-dnsext-tsig-sha-01.txt. */ -#include <isc/hmacsha.h> +#include <string.h> -#include <isc/safe.h> +#include <isc/hmacsha.h> #include <isc/sha1.h> #include <isc/sha2.h> -#include <string.h> #include <isc/util.h> void @@ -230,7 +229,7 @@ isc_hmacsha1_verify(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) { REQUIRE(len <= ISC_SHA1_DIGESTLENGTH); isc_hmacsha1_sign(ctx, newdigest, ISC_SHA1_DIGESTLENGTH); - return (isc_safe_memequal(digest, newdigest, len)); + return (ISC_TF(timingsafe_bcmp(digest, newdigest, len) == 0)); } /* @@ -243,7 +242,7 @@ isc_hmacsha224_verify(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) REQUIRE(len <= ISC_SHA224_DIGESTLENGTH); isc_hmacsha224_sign(ctx, newdigest, ISC_SHA224_DIGESTLENGTH); - return (isc_safe_memequal(digest, newdigest, len)); + return (ISC_TF(timingsafe_bcmp(digest, newdigest, len) == 0)); } /* @@ -256,7 +255,7 @@ isc_hmacsha256_verify(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) REQUIRE(len <= ISC_SHA256_DIGESTLENGTH); isc_hmacsha256_sign(ctx, newdigest, ISC_SHA256_DIGESTLENGTH); - return (isc_safe_memequal(digest, newdigest, len)); + return (ISC_TF(timingsafe_bcmp(digest, newdigest, len) == 0)); } /* @@ -269,7 +268,7 @@ isc_hmacsha384_verify(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) REQUIRE(len <= ISC_SHA384_DIGESTLENGTH); isc_hmacsha384_sign(ctx, newdigest, ISC_SHA384_DIGESTLENGTH); - return (isc_safe_memequal(digest, newdigest, len)); + return (ISC_TF(timingsafe_bcmp(digest, newdigest, len) == 0)); } /* @@ -282,5 +281,5 @@ isc_hmacsha512_verify(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) REQUIRE(len <= ISC_SHA512_DIGESTLENGTH); isc_hmacsha512_sign(ctx, newdigest, ISC_SHA512_DIGESTLENGTH); - return (isc_safe_memequal(digest, newdigest, len)); + return (ISC_TF(timingsafe_bcmp(digest, newdigest, len) == 0)); } diff --git a/usr.bin/dig/lib/isc/include/isc/safe.h b/usr.bin/dig/lib/isc/include/isc/safe.h deleted file mode 100644 index 516036d22d3..00000000000 --- a/usr.bin/dig/lib/isc/include/isc/safe.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: safe.h,v 1.4 2020/02/25 16:54:24 deraadt Exp $ */ - -#ifndef ISC_SAFE_H -#define ISC_SAFE_H 1 - -/*! \file isc/safe.h */ - -#include <isc/types.h> -#include <stdlib.h> - -isc_boolean_t -isc_safe_memequal(const void *s1, const void *s2, size_t n); -/*%< - * Returns ISC_TRUE iff. two blocks of memory are equal, otherwise - * ISC_FALSE. - * - */ - -#endif /* ISC_SAFE_H */ diff --git a/usr.bin/dig/lib/isc/safe.c b/usr.bin/dig/lib/isc/safe.c deleted file mode 100644 index 496d1fa496d..00000000000 --- a/usr.bin/dig/lib/isc/safe.c +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/*! \file */ - -#include <string.h> - -#include <isc/safe.h> - -isc_boolean_t -isc_safe_memequal(const void *s1, const void *s2, size_t n) { - uint8_t acc = 0; - - if (n != 0U) { - const uint8_t *p1 = s1, *p2 = s2; - - do { - acc |= *p1++ ^ *p2++; - } while (--n != 0U); - } - return (ISC_TF(acc == 0)); -} |