Add timingsafe_bcmp(3) to libc, mention that it's already in the

kernel in kern(9), and remove it from OpenSSH. ok deraadt@, djm@
author: matthew <> 2010-09-24 13:33:00 +0000
committer: matthew <> 2010-09-24 13:33:00 +0000
commit: ca3efbcfa52175f6883523a4782ce280dd592054 (patch)
tree: a85c16e95e9d9e32e4eb2a44cfd664f4e6320458 /src
parent: a94c2f0834fa88251427636d1ca7fb8d29c15712 (diff)
download: openbsd-ca3efbcfa52175f6883523a4782ce280dd592054.tar.gz
openbsd-ca3efbcfa52175f6883523a4782ce280dd592054.tar.bz2
openbsd-ca3efbcfa52175f6883523a4782ce280dd592054.zip
3 files changed, 62 insertions, 5 deletions
diff --git a/src/lib/libc/string/Makefile.inc b/src/lib/libc/string/Makefile.inc
index 3264b799f1..34edd8eb33 100644
--- a/src/lib/libc/string/Makefile.inc
+++ b/src/lib/libc/string/Makefile.inc
@@ -1,4 +1,4 @@
-#       $OpenBSD: Makefile.inc,v 1.22 2010/05/18 22:24:55 tedu Exp $
+#       $OpenBSD: Makefile.inc,v 1.23 2010/09/24 13:33:00 matthew Exp $
 # string sources
 .PATH: ${LIBCSRCDIR}/arch/${MACHINE_CPU}/string ${LIBCSRCDIR}/string
@@ -9,7 +9,8 @@ SRCS+=	bm.c memccpy.c memrchr.c strcasecmp.c strcasestr.c strcoll.c strdup.c \
        wcscat.c wcschr.c wcscmp.c wcscpy.c wcscspn.c wcslcat.c wcslcpy.c \
        wcslen.c wcsncat.c wcsncmp.c wcsncpy.c wcspbrk.c wcsrchr.c wcsspn.c \
        wcsstr.c wcstok.c wcswcs.c wcswidth.c wmemchr.c wmemcmp.c wmemcpy.c \
-        wmemmove.c wmemset.c
+        wmemmove.c wmemset.c \
+        timingsafe_bcmp.c
 # machine-dependent net sources
 # m-d Makefile.inc must include sources for:
@@ -178,3 +179,4 @@ MLINKS+=wmemchr.3 wcspbrk.3
 MLINKS+=wmemchr.3 wcsrchr.3
 MLINKS+=wmemchr.3 wcsspn.3
 MLINKS+=wmemchr.3 wcsstr.3
+MLINKS+=bcmp.3 timingsafe_bcmp.3
diff --git a/src/lib/libc/string/bcmp.3 b/src/lib/libc/string/bcmp.3
index 57e1a0fade..1a77750627 100644
--- a/src/lib/libc/string/bcmp.3
+++ b/src/lib/libc/string/bcmp.3
@@ -27,18 +27,21 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     $OpenBSD: bcmp.3,v 1.7 2007/05/31 19:19:32 jmc Exp $
+.\"     $OpenBSD: bcmp.3,v 1.8 2010/09/24 13:33:00 matthew Exp $
 .\"
-.Dd $Mdocdate: May 31 2007 $
+.Dd $Mdocdate: September 24 2010 $
 .Dt BCMP 3
 .Os
 .Sh NAME
-.Nm bcmp
+.Nm bcmp ,
+.Nm timingsafe_bcmp
 .Nd compare byte string
 .Sh SYNOPSIS
 .Fd #include <string.h>
 .Ft int
 .Fn bcmp "const void *b1" "const void *b2" "size_t len"
+.Ft int
+.Fn timingsafe_bcmp "const void *b1" "const void *b2" "size_t len"
 .Sh DESCRIPTION
 The
 .Fn bcmp
@@ -53,6 +56,20 @@ bytes long.
 Zero-length strings are always identical.
 .Pp
 The strings may overlap.
+.Pp
+The
+.Fn timingsafe_bcmp
+function has the same semantics as
+.Fn bcmp ,
+but its running time is independent of the contents of
+.Fa b1
+and
+.Fa b2 ,
+making it safe to use for comparing secret values such as cryptographic MACs.
+In contrast,
+.Fn bcmp
+returns after finding the first differing byte,
+making it vulnerable to timing attacks.
