diff options
| author | tedu <> | 2014-06-19 21:29:51 +0000 |
|---|---|---|
| committer | tedu <> | 2014-06-19 21:29:51 +0000 |
| commit | 150e8864673fb3b65a00e9188f50ca6a5bae927d (patch) | |
| tree | 7d822bfb3203433ec1d2621e3b77a893bd97b408 | |
| parent | 41e038d2e8f6a205e6aa50aa0e910df4ff76ec9e (diff) | |
| download | openbsd-150e8864673fb3b65a00e9188f50ca6a5bae927d.tar.gz openbsd-150e8864673fb3b65a00e9188f50ca6a5bae927d.tar.bz2 openbsd-150e8864673fb3b65a00e9188f50ca6a5bae927d.zip | |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring
libc interfaces over libcrypto interfaces. for now we also prefer
timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable.
ok beck deraadt matthew miod
| -rw-r--r-- | src/lib/libssl/d1_pkt.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/s3_both.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/s3_pkt.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/d1_pkt.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_both.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_clnt.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_pkt.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_srvr.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_lib.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_sess.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_lib.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_reneg.c | 8 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_sess.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/t1_reneg.c | 8 |
18 files changed, 44 insertions, 44 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index aa2185d2ed..d75f56beb6 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_pkt.c,v 1.29 2014/06/15 15:29:25 jsing Exp $ */ | 1 | /* $OpenBSD: d1_pkt.c,v 1.30 2014/06/19 21:29:51 tedu Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -414,7 +414,7 @@ dtls1_process_record(SSL *s) | |||
| 414 | } | 414 | } |
| 415 | 415 | ||
| 416 | i = s->method->ssl3_enc->mac(s, md, 0 /* not send */); | 416 | i = s->method->ssl3_enc->mac(s, md, 0 /* not send */); |
| 417 | if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) | 417 | if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) |
| 418 | enc_err = -1; | 418 | enc_err = -1; |
| 419 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) | 419 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) |
| 420 | enc_err = -1; | 420 | enc_err = -1; |
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c index 4f40adbb1a..2da6b527e1 100644 --- a/src/lib/libssl/s3_both.c +++ b/src/lib/libssl/s3_both.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_both.c,v 1.24 2014/06/12 15:49:31 deraadt Exp $ */ | 1 | /* $OpenBSD: s3_both.c,v 1.25 2014/06/19 21:29:51 tedu Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -256,7 +256,7 @@ ssl3_get_finished(SSL *s, int a, int b) | |||
| 256 | goto f_err; | 256 | goto f_err; |
| 257 | } | 257 | } |
| 258 | 258 | ||
| 259 | if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) { | 259 | if (timingsafe_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) { |
| 260 | al = SSL_AD_DECRYPT_ERROR; | 260 | al = SSL_AD_DECRYPT_ERROR; |
| 261 | SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED); | 261 | SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED); |
| 262 | goto f_err; | 262 | goto f_err; |
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index d8036c4061..7257ba566d 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.70 2014/06/12 15:49:31 deraadt Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.71 2014/06/19 21:29:51 tedu Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -883,9 +883,9 @@ ssl3_get_server_hello(SSL *s) | |||
| 883 | } | 883 | } |
| 884 | 884 | ||
| 885 | if (j != 0 && j == s->session->session_id_length && | 885 | if (j != 0 && j == s->session->session_id_length && |
