[Pkg-privacy-commits] [libotr] 128/225: Use a constant-time memory comparison for safety.
Ximin Luo
infinity0 at moszumanska.debian.org
Sat Aug 22 12:45:10 UTC 2015
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch master
in repository libotr.
commit 3172d79b3f60513aeb10a22450cb1ca2cf145016
Author: Ian Goldberg <iang at cs.uwaterloo.ca>
Date: Sat Feb 15 08:33:34 2014 -0500
Use a constant-time memory comparison for safety.
Thanks to jvoisin <julien.voisin at dustri.org> for the suggestion.
---
ChangeLog | 8 ++++++++
src/auth.c | 9 ++++++---
src/mem.c | 16 ++++++++++++++++
src/mem.h | 8 ++++++++
src/proto.c | 3 ++-
5 files changed, 40 insertions(+), 4 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 138faaf..ad1c9ef 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2014-02-15
+
+ * src/proto.c:
+ * src/auth.c:
+ * src/mem.c:
+ * src/mem.h: Use a constant-time memory comparison for safety.
+ Thanks to jvoisin <julien.voisin at dustri.org> for the suggestion.
+
2013-10-13
* src/proto.c: Return 0 instead of crashing from
diff --git a/src/auth.c b/src/auth.c
index 74f16c3..c85fc07 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -30,6 +30,7 @@
#include "serial.h"
#include "proto.h"
#include "context.h"
+#include "mem.h"
#if OTRL_DEBUGGING
#include <stdio.h>
@@ -976,7 +977,9 @@ gcry_error_t otrl_auth_handle_revealsig(OtrlAuthInfo *auth,
/* Check the hash */
gcry_md_hash_buffer(GCRY_MD_SHA256, hashbuf, gxbuf,
auth->encgx_len);
- if (memcmp(hashbuf, auth->hashgx, 32)) goto decfail;
+ /* This isn't comparing secret data, but may as well use the
+ * constant-time version. */
+ if (otrl_mem_differ(hashbuf, auth->hashgx, 32)) goto decfail;
/* Extract g^x */
bufp = gxbuf;
@@ -1005,7 +1008,7 @@ gcry_error_t otrl_auth_handle_revealsig(OtrlAuthInfo *auth,
gcry_md_reset(auth->mac_m2);
gcry_md_write(auth->mac_m2, authstart, authend - authstart);
- if (memcmp(macstart,
+ if (otrl_mem_differ(macstart,
gcry_md_read(auth->mac_m2, GCRY_MD_SHA256),
20)) goto invval;
@@ -1121,7 +1124,7 @@ gcry_error_t otrl_auth_handle_signature(OtrlAuthInfo *auth,
/* Check the MAC */
gcry_md_reset(auth->mac_m2p);
gcry_md_write(auth->mac_m2p, authstart, authend - authstart);
- if (memcmp(macstart,
+ if (otrl_mem_differ(macstart,
gcry_md_read(auth->mac_m2p, GCRY_MD_SHA256),
20)) goto invval;
diff --git a/src/mem.c b/src/mem.c
index f01a8fa..f703606 100644
--- a/src/mem.c
+++ b/src/mem.c
@@ -162,3 +162,19 @@ void otrl_mem_init(void)
otrl_mem_free
);
}
+
+/* Compare two memory blocks in time dependent on the length of the
+ * blocks, but not their contents. Returns 1 if they differ, 0 if they
+ * are the same. */
+int otrl_mem_differ(const unsigned char *buf1, const unsigned char *buf2,
+ size_t len)
+{
+ unsigned char diff = 0;
+ while (len) {
+ diff |= ((*buf1) ^ (*buf2));
+ ++buf1;
+ ++buf2;
+ --len;
+ }
+ return (diff != 0);
+}
diff --git a/src/mem.h b/src/mem.h
index b2769c5..0601200 100644
--- a/src/mem.h
+++ b/src/mem.h
@@ -21,6 +21,14 @@
#ifndef __MEM_H__
#define __MEM_H__
+#include <stdlib.h>
+
void otrl_mem_init(void);
+/* Compare two memory blocks in time dependent on the length of the
+ * blocks, but not their contents. Returns 1 if they differ, 0 if they
+ * are the same. */
+int otrl_mem_differ(const unsigned char *buf1, const unsigned char *buf2,
+ size_t len);
+
#endif
diff --git a/src/proto.c b/src/proto.c
index c2dd24a..4512e91 100644
--- a/src/proto.c
+++ b/src/proto.c
@@ -826,7 +826,8 @@ gcry_error_t otrl_proto_accept_data(char **plaintextp, OtrlTLV **tlvsp,
gcry_md_reset(sess->rcvmac);
gcry_md_write(sess->rcvmac, macstart, macend-macstart);
- if (memcmp(givenmac, gcry_md_read(sess->rcvmac, GCRY_MD_SHA1), 20)) {
+ if (otrl_mem_differ(givenmac, gcry_md_read(sess->rcvmac, GCRY_MD_SHA1),
+ 20)) {
/* The MACs didn't match! */
goto conflict;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/libotr.git
More information about the Pkg-privacy-commits
mailing list