[Pkg-privacy-commits] [libotr] 128/225: Use a constant-time memory comparison for safety.

Ximin Luo infinity0 at moszumanska.debian.org
Sat Aug 22 12:45:10 UTC 2015


This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch master
in repository libotr.

commit 3172d79b3f60513aeb10a22450cb1ca2cf145016
Author: Ian Goldberg <iang at cs.uwaterloo.ca>
Date:   Sat Feb 15 08:33:34 2014 -0500

    Use a constant-time memory comparison for safety.
    
    Thanks to jvoisin <julien.voisin at dustri.org> for the suggestion.
---
 ChangeLog   |  8 ++++++++
 src/auth.c  |  9 ++++++---
 src/mem.c   | 16 ++++++++++++++++
 src/mem.h   |  8 ++++++++
 src/proto.c |  3 ++-
 5 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 138faaf..ad1c9ef 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2014-02-15
+
+	* src/proto.c:
+	* src/auth.c:
+	* src/mem.c:
+	* src/mem.h: Use a constant-time memory comparison for safety.
+	Thanks to jvoisin <julien.voisin at dustri.org> for the suggestion.
+
 2013-10-13
 
 	* src/proto.c: Return 0 instead of crashing from
diff --git a/src/auth.c b/src/auth.c
index 74f16c3..c85fc07 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -30,6 +30,7 @@
 #include "serial.h"
 #include "proto.h"
 #include "context.h"
+#include "mem.h"
 
 #if OTRL_DEBUGGING
 #include <stdio.h>
@@ -976,7 +977,9 @@ gcry_error_t otrl_auth_handle_revealsig(OtrlAuthInfo *auth,
 	    /* Check the hash */
 	    gcry_md_hash_buffer(GCRY_MD_SHA256, hashbuf, gxbuf,
 		    auth->encgx_len);
-	    if (memcmp(hashbuf, auth->hashgx, 32)) goto decfail;
+	    /* This isn't comparing secret data, but may as well use the
+	     * constant-time version. */
+	    if (otrl_mem_differ(hashbuf, auth->hashgx, 32)) goto decfail;
 
 	    /* Extract g^x */
 	    bufp = gxbuf;
@@ -1005,7 +1008,7 @@ gcry_error_t otrl_auth_handle_revealsig(OtrlAuthInfo *auth,
 	    gcry_md_reset(auth->mac_m2);
 	    gcry_md_write(auth->mac_m2, authstart, authend - authstart);
 
-	    if (memcmp(macstart,
+	    if (otrl_mem_differ(macstart,
 			gcry_md_read(auth->mac_m2, GCRY_MD_SHA256),
 			20)) goto invval;
 
@@ -1121,7 +1124,7 @@ gcry_error_t otrl_auth_handle_signature(OtrlAuthInfo *auth,
 	    /* Check the MAC */
 	    gcry_md_reset(auth->mac_m2p);
 	    gcry_md_write(auth->mac_m2p, authstart, authend - authstart);
-	    if (memcmp(macstart,
+	    if (otrl_mem_differ(macstart,
 			gcry_md_read(auth->mac_m2p, GCRY_MD_SHA256),
 			20)) goto invval;
 
diff --git a/src/mem.c b/src/mem.c
index f01a8fa..f703606 100644
--- a/src/mem.c
+++ b/src/mem.c
@@ -162,3 +162,19 @@ void otrl_mem_init(void)
 	    otrl_mem_free
 	);
 }
+
+/* Compare two memory blocks in time dependent on the length of the
+ * blocks, but not their contents.  Returns 1 if they differ, 0 if they
+ * are the same. */
+int otrl_mem_differ(const unsigned char *buf1, const unsigned char *buf2,
+    size_t len)
+{
+    unsigned char diff = 0;
+    while (len) {
+	diff |= ((*buf1) ^ (*buf2));
+	++buf1;
+	++buf2;
+	--len;
+    }
+    return (diff != 0);
+}
diff --git a/src/mem.h b/src/mem.h
index b2769c5..0601200 100644
--- a/src/mem.h
+++ b/src/mem.h
@@ -21,6 +21,14 @@
 #ifndef __MEM_H__
 #define __MEM_H__
 
+#include <stdlib.h>
+
 void otrl_mem_init(void);
 
+/* Compare two memory blocks in time dependent on the length of the
+ * blocks, but not their contents.  Returns 1 if they differ, 0 if they
+ * are the same. */
+int otrl_mem_differ(const unsigned char *buf1, const unsigned char *buf2,
+    size_t len);
+
 #endif
diff --git a/src/proto.c b/src/proto.c
index c2dd24a..4512e91 100644
--- a/src/proto.c
+++ b/src/proto.c
@@ -826,7 +826,8 @@ gcry_error_t otrl_proto_accept_data(char **plaintextp, OtrlTLV **tlvsp,
 
     gcry_md_reset(sess->rcvmac);
     gcry_md_write(sess->rcvmac, macstart, macend-macstart);
-    if (memcmp(givenmac, gcry_md_read(sess->rcvmac, GCRY_MD_SHA1), 20)) {
+    if (otrl_mem_differ(givenmac, gcry_md_read(sess->rcvmac, GCRY_MD_SHA1),
+	    20)) {
 	/* The MACs didn't match! */
 	goto conflict;
     }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/libotr.git



More information about the Pkg-privacy-commits mailing list