| 886 | CRYPTO_memcmp(p, s->session->session_id, j) == 0) { | 886 | timingsafe_memcmp(p, s->session->session_id, j) == 0) { |
| 887 | if (s->sid_ctx_length != s->session->sid_ctx_length || | 887 | if (s->sid_ctx_length != s->session->sid_ctx_length || |
| 888 | CRYPTO_memcmp(s->session->sid_ctx, | 888 | timingsafe_memcmp(s->session->sid_ctx, |
| 889 | s->sid_ctx, s->sid_ctx_length)) { | 889 | s->sid_ctx, s->sid_ctx_length)) { |
| 890 | /* actually a client application bug */ | 890 | /* actually a client application bug */ |
| 891 | al = SSL_AD_ILLEGAL_PARAMETER; | 891 | al = SSL_AD_ILLEGAL_PARAMETER; |
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index f5d8bedbea..a508d5ee49 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_pkt.c,v 1.47 2014/06/13 10:52:24 jsing Exp $ */ | 1 | /* $OpenBSD: s3_pkt.c,v 1.48 2014/06/19 21:29:51 tedu Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -447,7 +447,7 @@ again: | |||
| 447 | 447 | ||
| 448 | i = s->method->ssl3_enc->mac(s,md,0 /* not send */); | 448 | i = s->method->ssl3_enc->mac(s,md,0 /* not send */); |
| 449 | if (i < 0 || mac == NULL || | 449 | if (i < 0 || mac == NULL || |
| 450 | CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) | 450 | timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) |
| 451 | enc_err = -1; | 451 | enc_err = -1; |
| 452 | if (rr->length > | 452 | if (rr->length > |
| 453 | SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size) | 453 | SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size) |
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index cab034d18f..161534295f 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_srvr.c,v 1.65 2014/06/18 04:51:31 miod Exp $ */ | 1 | /* $OpenBSD: s3_srvr.c,v 1.66 2014/06/19 21:29:51 tedu Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1024,7 +1024,7 @@ ssl3_get_client_hello(SSL *s) | |||
| 1024 | goto f_err; | 1024 | goto f_err; |
| 1025 | } | 1025 | } |
| 1026 | /* else cookie verification succeeded */ | 1026 | /* else cookie verification succeeded */ |
| 1027 | } else if (CRYPTO_memcmp(s->d1->rcvd_cookie, s->d1->cookie, | 1027 | } else if (timingsafe_memcmp(s->d1->rcvd_cookie, s->d1->cookie, |
| 1028 | s->d1->cookie_len) != 0) { | 1028 | s->d1->cookie_len) != 0) { |
| 1029 | /* default verification */ | 1029 | /* default verification */ |
| 1030 | al = SSL_AD_HANDSHAKE_FAILURE; | 1030 | al = SSL_AD_HANDSHAKE_FAILURE; |
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c index aa2185d2ed..d75f56beb6 100644 --- a/src/lib/libssl/src/ssl/d1_pkt.c +++ b/src/lib/libssl/src/ssl/d1_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_pkt.c,v 1.29 2014/06/15 15:29:25 jsing Exp $ */ | 1 | /* $OpenBSD: d1_pkt.c,v 1.30 2014/06/19 21:29:51 tedu Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -414,7 +414,7 @@ dtls1_process_record(SSL *s) | |||
| 414 | } | 414 | } |
| 415 | 415 | ||
| 416 | i = s->method->ssl3_enc->mac(s, md, 0 /* not send */); | 416 | i = s->method->ssl3_enc->mac(s, md, 0 /* not send */); |
| 417 | if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) | 417 | if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) |
| 418 | enc_err = -1; | 418 | enc_err = -1; |
| 419 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) | 419 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) |
| 420 | enc_err = -1; | 420 | enc_err = -1; |
diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c index 4f40adbb1a..2da6b527e1 100644 --- a/src/lib/libssl/src/ssl/s3_both.c +++ b/src/lib/libssl/src/ssl/s3_both.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_both.c,v 1.24 2014/06/12 15:49:31 deraadt Exp $ */ | 1 | /* $OpenBSD: s3_both.c,v 1.25 2014/06/19 21:29:51 tedu Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -256,7 +256,7 @@ ssl3_get_finished(SSL *s, int a, int b) | |||
