- djm@cvs.openbsd.org 2010/07/13 11:52:06

[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] [packet.c ssh-rsa.c] implement a timing_safe_cmp() function to compare memory without leaking timing information by short-circuiting like memcmp() and use it for some of the more sensitive comparisons (though nothing high-value was readily attackable anyway); "looks ok" markus@
author: Damien Miller <djm@mindrot.org> 2010-07-16 13:57:51 +1000
committer: Damien Miller <djm@mindrot.org> 2010-07-16 13:57:51 +1000
commit: 8a0268f1b3f62292d4124f8d158e0587c4f7c330 (patch)
tree: 43493a3202569a2939f5616127d9de8689613a7b /jpake.c
parent: d0244d498ba970b9d9348429eaf7a4a0ef2b903c (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/jpake.c b/jpake.c
index 130661069..50cf5c82e 100644
--- a/jpake.c
+++ b/jpake.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: jpake.c,v 1.2 2009/03/05 07:18:19 djm Exp $ */
+/* $OpenBSD: jpake.c,v 1.3 2010/07/13 11:52:06 djm Exp $ */
 /*
 * Copyright (c) 2008 Damien Miller.  All rights reserved.
 *
@@ -434,7 +434,7 @@ jpake_check_confirm(const BIGNUM *k,
        if (peer_confirm_hash_len != expected_confirm_hash_len)
                error("%s: confirmation length mismatch (my %u them %u)",
                    __func__, expected_confirm_hash_len, peer_confirm_hash_len);
-        else if (memcmp(peer_confirm_hash, expected_confirm_hash,
+        else if (timing_safe_cmp(peer_confirm_hash, expected_confirm_hash,
            expected_confirm_hash_len) == 0)
                success = 1;
        bzero(expected_confirm_hash, expected_confirm_hash_len);
author	Damien Miller <djm@mindrot.org>	2010-07-16 13:57:51 +1000
committer	Damien Miller <djm@mindrot.org>	2010-07-16 13:57:51 +1000
commit	8a0268f1b3f62292d4124f8d158e0587c4f7c330 (patch)
tree	43493a3202569a2939f5616127d9de8689613a7b /jpake.c
parent	d0244d498ba970b9d9348429eaf7a4a0ef2b903c (diff)

diff --git a/jpake.c b/jpake.c index 130661069..50cf5c82e 100644 --- a/jpake.c +++ b/jpake.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: jpake.c,v 1.2 2009/03/05 07:18:19 djm Exp $ */	1	/* $OpenBSD: jpake.c,v 1.3 2010/07/13 11:52:06 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2008 Damien Miller. All rights reserved.	3	* Copyright (c) 2008 Damien Miller. All rights reserved.
4	*	4	*
@@ -434,7 +434,7 @@ jpake_check_confirm(const BIGNUM *k,
434	if (peer_confirm_hash_len != expected_confirm_hash_len)	434	if (peer_confirm_hash_len != expected_confirm_hash_len)
435	error("%s: confirmation length mismatch (my %u them %u)",	435	error("%s: confirmation length mismatch (my %u them %u)",
436	__func__, expected_confirm_hash_len, peer_confirm_hash_len);	436	__func__, expected_confirm_hash_len, peer_confirm_hash_len);
437	else if (memcmp(peer_confirm_hash, expected_confirm_hash,	437	else if (timing_safe_cmp(peer_confirm_hash, expected_confirm_hash,
438	expected_confirm_hash_len) == 0)	438	expected_confirm_hash_len) == 0)
439	success = 1;	439	success = 1;
440	bzero(expected_confirm_hash, expected_confirm_hash_len);	440	bzero(expected_confirm_hash, expected_confirm_hash_len);