 .Sh SEE ALSO
 .Xr memcmp 3 ,
 .Xr strcasecmp 3 ,
@@ -64,3 +81,8 @@ A
 .Fn bcmp
 function first appeared in
 .Bx 4.2 .
+.Pp
+The
+.Fn timingsafe_bcmp
+function first appeared in
+.Ox 4.9 .
diff --git a/src/lib/libc/string/timingsafe_bcmp.c b/src/lib/libc/string/timingsafe_bcmp.c
new file mode 100644
index 0000000000..9c4287cf63
--- /dev/null
+++ b/src/lib/libc/string/timingsafe_bcmp.c
@@ -0,0 +1,33 @@
+/*      $OpenBSD: timingsafe_bcmp.c,v 1.1 2010/09/24 13:33:00 matthew Exp $     */
+/*
+ * Copyright (c) 2010 Damien Miller.  All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#if !defined(_KERNEL) && !defined(_STANDALONE)
+#include <string.h>
+#else
+#include <lib/libkern/libkern.h>
+#endif
+int
+timingsafe_bcmp(const void *b1, const void *b2, size_t n)
+{
+        const unsigned char *p1 = b1, *p2 = b2;
+        int ret = 0;
+        for (; n > 0; n--)
+                ret |= *p1++ ^ *p2++;
+        return (ret != 0);
+}
author	matthew <>	2010-09-24 13:33:00 +0000
committer	matthew <>	2010-09-24 13:33:00 +0000
commit	ca3efbcfa52175f6883523a4782ce280dd592054 (patch)
tree	a85c16e95e9d9e32e4eb2a44cfd664f4e6320458 /src
parent	a94c2f0834fa88251427636d1ca7fb8d29c15712 (diff)
download	openbsd-ca3efbcfa52175f6883523a4782ce280dd592054.tar.gz openbsd-ca3efbcfa52175f6883523a4782ce280dd592054.tar.bz2 openbsd-ca3efbcfa52175f6883523a4782ce280dd592054.zip

diff --git a/src/lib/libc/string/Makefile.inc b/src/lib/libc/string/Makefile.inc index 3264b799f1..34edd8eb33 100644 --- a/src/lib/libc/string/Makefile.inc +++ b/src/lib/libc/string/Makefile.inc
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile.inc,v 1.22 2010/05/18 22:24:55 tedu Exp $	1	# $OpenBSD: Makefile.inc,v 1.23 2010/09/24 13:33:00 matthew Exp $
2		2
3	# string sources	3	# string sources
4	.PATH: ${LIBCSRCDIR}/arch/${MACHINE_CPU}/string ${LIBCSRCDIR}/string	4	.PATH: ${LIBCSRCDIR}/arch/${MACHINE_CPU}/string ${LIBCSRCDIR}/string
@@ -9,7 +9,8 @@ SRCS+= bm.c memccpy.c memrchr.c strcasecmp.c strcasestr.c strcoll.c strdup.c \
9	wcscat.c wcschr.c wcscmp.c wcscpy.c wcscspn.c wcslcat.c wcslcpy.c \	9	wcscat.c wcschr.c wcscmp.c wcscpy.c wcscspn.c wcslcat.c wcslcpy.c \
10	wcslen.c wcsncat.c wcsncmp.c wcsncpy.c wcspbrk.c wcsrchr.c wcsspn.c \	10	wcslen.c wcsncat.c wcsncmp.c wcsncpy.c wcspbrk.c wcsrchr.c wcsspn.c \
11	wcsstr.c wcstok.c wcswcs.c wcswidth.c wmemchr.c wmemcmp.c wmemcpy.c \	11	wcsstr.c wcstok.c wcswcs.c wcswidth.c wmemchr.c wmemcmp.c wmemcpy.c \
12	wmemmove.c wmemset.c	12	wmemmove.c wmemset.c \
		13	timingsafe_bcmp.c
13		14
14	# machine-dependent net sources	15	# machine-dependent net sources
15	# m-d Makefile.inc must include sources for:	16	# m-d Makefile.inc must include sources for:
@@ -178,3 +179,4 @@ MLINKS+=wmemchr.3 wcspbrk.3
178	MLINKS+=wmemchr.3 wcsrchr.3	179	MLINKS+=wmemchr.3 wcsrchr.3
179	MLINKS+=wmemchr.3 wcsspn.3	180	MLINKS+=wmemchr.3 wcsspn.3
180	MLINKS+=wmemchr.3 wcsstr.3	181	MLINKS+=wmemchr.3 wcsstr.3
		182	MLINKS+=bcmp.3 timingsafe_bcmp.3


diff --git a/src/lib/libc/string/bcmp.3 b/src/lib/libc/string/bcmp.3 index 57e1a0fade..1a77750627 100644 --- a/src/lib/libc/string/bcmp.3 +++ b/src/lib/libc/string/bcmp.3
@@ -27,18 +27,21 @@
27	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF	27	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28	.\" SUCH DAMAGE.	28	.\" SUCH DAMAGE.