| 256 | goto f_err; | 256 | goto f_err; |
| 257 | } | 257 | } |
| 258 | 258 | ||
| 259 | if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) { | 259 | if (timingsafe_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) { |
| 260 | al = SSL_AD_DECRYPT_ERROR; | 260 | al = SSL_AD_DECRYPT_ERROR; |
| 261 | SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED); | 261 | SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED); |
| 262 | goto f_err; | 262 | goto f_err; |
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index d8036c4061..7257ba566d 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.70 2014/06/12 15:49:31 deraadt Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.71 2014/06/19 21:29:51 tedu Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -883,9 +883,9 @@ ssl3_get_server_hello(SSL *s) | |||
| 883 | } | 883 | } |
| 884 | 884 | ||
| 885 | if (j != 0 && j == s->session->session_id_length && | 885 | if (j != 0 && j == s->session->session_id_length && |
| 886 | CRYPTO_memcmp(p, s->session->session_id, j) == 0) { | 886 | timingsafe_memcmp(p, s->session->session_id, j) == 0) { |
| 887 | if (s->sid_ctx_length != s->session->sid_ctx_length || | 887 | if (s->sid_ctx_length != s->session->sid_ctx_length || |
| 888 | CRYPTO_memcmp(s->session->sid_ctx, | 888 | timingsafe_memcmp(s->session->sid_ctx, |
| 889 | s->sid_ctx, s->sid_ctx_length)) { | 889 | s->sid_ctx, s->sid_ctx_length)) { |
| 890 | /* actually a client application bug */ | 890 | /* actually a client application bug */ |
| 891 | al = SSL_AD_ILLEGAL_PARAMETER; | 891 | al = SSL_AD_ILLEGAL_PARAMETER; |
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c index f5d8bedbea..a508d5ee49 100644 --- a/src/lib/libssl/src/ssl/s3_pkt.c +++ b/src/lib/libssl/src/ssl/s3_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_pkt.c,v 1.47 2014/06/13 10:52:24 jsing Exp $ */ | 1 | /* $OpenBSD: s3_pkt.c,v 1.48 2014/06/19 21:29:51 tedu Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -447,7 +447,7 @@ again: | |||
| 447 | 447 | ||
| 448 | i = s->method->ssl3_enc->mac(s,md,0 /* not send */); | 448 | i = s->method->ssl3_enc->mac(s,md,0 /* not send */); |
| 449 | if (i < 0 || mac == NULL || | 449 | if (i < 0 || mac == NULL || |
| 450 | CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) | 450 | timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) |
| 451 | enc_err = -1; | 451 | enc_err = -1; |
| 452 | if (rr->length > | 452 | if (rr->length > |
| 453 | SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size) | 453 | SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size) |
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index cab034d18f..161534295f 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_srvr.c,v 1.65 2014/06/18 04:51:31 miod Exp $ */ | 1 | /* $OpenBSD: s3_srvr.c,v 1.66 2014/06/19 21:29:51 tedu Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1024,7 +1024,7 @@ ssl3_get_client_hello(SSL *s) | |||
| 1024 | goto f_err; | 1024 | goto f_err; |
| 1025 | } | 1025 | } |
| 1026 | /* else cookie verification succeeded */ | 1026 | /* else cookie verification succeeded */ |
| 1027 | } else if (CRYPTO_memcmp(s->d1->rcvd_cookie, s->d1->cookie, | 1027 | } else if (timingsafe_memcmp(s->d1->rcvd_cookie, s->d1->cookie, |
| 1028 | s->d1->cookie_len) != 0) { | 1028 | s->d1->cookie_len) != 0) { |
| 1029 | /* default verification */ | 1029 | /* default verification */ |
| 1030 | al = SSL_AD_HANDSHAKE_FAILURE; | 1030 | al = SSL_AD_HANDSHAKE_FAILURE; |
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c index 04c3393053..f867daab0e 100644 --- a/src/lib/libssl/src/ssl/ssl_lib.c +++ b/src/lib/libssl/src/ssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.68 2014/06/17 01:41:01 tedu Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.69 2014/06/19 21:29:51 tedu Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1678,7 +1678,7 @@ ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) | |||
