From f3cdfb4ce2276706248abf4f65d96a6ecc75e220 Mon Sep 17 00:00:00 2001 From: Ted Unangst Date: Thu, 19 Jun 2014 21:29:52 +0000 Subject: convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod --- lib/libssl/d1_pkt.c | 4 ++-- lib/libssl/s3_both.c | 4 ++-- lib/libssl/s3_clnt.c | 6 +++--- lib/libssl/s3_pkt.c | 4 ++-- lib/libssl/s3_srvr.c | 4 ++-- lib/libssl/ssl_lib.c | 4 ++-- lib/libssl/ssl_sess.c | 4 ++-- lib/libssl/t1_lib.c | 6 +++--- lib/libssl/t1_reneg.c | 8 ++++---- 9 files changed, 22 insertions(+), 22 deletions(-) (limited to 'lib') diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c index aa2185d2ed3..d75f56beb63 100644 --- a/lib/libssl/d1_pkt.c +++ b/lib/libssl/d1_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_pkt.c,v 1.29 2014/06/15 15:29:25 jsing Exp $ */ +/* $OpenBSD: d1_pkt.c,v 1.30 2014/06/19 21:29:51 tedu Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -414,7 +414,7 @@ dtls1_process_record(SSL *s) } i = s->method->ssl3_enc->mac(s, md, 0 /* not send */); - if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) + if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) enc_err = -1; if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) enc_err = -1; diff --git a/lib/libssl/s3_both.c b/lib/libssl/s3_both.c index 4f40adbb1a5..2da6b527e11 100644 --- a/lib/libssl/s3_both.c +++ b/lib/libssl/s3_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_both.c,v 1.24 2014/06/12 15:49:31 deraadt Exp $ */ +/* $OpenBSD: s3_both.c,v 1.25 2014/06/19 21:29:51 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -256,7 +256,7 @@ ssl3_get_finished(SSL *s, int a, int b) goto f_err; } - if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) { + if (timingsafe_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) { al = SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED); goto f_err; diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index d8036c40618..7257ba566d3 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.70 2014/06/12 15:49:31 deraadt Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.71 2014/06/19 21:29:51 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -883,9 +883,9 @@ ssl3_get_server_hello(SSL *s) } if (j != 0 && j == s->session->session_id_length && - CRYPTO_memcmp(p, s->session->session_id, j) == 0) { + timingsafe_memcmp(p, s->session->session_id, j) == 0) { if (s->sid_ctx_length != s->session->sid_ctx_length || - CRYPTO_memcmp(s->session->sid_ctx, + timingsafe_memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) { /* actually a client application bug */ al = SSL_AD_ILLEGAL_PARAMETER; diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c index f5d8bedbea1..a508d5ee495 100644 --- a/lib/libssl/s3_pkt.c +++ b/lib/libssl/s3_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_pkt.c,v 1.47 2014/06/13 10:52:24 jsing Exp $ */ +/* $OpenBSD: s3_pkt.c,v 1.48 2014/06/19 21:29:51 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -447,7 +447,7 @@ again: i = s->method->ssl3_enc->mac(s,md,0 /* not send */); if (i < 0 || mac == NULL || - CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) + timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) enc_err = -1; if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size) diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index cab034d18f5..161534295fa 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.65 2014/06/18 04:51:31 miod Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.66 2014/06/19 21:29:51 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1024,7 +1024,7 @@ ssl3_get_client_hello(SSL *s) goto f_err; } /* else cookie verification succeeded */ - } else if (CRYPTO_memcmp(s->d1->rcvd_cookie, s->d1->cookie, + } else if (timingsafe_memcmp(s->d1->rcvd_cookie, s->d1->cookie, s->d1->cookie_len) != 0) { /* default verification */ al = SSL_AD_HANDSHAKE_FAILURE; diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 04c33930532..f867daab0ec 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.68 2014/06/17 01:41:01 tedu Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.69 2014/06/19 21:29:51 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1678,7 +1678,7 @@ ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) return (1); if (a->session_id_length != b->session_id_length) return (1); - if (CRYPTO_memcmp(a->session_id, b->session_id, a->session_id_length) != 0) + if (timingsafe_memcmp(a->session_id, b->session_id, a->session_id_length) != 0) return (1); return (0); } diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c index 273a7d68171..9046dce7f88 100644 --- a/lib/libssl/ssl_sess.c +++ b/lib/libssl/ssl_sess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sess.c,v 1.32 2014/06/12 15:49:31 deraadt Exp $ */ +/* $OpenBSD: ssl_sess.c,v 1.33 2014/06/19 21:29:51 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -498,7 +498,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, /* Now ret is non-NULL and we own one of its reference counts. */ if (ret->sid_ctx_length != s->sid_ctx_length - || CRYPTO_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) { + || timingsafe_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) { /* We have the session requested by the client, but we don't * want to use it in this context. */ goto err; /* treat like cache miss */ diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index 054de0ceef1..7b3393820bc 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.47 2014/06/18 04:49:40 miod Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.48 2014/06/19 21:29:51 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1879,7 +1879,7 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, renew_ticket = 1; } else { /* Check key name matches */ - if (CRYPTO_memcmp(etick, tctx->tlsext_tick_key_name, 16)) + if (timingsafe_memcmp(etick, tctx->tlsext_tick_key_name, 16)) return 2; HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, tlsext_tick_md(), NULL); @@ -1899,7 +1899,7 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, HMAC_Update(&hctx, etick, eticklen); HMAC_Final(&hctx, tick_hmac, NULL); HMAC_CTX_cleanup(&hctx); - if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) { + if (timingsafe_memcmp(tick_hmac, etick + eticklen, mlen)) { EVP_CIPHER_CTX_cleanup(&ctx); return 2; } diff --git a/lib/libssl/t1_reneg.c b/lib/libssl/t1_reneg.c index 43ad73a5986..483d311e9cc 100644 --- a/lib/libssl/t1_reneg.c +++ b/lib/libssl/t1_reneg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_reneg.c,v 1.6 2014/06/12 15:49:31 deraadt Exp $ */ +/* $OpenBSD: t1_reneg.c,v 1.7 2014/06/19 21:29:51 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -172,7 +172,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, return 0; } - if (CRYPTO_memcmp(d, s->s3->previous_client_finished, + if (timingsafe_memcmp(d, s->s3->previous_client_finished, s->s3->previous_client_finished_len)) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); @@ -259,7 +259,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, return 0; } - if (CRYPTO_memcmp(d, s->s3->previous_client_finished, + if (timingsafe_memcmp(d, s->s3->previous_client_finished, s->s3->previous_client_finished_len)) { SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); @@ -268,7 +268,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, } d += s->s3->previous_client_finished_len; - if (CRYPTO_memcmp(d, s->s3->previous_server_finished, + if (timingsafe_memcmp(d, s->s3->previous_server_finished, s->s3->previous_server_finished_len)) { SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); -- cgit v1.2.3