+4183. [cleanup] Use timing-safe memory comparisons in cryptographic
+ code. Also, the timing-safe comparison functions have
+ been renamed to avoid possible confusion with
+ memcmp(). [RT #40148]
+
4182. [cleanup] Use mnemonics for RR class and type comparisons.
[RT #40297]
#include <isc/print.h>
#include <isc/random.h>
#include <isc/result.h>
+#include <isc/safe.h>
#include <isc/serial.h>
#include <isc/string.h>
#include <isc/task.h>
#include <isc/random.h>
#include <isc/rwlock.h>
#include <isc/serial.h>
+#include <isc/safe.h>
#include <isc/stdio.h>
#include <isc/stdlib.h>
#include <isc/string.h>
static int
hashlist_comp(const void *a, const void *b) {
- return (memcmp(a, b, hash_length + 1));
+ return (isc_safe_memcompare(a, b, hash_length + 1));
}
static void
next += l->length;
if (next[l->length-1] != 0)
continue;
- if (memcmp(current, next, l->length - 1) == 0)
+ if (isc_safe_memequal(current, next, l->length - 1))
return (ISC_TRUE);
current = next;
}
if (exists && nsec3.hash == hashalg &&
nsec3.iterations == iterations &&
nsec3.salt_length == salt_len &&
- !memcmp(nsec3.salt, salt, salt_len))
+ isc_safe_memequal(nsec3.salt, salt, salt_len))
continue;
dns_rdatalist_init(&rdatalist);
rdatalist.rdclass = rdata.rdclass;
if (!update && set_salt) {
if (salt_length != orig_saltlen ||
- memcmp(saltbuf, orig_salt, salt_length) != 0)
+ !isc_safe_memequal(saltbuf, orig_salt, salt_length))
fatal("An NSEC3 chain exists with a different salt. "
"Use -u to update it.");
} else if (!set_salt) {
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: client.c,v 1.14 2011/03/12 04:59:47 tbox Exp $ */
-
#include <config.h>
#include <stddef.h>
#include <isc/app.h>
#include <isc/mem.h>
#include <isc/mutex.h>
+#include <isc/safe.h>
#include <isc/sockaddr.h>
#include <isc/socket.h>
#include <isc/task.h>
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_MD5_BLOCK_LENGTH))
+ if (isc_safe_memequal(hkey1->key, hkey2->key, ISC_MD5_BLOCK_LENGTH))
return (ISC_TRUE);
else
return (ISC_FALSE);
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH))
+ if (isc_safe_memequal(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH))
return (ISC_TRUE);
else
return (ISC_FALSE);
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA224_BLOCK_LENGTH))
+ if (isc_safe_memequal(hkey1->key, hkey2->key, ISC_SHA224_BLOCK_LENGTH))
return (ISC_TRUE);
else
return (ISC_FALSE);
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA256_BLOCK_LENGTH))
+ if (isc_safe_memequal(hkey1->key, hkey2->key, ISC_SHA256_BLOCK_LENGTH))
return (ISC_TRUE);
else
return (ISC_FALSE);
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA384_BLOCK_LENGTH))
+ if (isc_safe_memequal(hkey1->key, hkey2->key, ISC_SHA384_BLOCK_LENGTH))
return (ISC_TRUE);
else
return (ISC_FALSE);
else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE);
- if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA512_BLOCK_LENGTH))
+ if (isc_safe_memequal(hkey1->key, hkey2->key, ISC_SHA512_BLOCK_LENGTH))
return (ISC_TRUE);
else
return (ISC_FALSE);
#include <isc/log.h>
#include <isc/string.h>
#include <isc/util.h>
+#include <isc/safe.h>
#include <dst/dst.h>
* Work out what this NSEC3 covers.
* Inside (<0) or outside (>=0).
