diff options
author | Damien Miller <djm@mindrot.org> | 2010-07-16 13:57:51 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2010-07-16 13:57:51 +1000 |
commit | 8a0268f1b3f62292d4124f8d158e0587c4f7c330 (patch) | |
tree | 43493a3202569a2939f5616127d9de8689613a7b /monitor.c | |
parent | d0244d498ba970b9d9348429eaf7a4a0ef2b903c (diff) |
- djm@cvs.openbsd.org 2010/07/13 11:52:06
[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c]
[packet.c ssh-rsa.c]
implement a timing_safe_cmp() function to compare memory without leaking
timing information by short-circuiting like memcmp() and use it for
some of the more sensitive comparisons (though nothing high-value was
readily attackable anyway); "looks ok" markus@
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 16 |
1 files changed, 8 insertions, 8 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.106 2010/03/07 11:57:13 dtucker Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.107 2010/07/13 11:52:06 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -518,7 +518,7 @@ monitor_allowed_key(u_char *blob, u_int bloblen) | |||
518 | { | 518 | { |
519 | /* make sure key is allowed */ | 519 | /* make sure key is allowed */ |
520 | if (key_blob == NULL || key_bloblen != bloblen || | 520 | if (key_blob == NULL || key_bloblen != bloblen || |
521 | memcmp(key_blob, blob, key_bloblen)) | 521 | timing_safe_cmp(key_blob, blob, key_bloblen)) |
522 | return (0); | 522 | return (0); |
523 | return (1); | 523 | return (1); |
524 | } | 524 | } |
@@ -1103,14 +1103,14 @@ monitor_valid_userblob(u_char *data, u_int datalen) | |||
1103 | len = buffer_len(&b); | 1103 | len = buffer_len(&b); |
1104 | if ((session_id2 == NULL) || | 1104 | if ((session_id2 == NULL) || |
1105 | (len < session_id2_len) || | 1105 | (len < session_id2_len) || |
1106 | (memcmp(p, session_id2, session_id2_len) != 0)) | 1106 | (timing_safe_cmp(p, session_id2, session_id2_len) != 0)) |
1107 | fail++; | 1107 | fail++; |
1108 | buffer_consume(&b, session_id2_len); | 1108 | buffer_consume(&b, session_id2_len); |
1109 | } else { | 1109 | } else { |
1110 | p = buffer_get_string(&b, &len); | 1110 | p = buffer_get_string(&b, &len); |
1111 | if ((session_id2 == NULL) || | 1111 | if ((session_id2 == NULL) || |
1112 | (len != session_id2_len) || | 1112 | (len != session_id2_len) || |
1113 | (memcmp(p, session_id2, session_id2_len) != 0)) | 1113 | (timing_safe_cmp(p, session_id2, session_id2_len) != 0)) |
1114 | fail++; | 1114 | fail++; |
1115 | xfree(p); | 1115 | xfree(p); |
1116 | } | 1116 | } |
@@ -1158,7 +1158,7 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, | |||
1158 | p = buffer_get_string(&b, &len); | 1158 | p = buffer_get_string(&b, &len); |
1159 | if ((session_id2 == NULL) || | 1159 | if ((session_id2 == NULL) || |
1160 | (len != session_id2_len) || | 1160 | (len != session_id2_len) || |
1161 | (memcmp(p, session_id2, session_id2_len) != 0)) | 1161 | (timing_safe_cmp(p, session_id2, session_id2_len) != 0)) |
1162 | fail++; | 1162 | fail++; |
1163 | xfree(p); | 1163 | xfree(p); |
1164 | 1164 | ||
@@ -1682,9 +1682,9 @@ mm_get_kex(Buffer *m) | |||
1682 | 1682 | ||
1683 | kex = xcalloc(1, sizeof(*kex)); | 1683 | kex = xcalloc(1, sizeof(*kex)); |
1684 | kex->session_id = buffer_get_string(m, &kex->session_id_len); | 1684 | kex->session_id = buffer_get_string(m, &kex->session_id_len); |
1685 | if ((session_id2 == NULL) || | 1685 | if (session_id2 == NULL || |
1686 | (kex->session_id_len != session_id2_len) || | 1686 | kex->session_id_len != session_id2_len || |
1687 | (memcmp(kex->session_id, session_id2, session_id2_len) != 0)) | 1687 | timing_safe_cmp(kex->session_id, session_id2, session_id2_len) != 0) |
1688 | fatal("mm_get_get: internal error: bad session id"); | 1688 | fatal("mm_get_get: internal error: bad session id"); |
1689 | kex->we_need = buffer_get_int(m); | 1689 | kex->we_need = buffer_get_int(m); |
1690 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | 1690 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |