Google Git
Sign in
flutter / third_party / openssl / 7c770d572a719fa40fa9c82807a0bd3840baf4a0^! / . / ssl
commit7c770d572a719fa40fa9c82807a0bd3840baf4a0[log] [tgz]
authorBen Laurie <ben@links.org>Mon Jan 28 17:30:38 2013 +0000
committerDr. Stephen Henson <steve@openssl.org>Wed Feb 06 14:16:55 2013 +0000
treebc4d2be0bd12ef55460d16c760d87ff9ae954aa0
parentea34a58385058748c51037bfb2c3208ee639f5f1 [diff]
Add and use a constant-time memcmp.

This change adds CRYPTO_memcmp, which compares two vectors of bytes in
an amount of time that's independent of their contents. It also changes
several MAC compares in the code to use this over the standard memcmp,
which may leak information about the size of a matching prefix.
(cherry picked from commit 2ee798880a246d648ecddadc5b91367bee4a5d98)

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 987af60..5e2c56c 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c

@@ -463,7 +463,7 @@
 		else
 			rr->length = 0;
 		i=s->method->ssl3_enc->mac(s,md,0);
-		if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0)
+		if (i < 0 || mac == NULL || CRYPTO_memcmp(md,mac,mac_size) != 0)
 			{
 			decryption_failed_or_bad_record_mac = 1;
 			}

diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 76b690e..03b6cf9 100644
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c

@@ -939,7 +939,7 @@
 		s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */
 	p += 1;
 
-	if (memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
+	if (CRYPTO_memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
 		{
 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 		SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);

diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c
index ac963b2..8bb6ab8 100644
--- a/ssl/s2_pkt.c
+++ b/ssl/s2_pkt.c

@@ -269,8 +269,7 @@
 			s->s2->ract_data_length-=mac_size;
 			ssl2_mac(s,mac,0);
 			s->s2->ract_data_length-=s->s2->padding;
-			if (	(memcmp(mac,s->s2->mac_data,
-				(unsigned int)mac_size) != 0) ||
+			if (	(CRYPTO_memcmp(mac,s->s2->mac_data,mac_size) != 0) ||
 				(s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
 				{
 				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 3495314..a537738 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c

@@ -265,7 +265,7 @@
 		goto f_err;
 		}
 
-	if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
+	if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
 		{
 		al=SSL_AD_DECRYPT_ERROR;
 		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 4299af1..9246ff2 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c

@@ -465,7 +465,7 @@
 #endif
 			}
 		i=s->method->ssl3_enc->mac(s,md,0);
-		if (i < 0 || mac == NULL || memcmp(md, mac, (size_t)mac_size) != 0)
+		if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
 			{
 			decryption_failed_or_bad_record_mac = 1;
 			}

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index a1a8bad..92e8f88 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -3125,7 +3125,7 @@
 	HMAC_Update(&hctx, etick, eticklen);
 	HMAC_Final(&hctx, tick_hmac, NULL);
 	HMAC_CTX_cleanup(&hctx);
-	if (memcmp(tick_hmac, etick + eticklen, mlen))
+	if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen))
 		return 2;
 	/* Attempt to decrypt session data */
 	/* Move p after IV to start of encrypted ticket, update length */