29	.\"	29	.\"
30	.\" $OpenBSD: bcmp.3,v 1.7 2007/05/31 19:19:32 jmc Exp $	30	.\" $OpenBSD: bcmp.3,v 1.8 2010/09/24 13:33:00 matthew Exp $
31	.\"	31	.\"
32	.Dd $Mdocdate: May 31 2007 $	32	.Dd $Mdocdate: September 24 2010 $
33	.Dt BCMP 3	33	.Dt BCMP 3
34	.Os	34	.Os
35	.Sh NAME	35	.Sh NAME
36	.Nm bcmp	36	.Nm bcmp ,
		37	.Nm timingsafe_bcmp
37	.Nd compare byte string	38	.Nd compare byte string
38	.Sh SYNOPSIS	39	.Sh SYNOPSIS
39	.Fd #include <string.h>	40	.Fd #include <string.h>
40	.Ft int	41	.Ft int
41	.Fn bcmp "const void b1" "const void b2" "size_t len"	42	.Fn bcmp "const void b1" "const void b2" "size_t len"
		43	.Ft int
		44	.Fn timingsafe_bcmp "const void b1" "const void b2" "size_t len"
42	.Sh DESCRIPTION	45	.Sh DESCRIPTION
43	The	46	The
44	.Fn bcmp	47	.Fn bcmp
@@ -53,6 +56,20 @@ bytes long.
53	Zero-length strings are always identical.	56	Zero-length strings are always identical.
54	.Pp	57	.Pp
55	The strings may overlap.	58	The strings may overlap.
		59	.Pp
		60	The
		61	.Fn timingsafe_bcmp
		62	function has the same semantics as
		63	.Fn bcmp ,
		64	but its running time is independent of the contents of
		65	.Fa b1
		66	and
		67	.Fa b2 ,
		68	making it safe to use for comparing secret values such as cryptographic MACs.
		69	In contrast,
		70	.Fn bcmp
		71	returns after finding the first differing byte,
		72	making it vulnerable to timing attacks.
56	.Sh SEE ALSO	73	.Sh SEE ALSO
57	.Xr memcmp 3 ,	74	.Xr memcmp 3 ,
58	.Xr strcasecmp 3 ,	75	.Xr strcasecmp 3 ,
@@ -64,3 +81,8 @@ A
64	.Fn bcmp	81	.Fn bcmp
65	function first appeared in	82	function first appeared in
66	.Bx 4.2 .	83	.Bx 4.2 .
		84	.Pp
		85	The
		86	.Fn timingsafe_bcmp
		87	function first appeared in
		88	.Ox 4.9 .


diff --git a/src/lib/libc/string/timingsafe_bcmp.c b/src/lib/libc/string/timingsafe_bcmp.c new file mode 100644 index 0000000000..9c4287cf63 --- /dev/null +++ b/src/lib/libc/string/timingsafe_bcmp.c
@@ -0,0 +1,33 @@
		1	/* $OpenBSD: timingsafe_bcmp.c,v 1.1 2010/09/24 13:33:00 matthew Exp $ */
		2	/*
		3	* Copyright (c) 2010 Damien Miller. All rights reserved.
		4	*
		5	* Permission to use, copy, modify, and distribute this software for any
		6	* purpose with or without fee is hereby granted, provided that the above
		7	* copyright notice and this permission notice appear in all copies.
		8	*
		9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	*/
		17
		18	#if !defined(_KERNEL) && !defined(_STANDALONE)
		19	#include <string.h>
		20	#else
		21	#include <lib/libkern/libkern.h>
		22	#endif
		23
		24	int
		25	timingsafe_bcmp(const void b1, const void b2, size_t n)
		26	{
		27	const unsigned char p1 = b1, p2 = b2;
		28	int ret = 0;
		29
		30	for (; n > 0; n--)
		31	ret \|= p1++ ^ p2++;
		32	return (ret != 0);
		33	}