Remove isc_safe_memcompare, it's not needed anywhere and can't be replaced with CRYPT...

author Ondřej Surý <ondrej@sury.org>

Fri, 20 Jul 2018 14:06:14 +0000 (10:06 -0400)

committer Ondřej Surý <ondrej@sury.org>

Fri, 20 Jul 2018 14:06:14 +0000 (10:06 -0400)
author Ondřej Surý <ondrej@sury.org>
Fri, 20 Jul 2018 14:06:14 +0000 (10:06 -0400)
committer Ondřej Surý <ondrej@sury.org>
Fri, 20 Jul 2018 14:06:14 +0000 (10:06 -0400)
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c

index 05993430eec084e0fe31fe2916d7a66c35570ad5..7887147b6dd5f3abe95c585aea78e85cfe676662 100644 (file)
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -789,7 +789,7 @@ hashlist_add_dns_name(hashlist_t *l, /*const*/ dns_name_t *name,
  
  static int
  hashlist_comp(const void *a, const void *b) {
-       return (isc_safe_memcompare(a, b, hash_length + 1));
+       return (memcmp(a, b, hash_length + 1));
  }
  
  static void
diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c

index 2e90bf5f7c6039fdeb11f39ba4294d37e4523aea..473933c33433ea86eb7b2d8351235972d9046700 100644 (file)
--- a/lib/dns/nsec3.c
+++ b/lib/dns/nsec3.c
@@ -1955,7 +1955,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, const dns_name_t *name,
          * Work out what this NSEC3 covers.
          * Inside (<0) or outside (>=0).
          */
-       scope = isc_safe_memcompare(owner, nsec3.next, nsec3.next_length);
+       scope = memcmp(owner, nsec3.next, nsec3.next_length);
  
         /*
          * Prepare to compute all the hashes.
@@ -1979,7 +1979,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, const dns_name_t *name,
                         return (ISC_R_IGNORE);
                 }
  
-               order = isc_safe_memcompare(hash, owner, length);
+               order = memcmp(hash, owner, length);
                 if (first && order == 0) {
                         /*
                          * The hashes are the same.
diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c

index 227fab54cd472f04ce7da921800bfb7123d25b3e..64d576b9d90686c41ee9289bc4cdd9c369a8b26c 100644 (file)
--- a/lib/dns/spnego.c
+++ b/lib/dns/spnego.c
@@ -368,7 +368,7 @@ gssapi_spnego_decapsulate(OM_uint32 *,
  
  /* mod_auth_kerb.c */
  
-static int
+static isc_boolean_t
  cmp_gss_type(gss_buffer_t token, gss_OID gssoid)
  {
         unsigned char *p;
@@ -392,7 +392,7 @@ cmp_gss_type(gss_buffer_t token, gss_OID gssoid)
         if (((OM_uint32) *p++) != gssoid->length)
                 return (GSS_S_DEFECTIVE_TOKEN);
  
-       return (isc_safe_memcompare(p, gssoid->elements, gssoid->length));
+       return (!isc_safe_memequal(p, gssoid->elements, gssoid->length));
  }
  
  /* accept_sec_context.c */
diff --git a/lib/isc/include/isc/safe.h b/lib/isc/include/isc/safe.h

index cba570fdf53d57985d9cf405a2c707431ef438f3..b8a0b2290c38642840710adf15ce5a9cb47932bb 100644 (file)
--- a/lib/isc/include/isc/safe.h
+++ b/lib/isc/include/isc/safe.h
@@ -29,11 +29,6 @@ ISC_LANG_BEGINDECLS
   *
   */
  
-#define isc_safe_memcompare(b1, b2, n) CRYPTO_memcmp(b1, b2, n)
-/*%<
- * Clone of libc memcmp() which is safe to differential timing attacks.
- */
-
  #define isc_safe_memwipe(ptr, len) OPENSSL_cleanse(ptr, len)
  /*%<
   * Clear the memory of length `len` pointed to by `ptr`.
diff --git a/lib/isc/tests/safe_test.c b/lib/isc/tests/safe_test.c

index f721cd10966f34666d8dbfea45cf739c8c2015fe..5204c80e1a4993b7fd6ac2eafdbcbc71c676eeb5 100644 (file)
--- a/lib/isc/tests/safe_test.c
+++ b/lib/isc/tests/safe_test.c
@@ -39,24 +39,6 @@ ATF_TC_BODY(isc_safe_memequal, tc) {
                                      "\x00\x00\x00\x00", 4));
  }
  
-ATF_TC(isc_safe_memcompare);
-ATF_TC_HEAD(isc_safe_memcompare, tc) {
-       atf_tc_set_md_var(tc, "descr", "safe memcompare()");
-}
-ATF_TC_BODY(isc_safe_memcompare, tc) {
-       UNUSED(tc);
-
-       ATF_CHECK(isc_safe_memcompare("test", "test", 4) == 0);
-       ATF_CHECK(isc_safe_memcompare("test", "tesc", 4) > 0);
-       ATF_CHECK(isc_safe_memcompare("test", "tesy", 4) < 0);
-       ATF_CHECK(isc_safe_memcompare("\x00\x00\x00\x00",
-                                     "\x00\x00\x00\x00", 4) == 0);
-       ATF_CHECK(isc_safe_memcompare("\x00\x00\x00\x00",
-                                     "\x00\x00\x00\x01", 4) < 0);
-       ATF_CHECK(isc_safe_memcompare("\x00\x00\x00\x02",
-                                     "\x00\x00\x00\x00", 4) > 0);
-}
-
  ATF_TC(isc_safe_memwipe);
  ATF_TC_HEAD(isc_safe_memwipe, tc) {
         atf_tc_set_md_var(tc, "descr", "isc_safe_memwipe()");
@@ -106,7 +88,6 @@ ATF_TC_BODY(isc_safe_memwipe, tc) {
   */
  ATF_TP_ADD_TCS(tp) {
         ATF_TP_ADD_TC(tp, isc_safe_memequal);
-       ATF_TP_ADD_TC(tp, isc_safe_memcompare);
         ATF_TP_ADD_TC(tp, isc_safe_memwipe);
         return (atf_no_error());
  }
author	Ondřej Surý <ondrej@sury.org>
	Fri, 20 Jul 2018 14:06:14 +0000 (10:06 -0400)
committer	Ondřej Surý <ondrej@sury.org>
	Fri, 20 Jul 2018 14:06:14 +0000 (10:06 -0400)
bin/dnssec/dnssec-signzone.c		patch \| blob \| blame \| history
lib/dns/nsec3.c		patch \| blob \| blame \| history
lib/dns/spnego.c		patch \| blob \| blame \| history
lib/isc/include/isc/safe.h		patch \| blob \| blame \| history
lib/isc/tests/safe_test.c		patch \| blob \| blame \| history