Replace remaining CRYPTO_memcmp() calls with timingsafe_memcmp().

ok doug@ deraadt@
author: jsing <> 2015-06-20 12:01:14 +0000
committer: jsing <> 2015-06-20 12:01:14 +0000
commit: 4fbad15f23f9774fc485f5683eaed15955f59a37 (patch)
tree: d277b5bd406ae47b77e084fa58edf42d3d2d2acc
parent: 0e59c6900776389d4ff50bcad5b47b2b9b8b8912 (diff)
download: openbsd-4fbad15f23f9774fc485f5683eaed15955f59a37.tar.gz
openbsd-4fbad15f23f9774fc485f5683eaed15955f59a37.tar.bz2
openbsd-4fbad15f23f9774fc485f5683eaed15955f59a37.zip
6 files changed, 12 insertions, 12 deletions
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 85591cfcb7..0a9455a5d2 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.27 2015/02/10 09:50:12 miod Exp $ */
+/* $OpenBSD: e_aes.c,v 1.28 2015/06/20 12:01:14 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -1499,7 +1499,7 @@ aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
        }
        CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len);
-        if (CRYPTO_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) {
+        if (timingsafe_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) {
                EVPerr(EVP_F_AEAD_AES_GCM_OPEN, EVP_R_BAD_DECRYPT);
                return 0;
        }
diff --git a/src/lib/libcrypto/evp/e_chacha20poly1305.c b/src/lib/libcrypto/evp/e_chacha20poly1305.c
index da1e036668..c003b0ba7f 100644
--- a/src/lib/libcrypto/evp/e_chacha20poly1305.c
+++ b/src/lib/libcrypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_chacha20poly1305.c,v 1.8 2014/07/10 22:45:57 jsing Exp $ */
+/* $OpenBSD: e_chacha20poly1305.c,v 1.9 2015/06/20 12:01:14 jsing Exp $ */
 /*
 * Copyright (c) 2014, Google Inc.
 *
@@ -200,7 +200,7 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out,
        poly1305_update_with_length(&poly1305, in, plaintext_len);
        CRYPTO_poly1305_finish(&poly1305, mac);
-        if (CRYPTO_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) {
+        if (timingsafe_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) {
                EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_BAD_DECRYPT);
                return 0;
        }
diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c
index 8585d7c3aa..86e2bfc34f 100644
--- a/src/lib/libcrypto/rsa/rsa_oaep.c
+++ b/src/lib/libcrypto/rsa/rsa_oaep.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_oaep.c,v 1.24 2014/10/22 13:02:04 jsing Exp $ */
+/* $OpenBSD: rsa_oaep.c,v 1.25 2015/06/20 12:01:14 jsing Exp $ */
 /* Written by Ulf Moeller. This software is distributed on an "AS IS"
   basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
@@ -154,7 +154,7 @@ RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
        if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL))
                return -1;
-        if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
+        if (timingsafe_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
                goto decoding_err;
        else {
                for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
diff --git a/src/lib/libssl/src/crypto/evp/e_aes.c b/src/lib/libssl/src/crypto/evp/e_aes.c
index 85591cfcb7..0a9455a5d2 100644
--- a/src/lib/libssl/src/crypto/evp/e_aes.c
+++ b/src/lib/libssl/src/crypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.27 2015/02/10 09:50:12 miod Exp $ */
+/* $OpenBSD: e_aes.c,v 1.28 2015/06/20 12:01:14 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -1499,7 +1499,7 @@ aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
        }
        CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len);
-        if (CRYPTO_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) {
+        if (timingsafe_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) {
                EVPerr(EVP_F_AEAD_AES_GCM_OPEN, EVP_R_BAD_DECRYPT);
                return 0;
        }
diff --git a/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c b/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c
index da1e036668..c003b0ba7f 100644
--- a/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c
+++ b/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_chacha20poly1305.c,v 1.8 2014/07/10 22:45:57 jsing Exp $ */
+/* $OpenBSD: e_chacha20poly1305.c,v 1.9 2015/06/20 12:01:14 jsing Exp $ */
 /*
 * Copyright (c) 2014, Google Inc.
 *
@@ -200,7 +200,7 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out,
        poly1305_update_with_length(&poly1305, in, plaintext_len);
        CRYPTO_poly1305_finish(&poly1305, mac);
-        if (CRYPTO_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) {
+        if (timingsafe_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) {
                EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_BAD_DECRYPT);
                return 0;
        }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
index 8585d7c3aa..86e2bfc34f 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_oaep.c,v 1.24 2014/10/22 13:02:04 jsing Exp $ */
+/* $OpenBSD: rsa_oaep.c,v 1.25 2015/06/20 12:01:14 jsing Exp $ */
 /* Written by Ulf Moeller. This software is distributed on an "AS IS"
   basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
@@ -154,7 +154,7 @@ RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
        if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL))
                return -1;
-        if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
+        if (timingsafe_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
                goto decoding_err;
        else {
                for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
author	jsing <>	2015-06-20 12:01:14 +0000
committer	jsing <>	2015-06-20 12:01:14 +0000
commit	4fbad15f23f9774fc485f5683eaed15955f59a37 (patch)
tree	d277b5bd406ae47b77e084fa58edf42d3d2d2acc
parent	0e59c6900776389d4ff50bcad5b47b2b9b8b8912 (diff)
download	openbsd-4fbad15f23f9774fc485f5683eaed15955f59a37.tar.gz openbsd-4fbad15f23f9774fc485f5683eaed15955f59a37.tar.bz2 openbsd-4fbad15f23f9774fc485f5683eaed15955f59a37.zip

diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c index 85591cfcb7..0a9455a5d2 100644 --- a/src/lib/libcrypto/evp/e_aes.c +++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: e_aes.c,v 1.27 2015/02/10 09:50:12 miod Exp $ */	1	/* $OpenBSD: e_aes.c,v 1.28 2015/06/20 12:01:14 jsing Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -1499,7 +1499,7 @@ aead_aes_gcm_open(const EVP_AEAD_CTX ctx, unsigned char out, size_t *out_len,
1499	}	1499	}
1500		1500
1501	CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len);	1501	CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len);
1502	if (CRYPTO_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) {	1502	if (timingsafe_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) {
1503	EVPerr(EVP_F_AEAD_AES_GCM_OPEN, EVP_R_BAD_DECRYPT);	1503	EVPerr(EVP_F_AEAD_AES_GCM_OPEN, EVP_R_BAD_DECRYPT);
1504	return 0;	1504	return 0;
1505	}	1505	}


diff --git a/src/lib/libcrypto/evp/e_chacha20poly1305.c b/src/lib/libcrypto/evp/e_chacha20poly1305.c index da1e036668..c003b0ba7f 100644 --- a/src/lib/libcrypto/evp/e_chacha20poly1305.c +++ b/src/lib/libcrypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: e_chacha20poly1305.c,v 1.8 2014/07/10 22:45:57 jsing Exp $ */	1	/* $OpenBSD: e_chacha20poly1305.c,v 1.9 2015/06/20 12:01:14 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014, Google Inc.	3	* Copyright (c) 2014, Google Inc.
4	*	4	*
@@ -200,7 +200,7 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX ctx, unsigned char out,
200	poly1305_update_with_length(&poly1305, in, plaintext_len);	200	poly1305_update_with_length(&poly1305, in, plaintext_len);
201	CRYPTO_poly1305_finish(&poly1305, mac);	201	CRYPTO_poly1305_finish(&poly1305, mac);
202		202
203	if (CRYPTO_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) {	203	if (timingsafe_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) {
204	EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_BAD_DECRYPT);	204	EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_BAD_DECRYPT);
205	return 0;	205	return 0;
206	}	206	}


diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c index 8585d7c3aa..86e2bfc34f 100644 --- a/src/lib/libcrypto/rsa/rsa_oaep.c +++ b/src/lib/libcrypto/rsa/rsa_oaep.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: rsa_oaep.c,v 1.24 2014/10/22 13:02:04 jsing Exp $ */	1	/* $OpenBSD: rsa_oaep.c,v 1.25 2015/06/20 12:01:14 jsing Exp $ */
2	/* Written by Ulf Moeller. This software is distributed on an "AS IS"	2	/* Written by Ulf Moeller. This software is distributed on an "AS IS"
3	basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */	3	basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
4		4
@@ -154,7 +154,7 @@ RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
154	if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL))	154	if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL))
155	return -1;	155	return -1;
156		156
157	if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 \|\| bad)	157	if (timingsafe_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 \|\| bad)
158	goto decoding_err;	158	goto decoding_err;
159	else {	159	else {
160	for (i = SHA_DIGEST_LENGTH; i < dblen; i++)	160	for (i = SHA_DIGEST_LENGTH; i < dblen; i++)


diff --git a/src/lib/libssl/src/crypto/evp/e_aes.c b/src/lib/libssl/src/crypto/evp/e_aes.c index 85591cfcb7..0a9455a5d2 100644 --- a/src/lib/libssl/src/crypto/evp/e_aes.c +++ b/src/lib/libssl/src/crypto/evp/e_aes.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: e_aes.c,v 1.27 2015/02/10 09:50:12 miod Exp $ */	1	/* $OpenBSD: e_aes.c,v 1.28 2015/06/20 12:01:14 jsing Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -1499,7 +1499,7 @@ aead_aes_gcm_open(const EVP_AEAD_CTX ctx, unsigned char out, size_t *out_len,
1499	}	1499	}
1500		1500
1501	CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len);	1501	CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len);
1502	if (CRYPTO_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) {	1502	if (timingsafe_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) {
1503	EVPerr(EVP_F_AEAD_AES_GCM_OPEN, EVP_R_BAD_DECRYPT);	1503	EVPerr(EVP_F_AEAD_AES_GCM_OPEN, EVP_R_BAD_DECRYPT);
1504	return 0;	1504	return 0;
1505	}	1505	}


diff --git a/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c b/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c index da1e036668..c003b0ba7f 100644 --- a/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c +++ b/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: e_chacha20poly1305.c,v 1.8 2014/07/10 22:45:57 jsing Exp $ */	1	/* $OpenBSD: e_chacha20poly1305.c,v 1.9 2015/06/20 12:01:14 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014, Google Inc.	3	* Copyright (c) 2014, Google Inc.
4	*	4	*
@@ -200,7 +200,7 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX ctx, unsigned char out,
200	poly1305_update_with_length(&poly1305, in, plaintext_len);	200	poly1305_update_with_length(&poly1305, in, plaintext_len);
201	CRYPTO_poly1305_finish(&poly1305, mac);	201	CRYPTO_poly1305_finish(&poly1305, mac);
202		202
203	if (CRYPTO_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) {	203	if (timingsafe_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) {
204	EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_BAD_DECRYPT);	204	EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_BAD_DECRYPT);
205	return 0;	205	return 0;
206	}	206	}


diff --git a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c index 8585d7c3aa..86e2bfc34f 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: rsa_oaep.c,v 1.24 2014/10/22 13:02:04 jsing Exp $ */	1	/* $OpenBSD: rsa_oaep.c,v 1.25 2015/06/20 12:01:14 jsing Exp $ */
2	/* Written by Ulf Moeller. This software is distributed on an "AS IS"	2	/* Written by Ulf Moeller. This software is distributed on an "AS IS"
3	basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */	3	basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
4		4
@@ -154,7 +154,7 @@ RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
154	if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL))	154	if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL))
155	return -1;	155	return -1;
156		156
157	if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 \|\| bad)	157	if (timingsafe_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 \|\| bad)
158	goto decoding_err;	158	goto decoding_err;
159	else {	159	else {
160	for (i = SHA_DIGEST_LENGTH; i < dblen; i++)	160	for (i = SHA_DIGEST_LENGTH; i < dblen; i++)