| 1678 | return (1); | 1678 | return (1); |
| 1679 | if (a->session_id_length != b->session_id_length) | 1679 | if (a->session_id_length != b->session_id_length) |
| 1680 | return (1); | 1680 | return (1); |
| 1681 | if (CRYPTO_memcmp(a->session_id, b->session_id, a->session_id_length) != 0) | 1681 | if (timingsafe_memcmp(a->session_id, b->session_id, a->session_id_length) != 0) |
| 1682 | return (1); | 1682 | return (1); |
| 1683 | return (0); | 1683 | return (0); |
| 1684 | } | 1684 | } |
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c index 273a7d6817..9046dce7f8 100644 --- a/src/lib/libssl/src/ssl/ssl_sess.c +++ b/src/lib/libssl/src/ssl/ssl_sess.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sess.c,v 1.32 2014/06/12 15:49:31 deraadt Exp $ */ | 1 | /* $OpenBSD: ssl_sess.c,v 1.33 2014/06/19 21:29:51 tedu Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -498,7 +498,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 498 | /* Now ret is non-NULL and we own one of its reference counts. */ | 498 | /* Now ret is non-NULL and we own one of its reference counts. */ |
| 499 | 499 | ||
| 500 | if (ret->sid_ctx_length != s->sid_ctx_length | 500 | if (ret->sid_ctx_length != s->sid_ctx_length |
| 501 | || CRYPTO_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) { | 501 | || timingsafe_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) { |
| 502 | /* We have the session requested by the client, but we don't | 502 | /* We have the session requested by the client, but we don't |
| 503 | * want to use it in this context. */ | 503 | * want to use it in this context. */ |
| 504 | goto err; /* treat like cache miss */ | 504 | goto err; /* treat like cache miss */ |
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index 054de0ceef..7b3393820b 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.47 2014/06/18 04:49:40 miod Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.48 2014/06/19 21:29:51 tedu Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1879,7 +1879,7 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, | |||
| 1879 | renew_ticket = 1; | 1879 | renew_ticket = 1; |
| 1880 | } else { | 1880 | } else { |
| 1881 | /* Check key name matches */ | 1881 | /* Check key name matches */ |
| 1882 | if (CRYPTO_memcmp(etick, tctx->tlsext_tick_key_name, 16)) | 1882 | if (timingsafe_memcmp(etick, tctx->tlsext_tick_key_name, 16)) |
| 1883 | return 2; | 1883 | return 2; |
| 1884 | HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, | 1884 | HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, |
| 1885 | tlsext_tick_md(), NULL); | 1885 | tlsext_tick_md(), NULL); |
| @@ -1899,7 +1899,7 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, | |||
| 1899 | HMAC_Update(&hctx, etick, eticklen); | 1899 | HMAC_Update(&hctx, etick, eticklen); |
| 1900 | HMAC_Final(&hctx, tick_hmac, NULL); | 1900 | HMAC_Final(&hctx, tick_hmac, NULL); |
| 1901 | HMAC_CTX_cleanup(&hctx); | 1901 | HMAC_CTX_cleanup(&hctx); |
| 1902 | if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) { | 1902 | if (timingsafe_memcmp(tick_hmac, etick + eticklen, mlen)) { |
| 1903 | EVP_CIPHER_CTX_cleanup(&ctx); | 1903 | EVP_CIPHER_CTX_cleanup(&ctx); |
| 1904 | return 2; | 1904 | return 2; |
| 1905 | } | 1905 | } |
diff --git a/src/lib/libssl/src/ssl/t1_reneg.c b/src/lib/libssl/src/ssl/t1_reneg.c index 43ad73a598..483d311e9c 100644 --- a/src/lib/libssl/src/ssl/t1_reneg.c +++ b/src/lib/libssl/src/ssl/t1_reneg.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_reneg.c,v 1.6 2014/06/12 15:49:31 deraadt Exp $ */ | 1 | /* $OpenBSD: t1_reneg.c,v 1.7 2014/06/19 21:29:51 tedu Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -172,7 +172,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, | |||