*/
- scope = memcmp(owner, nsec3.next, nsec3.next_length);
+ scope = isc_safe_memcompare(owner, nsec3.next, nsec3.next_length);
/*
* Prepare to compute all the hashes.
return (ISC_R_IGNORE);
}
- order = memcmp(hash, owner, length);
+ order = isc_safe_memcompare(hash, owner, length);
if (first && order == 0) {
/*
* The hashes are the same.
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: opensslgost_link.c,v 1.5 2011/01/19 23:47:12 tbox Exp $ */
-
#include <config.h>
#ifdef HAVE_OPENSSL_GOST
#include <isc/entropy.h>
#include <isc/mem.h>
+#include <isc/safe.h>
#include <isc/string.h>
#include <isc/util.h>
p = der;
len = i2d_PUBKEY(pkey, &p);
INSIST(len == sizeof(der));
- INSIST(memcmp(gost_prefix, der, 37) == 0);
+ INSIST(isc_safe_memequal(gost_prefix, der, 37));
memmove(r.base, der + 37, 64);
isc_buffer_add(data, 64);
DST_R_VERIFYFAILURE));
if (status != (int)(prefixlen + digestlen))
return (DST_R_VERIFYFAILURE);
- if (memcmp(original, prefix, prefixlen))
+ if (!isc_safe_memequal(original, prefix, prefixlen))
return (DST_R_VERIFYFAILURE);
- if (memcmp(original + prefixlen, digest, digestlen))
+ if (!isc_safe_memequal(original + prefixlen,
+ digest, digestlen))
return (DST_R_VERIFYFAILURE);
status = 1;
}
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id$ */
-
/*! \file
* \brief
* Portable SPNEGO implementation.
#include <isc/mem.h>
#include <isc/once.h>
#include <isc/random.h>
+#include <isc/safe.h>
#include <isc/string.h>
#include <isc/time.h>
#include <isc/util.h>
if (((OM_uint32) *p++) != gssoid->length)
return (GSS_S_DEFECTIVE_TOKEN);
- return (memcmp(p, gssoid->elements, gssoid->length));
+ return (isc_safe_memcompare(p, gssoid->elements, gssoid->length));
}
/* accept_sec_context.c */
return (GSS_S_DEFECTIVE_TOKEN);
}
if (mech_len == GSS_KRB5_MECH->length &&
- memcmp(GSS_KRB5_MECH->elements,
- mechbuf + sizeof(mechbuf) - mech_len,
- mech_len) == 0) {
+ isc_safe_memequal(GSS_KRB5_MECH->elements,
+ mechbuf + sizeof(mechbuf) - mech_len,
+ mech_len))
+ {
found = 1;
break;
}
if (mech_len == GSS_MSKRB5_MECH->length &&
- memcmp(GSS_MSKRB5_MECH->elements,
- mechbuf + sizeof(mechbuf) - mech_len,
- mech_len) == 0) {
+ isc_safe_memequal(GSS_MSKRB5_MECH->elements,
+ mechbuf + sizeof(mechbuf) - mech_len,
+ mech_len))
+ {
found = 1;
if (i == 0)
pref = GSS_MSKRB5_MECH;
p += foo;
if (mech_len != mech->length)
return (GSS_S_BAD_MECH);
- if (memcmp(p, mech->elements, mech->length) != 0)
+ if (!isc_safe_memequal(p, mech->elements, mech->length))
return (GSS_S_BAD_MECH);
p += mech_len;
*str = p;
buf = input_token->value;
buf_size = input_token->length;
