From: Robert Ransom <rransom.8774@gmail.com>
Date: Sat, 15 Sep 2012 09:47:14 +0000 (-0700)
Subject: Make crypto_pk_cmp_keys do something sane for NULL keys
X-Git-Tag: tor-0.2.4.3-alpha~23
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f3916a685594a6e0e4f4a215a57f5aea34c8570c;p=thirdparty%2Ftor.git

Make crypto_pk_cmp_keys do something sane for NULL keys

Fixes bug 4283; bugfix on r76
(Git commit 01aadefbfc7dbd99ddaff922b897996b768cf2f9).
---

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 7768cc37b1..5b5fb755b2 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -748,19 +748,23 @@ crypto_pk_public_exponent_ok(crypto_pk_t *env)
   return BN_is_word(env->key->e, 65537);
 }
 
-/** Compare the public-key components of a and b.  Return -1 if a\<b, 0
- * if a==b, and 1 if a\>b.
+/** Compare the public-key components of a and b.  Return -1 if a\<b,
+ * 0 if a==b, and 1 if a\>b.  A NULL key is considered to be less than
+ * all non-NULL keys, and equal to itself.
+ *
+ * Note that this may leak information about the keys through timing.
  */
 int
 crypto_pk_cmp_keys(crypto_pk_t *a, crypto_pk_t *b)
 {
   int result;
+  char a_is_non_null = (a != NULL) && (a->key != NULL);
+  char b_is_non_null = (b != NULL) && (b->key != NULL);
+  char an_argument_is_null = !a_is_non_null | !b_is_non_null;
 
-  if (!a || !b)
-    return -1;
-
-  if (!a->key || !b->key)
-    return -1;
+  result = tor_memcmp(&a_is_non_null, &b_is_non_null, sizeof(a_is_non_null));
+  if (an_argument_is_null)
+    return result;
 
   tor_assert(PUBLIC_KEY_OK(a));
   tor_assert(PUBLIC_KEY_OK(b));