| 172 | return 0; | 172 | return 0; |
| 173 | } | 173 | } |
| 174 | 174 | ||
| 175 | if (CRYPTO_memcmp(d, s->s3->previous_client_finished, | 175 | if (timingsafe_memcmp(d, s->s3->previous_client_finished, |
| 176 | s->s3->previous_client_finished_len)) { | 176 | s->s3->previous_client_finished_len)) { |
| 177 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, | 177 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, |
| 178 | SSL_R_RENEGOTIATION_MISMATCH); | 178 | SSL_R_RENEGOTIATION_MISMATCH); |
| @@ -259,7 +259,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, | |||
| 259 | return 0; | 259 | return 0; |
| 260 | } | 260 | } |
| 261 | 261 | ||
| 262 | if (CRYPTO_memcmp(d, s->s3->previous_client_finished, | 262 | if (timingsafe_memcmp(d, s->s3->previous_client_finished, |
| 263 | s->s3->previous_client_finished_len)) { | 263 | s->s3->previous_client_finished_len)) { |
| 264 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, | 264 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, |
| 265 | SSL_R_RENEGOTIATION_MISMATCH); | 265 | SSL_R_RENEGOTIATION_MISMATCH); |
| @@ -268,7 +268,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, | |||
| 268 | } | 268 | } |
| 269 | d += s->s3->previous_client_finished_len; | 269 | d += s->s3->previous_client_finished_len; |
| 270 | 270 | ||
| 271 | if (CRYPTO_memcmp(d, s->s3->previous_server_finished, | 271 | if (timingsafe_memcmp(d, s->s3->previous_server_finished, |
| 272 | s->s3->previous_server_finished_len)) { | 272 | s->s3->previous_server_finished_len)) { |
| 273 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, | 273 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, |
| 274 | SSL_R_RENEGOTIATION_MISMATCH); | 274 | SSL_R_RENEGOTIATION_MISMATCH); |
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 04c3393053..f867daab0e 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.68 2014/06/17 01:41:01 tedu Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.69 2014/06/19 21:29:51 tedu Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1678,7 +1678,7 @@ ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) | |||
| 1678 | return (1); | 1678 | return (1); |
| 1679 | if (a->session_id_length != b->session_id_length) | 1679 | if (a->session_id_length != b->session_id_length) |
| 1680 | return (1); | 1680 | return (1); |
| 1681 | if (CRYPTO_memcmp(a->session_id, b->session_id, a->session_id_length) != 0) | 1681 | if (timingsafe_memcmp(a->session_id, b->session_id, a->session_id_length) != 0) |
| 1682 | return (1); | 1682 | return (1); |
| 1683 | return (0); | 1683 | return (0); |
| 1684 | } | 1684 | } |
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index 273a7d6817..9046dce7f8 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sess.c,v 1.32 2014/06/12 15:49:31 deraadt Exp $ */ | 1 | /* $OpenBSD: ssl_sess.c,v 1.33 2014/06/19 21:29:51 tedu Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -498,7 +498,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 498 | /* Now ret is non-NULL and we own one of its reference counts. */ | 498 | /* Now ret is non-NULL and we own one of its reference counts. */ |
| 499 | 499 | ||
| 500 | if (ret->sid_ctx_length != s->sid_ctx_length | 500 | if (ret->sid_ctx_length != s->sid_ctx_length |
| 501 | || CRYPTO_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) { | 501 | || timingsafe_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) { |
| 502 | /* We have the session requested by the client, but we don't | 502 | /* We have the session requested by the client, but we don't |
| 503 | * want to use it in this context. */ | 503 | * want to use it in this context. */ |