} else if ((size_t)mech_len == GSS_KRB5_MECH->length &&
- memcmp(GSS_KRB5_MECH->elements, p, mech_len) == 0)
+ isc_safe_memequal(GSS_KRB5_MECH->elements, p, mech_len))
return (gss_init_sec_context(minor_status,
initiator_cred_handle,
context_handle,
ret_flags,
time_rec));
else if ((size_t)mech_len == GSS_SPNEGO_MECH->length &&
- memcmp(GSS_SPNEGO_MECH->elements, p, mech_len) == 0) {
+ isc_safe_memequal(GSS_SPNEGO_MECH->elements, p, mech_len)) {
ret = gssapi_spnego_decapsulate(minor_status,
input_token,
&buf,
resp.supportedMech,
&oidlen);
if (ret || oidlen != GSS_KRB5_MECH->length ||
- memcmp(oidbuf + sizeof(oidbuf) - oidlen,
- GSS_KRB5_MECH->elements,
- oidlen) != 0) {
+ !isc_safe_memequal(oidbuf + sizeof(oidbuf) - oidlen,
+ GSS_KRB5_MECH->elements, oidlen))
+ {
free_NegTokenResp(&resp);
return GSS_S_BAD_MECH;
}
REQUIRE(len <= ISC_MD5_DIGESTLENGTH);
isc_hmacmd5_sign(ctx, newdigest);
- return (isc_safe_memcmp(digest, newdigest, len));
+ return (isc_safe_memequal(digest, newdigest, len));
}
REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
isc_hmacsha1_sign(ctx, newdigest, ISC_SHA1_DIGESTLENGTH);
- return (isc_safe_memcmp(digest, newdigest, len));
+ return (isc_safe_memequal(digest, newdigest, len));
}
/*
REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
isc_hmacsha224_sign(ctx, newdigest, ISC_SHA224_DIGESTLENGTH);
- return (isc_safe_memcmp(digest, newdigest, len));
+ return (isc_safe_memequal(digest, newdigest, len));
}
/*
REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
isc_hmacsha256_sign(ctx, newdigest, ISC_SHA256_DIGESTLENGTH);
- return (isc_safe_memcmp(digest, newdigest, len));
+ return (isc_safe_memequal(digest, newdigest, len));
}
/*
REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
isc_hmacsha384_sign(ctx, newdigest, ISC_SHA384_DIGESTLENGTH);
- return (isc_safe_memcmp(digest, newdigest, len));
+ return (isc_safe_memequal(digest, newdigest, len));
}
/*
REQUIRE(len <= ISC_SHA512_DIGESTLENGTH);
isc_hmacsha512_sign(ctx, newdigest, ISC_SHA512_DIGESTLENGTH);
- return (isc_safe_memcmp(digest, newdigest, len));
+ return (isc_safe_memequal(digest, newdigest, len));
}
ISC_LANG_BEGINDECLS
isc_boolean_t
-isc_safe_memcmp(const void *s1, const void *s2, size_t n);
+isc_safe_memequal(const void *s1, const void *s2, size_t n);
/*%<
- * Clone of libc memcmp() safe to differential timing attacks.
+ * Returns ISC_TRUE iff. two blocks of memory are equal, otherwise
+ * ISC_FALSE.
+ *
+ */
+
+int
+isc_safe_memcompare(const void *b1, const void *b2, size_t len);
+/*%<
+ * Clone of libc memcmp() which is safe to differential timing attacks.
