From: Ondřej Surý Date: Fri, 20 Jul 2018 14:06:14 +0000 (-0400) Subject: Remove isc_safe_memcompare, it's not needed anywhere and can't be replaced with CRYPT... X-Git-Tag: v9.13.3~96^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b105ccee68ccc3c18e6ea530063b3c8e5a42571c;p=thirdparty%2Fbind9.git Remove isc_safe_memcompare, it's not needed anywhere and can't be replaced with CRYPTO_memcmp() --- diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c index 05993430eec..7887147b6dd 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c @@ -789,7 +789,7 @@ hashlist_add_dns_name(hashlist_t *l, /*const*/ dns_name_t *name, static int hashlist_comp(const void *a, const void *b) { - return (isc_safe_memcompare(a, b, hash_length + 1)); + return (memcmp(a, b, hash_length + 1)); } static void diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c index 2e90bf5f7c6..473933c3343 100644 --- a/lib/dns/nsec3.c +++ b/lib/dns/nsec3.c @@ -1955,7 +1955,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, const dns_name_t *name, * Work out what this NSEC3 covers. * Inside (<0) or outside (>=0). */ - scope = isc_safe_memcompare(owner, nsec3.next, nsec3.next_length); + scope = memcmp(owner, nsec3.next, nsec3.next_length); /* * Prepare to compute all the hashes. @@ -1979,7 +1979,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, const dns_name_t *name, return (ISC_R_IGNORE); } - order = isc_safe_memcompare(hash, owner, length); + order = memcmp(hash, owner, length); if (first && order == 0) { /* * The hashes are the same. diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c index 227fab54cd4..64d576b9d90 100644 --- a/lib/dns/spnego.c +++ b/lib/dns/spnego.c @@ -368,7 +368,7 @@ gssapi_spnego_decapsulate(OM_uint32 *, /* mod_auth_kerb.c */ -static int +static isc_boolean_t cmp_gss_type(gss_buffer_t token, gss_OID gssoid) { unsigned char *p; @@ -392,7 +392,7 @@ cmp_gss_type(gss_buffer_t token, gss_OID gssoid) if (((OM_uint32) *p++) != gssoid->length) return (GSS_S_DEFECTIVE_TOKEN); - return (isc_safe_memcompare(p, gssoid->elements, gssoid->length)); + return (!isc_safe_memequal(p, gssoid->elements, gssoid->length)); } /* accept_sec_context.c */ diff --git a/lib/isc/include/isc/safe.h b/lib/isc/include/isc/safe.h index cba570fdf53..b8a0b2290c3 100644 --- a/lib/isc/include/isc/safe.h +++ b/lib/isc/include/isc/safe.h @@ -29,11 +29,6 @@ ISC_LANG_BEGINDECLS * */ -#define isc_safe_memcompare(b1, b2, n) CRYPTO_memcmp(b1, b2, n) -/*%< - * Clone of libc memcmp() which is safe to differential timing attacks. - */ - #define isc_safe_memwipe(ptr, len) OPENSSL_cleanse(ptr, len) /*%< * Clear the memory of length `len` pointed to by `ptr`. diff --git a/lib/isc/tests/safe_test.c b/lib/isc/tests/safe_test.c index f721cd10966..5204c80e1a4 100644 --- a/lib/isc/tests/safe_test.c +++ b/lib/isc/tests/safe_test.c @@ -39,24 +39,6 @@ ATF_TC_BODY(isc_safe_memequal, tc) { "\x00\x00\x00\x00", 4)); } -ATF_TC(isc_safe_memcompare); -ATF_TC_HEAD(isc_safe_memcompare, tc) { - atf_tc_set_md_var(tc, "descr", "safe memcompare()"); -} -ATF_TC_BODY(isc_safe_memcompare, tc) { - UNUSED(tc); - - ATF_CHECK(isc_safe_memcompare("test", "test", 4) == 0); - ATF_CHECK(isc_safe_memcompare("test", "tesc", 4) > 0); - ATF_CHECK(isc_safe_memcompare("test", "tesy", 4) < 0); - ATF_CHECK(isc_safe_memcompare("\x00\x00\x00\x00", - "\x00\x00\x00\x00", 4) == 0); - ATF_CHECK(isc_safe_memcompare("\x00\x00\x00\x00", - "\x00\x00\x00\x01", 4) < 0); - ATF_CHECK(isc_safe_memcompare("\x00\x00\x00\x02", - "\x00\x00\x00\x00", 4) > 0); -} - ATF_TC(isc_safe_memwipe); ATF_TC_HEAD(isc_safe_memwipe, tc) { atf_tc_set_md_var(tc, "descr", "isc_safe_memwipe()"); @@ -106,7 +88,6 @@ ATF_TC_BODY(isc_safe_memwipe, tc) { */ ATF_TP_ADD_TCS(tp) { ATF_TP_ADD_TC(tp, isc_safe_memequal); - ATF_TP_ADD_TC(tp, isc_safe_memcompare); ATF_TP_ADD_TC(tp, isc_safe_memwipe); return (atf_no_error()); }