| 504 | goto err; /* treat like cache miss */ | 504 | goto err; /* treat like cache miss */ |
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 054de0ceef..7b3393820b 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.47 2014/06/18 04:49:40 miod Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.48 2014/06/19 21:29:51 tedu Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1879,7 +1879,7 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, | |||
| 1879 | renew_ticket = 1; | 1879 | renew_ticket = 1; |
| 1880 | } else { | 1880 | } else { |
| 1881 | /* Check key name matches */ | 1881 | /* Check key name matches */ |
| 1882 | if (CRYPTO_memcmp(etick, tctx->tlsext_tick_key_name, 16)) | 1882 | if (timingsafe_memcmp(etick, tctx->tlsext_tick_key_name, 16)) |
| 1883 | return 2; | 1883 | return 2; |
| 1884 | HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, | 1884 | HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, |
| 1885 | tlsext_tick_md(), NULL); | 1885 | tlsext_tick_md(), NULL); |
| @@ -1899,7 +1899,7 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, | |||
| 1899 | HMAC_Update(&hctx, etick, eticklen); | 1899 | HMAC_Update(&hctx, etick, eticklen); |
| 1900 | HMAC_Final(&hctx, tick_hmac, NULL); | 1900 | HMAC_Final(&hctx, tick_hmac, NULL); |
| 1901 | HMAC_CTX_cleanup(&hctx); | 1901 | HMAC_CTX_cleanup(&hctx); |
| 1902 | if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) { | 1902 | if (timingsafe_memcmp(tick_hmac, etick + eticklen, mlen)) { |
| 1903 | EVP_CIPHER_CTX_cleanup(&ctx); | 1903 | EVP_CIPHER_CTX_cleanup(&ctx); |
| 1904 | return 2; | 1904 | return 2; |
| 1905 | } | 1905 | } |
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c index 43ad73a598..483d311e9c 100644 --- a/src/lib/libssl/t1_reneg.c +++ b/src/lib/libssl/t1_reneg.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_reneg.c,v 1.6 2014/06/12 15:49:31 deraadt Exp $ */ | 1 | /* $OpenBSD: t1_reneg.c,v 1.7 2014/06/19 21:29:51 tedu Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -172,7 +172,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, | |||
| 172 | return 0; | 172 | return 0; |
| 173 | } | 173 | } |
| 174 | 174 | ||
| 175 | if (CRYPTO_memcmp(d, s->s3->previous_client_finished, | 175 | if (timingsafe_memcmp(d, s->s3->previous_client_finished, |
| 176 | s->s3->previous_client_finished_len)) { | 176 | s->s3->previous_client_finished_len)) { |
| 177 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, | 177 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, |
| 178 | SSL_R_RENEGOTIATION_MISMATCH); | 178 | SSL_R_RENEGOTIATION_MISMATCH); |
| @@ -259,7 +259,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, | |||
| 259 | return 0; | 259 | return 0; |
| 260 | } | 260 | } |
| 261 | 261 | ||
| 262 | if (CRYPTO_memcmp(d, s->s3->previous_client_finished, | 262 | if (timingsafe_memcmp(d, s->s3->previous_client_finished, |
| 263 | s->s3->previous_client_finished_len)) { | 263 | s->s3->previous_client_finished_len)) { |
| 264 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, | 264 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, |
| 265 | SSL_R_RENEGOTIATION_MISMATCH); | 265 | SSL_R_RENEGOTIATION_MISMATCH); |
| @@ -268,7 +268,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, | |||
| 268 | } | 268 | } |
| 269 | d += s->s3->previous_client_finished_len; | 269 | d += s->s3->previous_client_finished_len; |
| 270 | 270 | ||
| 271 | if (CRYPTO_memcmp(d, s->s3->previous_server_finished, | 271 | if (timingsafe_memcmp(d, s->s3->previous_server_finished, |
| 272 | s->s3->previous_server_finished_len)) { | 272 | s->s3->previous_server_finished_len)) { |
| 273 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, | 273 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, |
| 274 | SSL_R_RENEGOTIATION_MISMATCH); | 274 | SSL_R_RENEGOTIATION_MISMATCH); |