*/
ISC_LANG_ENDDECLS
/*
- * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2013, 2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2014 Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id$ */
-
/*! \file */
#include <config.h>
#endif
isc_boolean_t
-isc_safe_memcmp(const void *s1, const void *s2, size_t n) {
+isc_safe_memequal(const void *s1, const void *s2, size_t n) {
isc_uint8_t acc = 0;
if (n != 0U) {
}
return (ISC_TF(acc == 0));
}
+
+
+int
+isc_safe_memcompare(const void *b1, const void *b2, size_t len) {
+ const unsigned char *p1 = b1, *p2 = b2;
+ size_t i;
+ int res = 0, done = 0;
+
+ for (i = 0; i < len; i++) {
+ /* lt is -1 if p1[i] < p2[i]; else 0. */
+ int lt = (p1[i] - p2[i]) >> CHAR_BIT;
+
+ /* gt is -1 if p1[i] > p2[i]; else 0. */
+ int gt = (p2[i] - p1[i]) >> CHAR_BIT;
+
+ /* cmp is 1 if p1[i] > p2[i]; -1 if p1[i] < p2[i]; else 0. */
+ int cmp = lt - gt;
+
+ /* set res = cmp if !done. */
+ res |= cmp & ~done;
+
+ /* set done if p1[i] != p2[i]. */
+ done |= lt | gt;
+ }
+
+ return (res);
+}
#include <isc/safe.h>
#include <isc/util.h>
-ATF_TC(isc_safe_memcmp);
-ATF_TC_HEAD(isc_safe_memcmp, tc) {
- atf_tc_set_md_var(tc, "descr", "safe memcmp()");
+ATF_TC(isc_safe_memequal);
+ATF_TC_HEAD(isc_safe_memequal, tc) {
+ atf_tc_set_md_var(tc, "descr", "safe memequal()");
}
-ATF_TC_BODY(isc_safe_memcmp, tc) {
+ATF_TC_BODY(isc_safe_memequal, tc) {
UNUSED(tc);
- ATF_CHECK(isc_safe_memcmp("test", "test", 4));
- ATF_CHECK(!isc_safe_memcmp("test", "tesc", 4));
- ATF_CHECK(isc_safe_memcmp("\x00\x00\x00\x00", "\x00\x00\x00\x00", 4));
- ATF_CHECK(!isc_safe_memcmp("\x00\x00\x00\x00", "\x00\x00\x00\x01", 4));
- ATF_CHECK(!isc_safe_memcmp("\x00\x00\x00\x02", "\x00\x00\x00\x00", 4));
+ ATF_CHECK(isc_safe_memequal("test", "test", 4));
+ ATF_CHECK(!isc_safe_memequal("test", "tesc", 4));
+ ATF_CHECK(isc_safe_memequal("\x00\x00\x00\x00",
+ "\x00\x00\x00\x00", 4));
+ ATF_CHECK(!isc_safe_memequal("\x00\x00\x00\x00",
+ "\x00\x00\x00\x01", 4));
+ ATF_CHECK(!isc_safe_memequal("\x00\x00\x00\x02",
+ "\x00\x00\x00\x00", 4));
+}
+
+ATF_TC(isc_safe_memcompare);
+ATF_TC_HEAD(isc_safe_memcompare, tc) {
+ atf_tc_set_md_var(tc, "descr", "safe memcompare()");
+}
+ATF_TC_BODY(isc_safe_memcompare, tc) {
+ UNUSED(tc);
+
+ ATF_CHECK(isc_safe_memcompare("test", "test", 4) == 0);
+ ATF_CHECK(isc_safe_memcompare("test", "tesc", 4) > 0);
+ ATF_CHECK(isc_safe_memcompare("test", "tesy", 4) < 0);
+ ATF_CHECK(isc_safe_memcompare("\x00\x00\x00\x00",
+ "\x00\x00\x00\x00", 4) == 0);
+ ATF_CHECK(isc_safe_memcompare("\x00\x00\x00\x00",
+ "\x00\x00\x00\x01", 4) < 0);
+ ATF_CHECK(isc_safe_memcompare("\x00\x00\x00\x02",
+ "\x00\x00\x00\x00", 4) > 0);
}
/*
* Main
*/
ATF_TP_ADD_TCS(tp) {
- ATF_TP_ADD_TC(tp, isc_safe_memcmp);
+ ATF_TP_ADD_TC(tp, isc_safe_memequal);
+ ATF_TP_ADD_TC(tp, isc_safe_memcompare);
return (atf_no_error());
}
-
/*
* Verify.
*/
- if (!isc_safe_memcmp((unsigned char *) isccc_sexpr_tostring(hmd5),
- digestb64, HMD5_LENGTH))
+ if (!isc_safe_memequal((unsigned char *) isccc_sexpr_tostring(hmd5),
+ digestb64, HMD5_LENGTH))
return (ISCCC_R_BADAUTH);
return (ISC_R_SUCCESS);
projects / thirdparty / bind9.git / commitdiff
