- djm@cvs.openbsd.org 2010/07/13 11:52:06

[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] [packet.c ssh-rsa.c] implement a timing_safe_cmp() function to compare memory without leaking timing information by short-circuiting like memcmp() and use it for some of the more sensitive comparisons (though nothing high-value was readily attackable anyway); "looks ok" markus@
author: Damien Miller <djm@mindrot.org> 2010-07-16 13:57:51 +1000
committer: Damien Miller <djm@mindrot.org> 2010-07-16 13:57:51 +1000
commit: 8a0268f1b3f62292d4124f8d158e0587c4f7c330 (patch)
tree: 43493a3202569a2939f5616127d9de8689613a7b /monitor.c
parent: d0244d498ba970b9d9348429eaf7a4a0ef2b903c (diff)
1 files changed, 8 insertions, 8 deletions
diff --git a/monitor.c b/monitor.c
index 334aedde5..920728398 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.106 2010/03/07 11:57:13 dtucker Exp $ */
+/* $OpenBSD: monitor.c,v 1.107 2010/07/13 11:52:06 djm Exp $ */
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -518,7 +518,7 @@ monitor_allowed_key(u_char *blob, u_int bloblen)
 {
        /* make sure key is allowed */
        if (key_blob == NULL || key_bloblen != bloblen ||
-            memcmp(key_blob, blob, key_bloblen))
+            timing_safe_cmp(key_blob, blob, key_bloblen))
                return (0);
        return (1);
 }
@@ -1103,14 +1103,14 @@ monitor_valid_userblob(u_char *data, u_int datalen)
                len = buffer_len(&b);
                if ((session_id2 == NULL) ||
                    (len < session_id2_len) ||
-                    (memcmp(p, session_id2, session_id2_len) != 0))
+                    (timing_safe_cmp(p, session_id2, session_id2_len) != 0))
                        fail++;
                buffer_consume(&b, session_id2_len);
        } else {
                p = buffer_get_string(&b, &len);
                if ((session_id2 == NULL) ||
                    (len != session_id2_len) ||
-                    (memcmp(p, session_id2, session_id2_len) != 0))
+                    (timing_safe_cmp(p, session_id2, session_id2_len) != 0))
                        fail++;
                xfree(p);
        }
@@ -1158,7 +1158,7 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
        p = buffer_get_string(&b, &len);
        if ((session_id2 == NULL) ||
            (len != session_id2_len) ||
-            (memcmp(p, session_id2, session_id2_len) != 0))
+            (timing_safe_cmp(p, session_id2, session_id2_len) != 0))
                fail++;
        xfree(p);
@@ -1682,9 +1682,9 @@ mm_get_kex(Buffer *m)
        kex = xcalloc(1, sizeof(*kex));
        kex->session_id = buffer_get_string(m, &kex->session_id_len);
-        if ((session_id2 == NULL) ||
+        if (session_id2 == NULL ||
-            (kex->session_id_len != session_id2_len) ||
+            kex->session_id_len != session_id2_len ||
-            (memcmp(kex->session_id, session_id2, session_id2_len) != 0))
+            timing_safe_cmp(kex->session_id, session_id2, session_id2_len) != 0)
                fatal("mm_get_get: internal error: bad session id");
        kex->we_need = buffer_get_int(m);
        kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
author	Damien Miller <djm@mindrot.org>	2010-07-16 13:57:51 +1000
committer	Damien Miller <djm@mindrot.org>	2010-07-16 13:57:51 +1000
commit	8a0268f1b3f62292d4124f8d158e0587c4f7c330 (patch)
tree	43493a3202569a2939f5616127d9de8689613a7b /monitor.c
parent	d0244d498ba970b9d9348429eaf7a4a0ef2b903c (diff)

diff --git a/monitor.c b/monitor.c index 334aedde5..920728398 100644 --- a/monitor.c +++ b/monitor.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: monitor.c,v 1.106 2010/03/07 11:57:13 dtucker Exp $ */	1	/* $OpenBSD: monitor.c,v 1.107 2010/07/13 11:52:06 djm Exp $ */
2	/*	2	/*
3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>	3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>
4	* Copyright 2002 Markus Friedl <markus@openbsd.org>	4	* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -518,7 +518,7 @@ monitor_allowed_key(u_char *blob, u_int bloblen)
518	{	518	{
519	/* make sure key is allowed */	519	/* make sure key is allowed */
520	if (key_blob == NULL \|\| key_bloblen != bloblen \|\|	520	if (key_blob == NULL \|\| key_bloblen != bloblen \|\|
521	memcmp(key_blob, blob, key_bloblen))	521	timing_safe_cmp(key_blob, blob, key_bloblen))
522	return (0);	522	return (0);
523	return (1);	523	return (1);
524	}	524	}
@@ -1103,14 +1103,14 @@ monitor_valid_userblob(u_char *data, u_int datalen)
1103	len = buffer_len(&b);	1103	len = buffer_len(&b);
1104	if ((session_id2 == NULL) \|\|	1104	if ((session_id2 == NULL) \|\|
1105	(len < session_id2_len) \|\|	1105	(len < session_id2_len) \|\|
1106	(memcmp(p, session_id2, session_id2_len) != 0))	1106	(timing_safe_cmp(p, session_id2, session_id2_len) != 0))
1107	fail++;	1107	fail++;
1108	buffer_consume(&b, session_id2_len);	1108	buffer_consume(&b, session_id2_len);
1109	} else {	1109	} else {
1110	p = buffer_get_string(&b, &len);	1110	p = buffer_get_string(&b, &len);
1111	if ((session_id2 == NULL) \|\|	1111	if ((session_id2 == NULL) \|\|
1112	(len != session_id2_len) \|\|	1112	(len != session_id2_len) \|\|
1113	(memcmp(p, session_id2, session_id2_len) != 0))	1113	(timing_safe_cmp(p, session_id2, session_id2_len) != 0))
1114	fail++;	1114	fail++;
1115	xfree(p);	1115	xfree(p);
1116	}	1116	}
@@ -1158,7 +1158,7 @@ monitor_valid_hostbasedblob(u_char data, u_int datalen, char cuser,
1158	p = buffer_get_string(&b, &len);	1158	p = buffer_get_string(&b, &len);
1159	if ((session_id2 == NULL) \|\|	1159	if ((session_id2 == NULL) \|\|
1160	(len != session_id2_len) \|\|	1160	(len != session_id2_len) \|\|
1161	(memcmp(p, session_id2, session_id2_len) != 0))	1161	(timing_safe_cmp(p, session_id2, session_id2_len) != 0))
1162	fail++;	1162	fail++;
1163	xfree(p);	1163	xfree(p);
1164		1164
@@ -1682,9 +1682,9 @@ mm_get_kex(Buffer *m)
1682		1682
1683	kex = xcalloc(1, sizeof(*kex));	1683	kex = xcalloc(1, sizeof(*kex));
1684	kex->session_id = buffer_get_string(m, &kex->session_id_len);	1684	kex->session_id = buffer_get_string(m, &kex->session_id_len);
1685	if ((session_id2 == NULL) \|\|	1685	if (session_id2 == NULL \|\|
1686	(kex->session_id_len != session_id2_len) \|\|	1686	kex->session_id_len != session_id2_len \|\|
1687	(memcmp(kex->session_id, session_id2, session_id2_len) != 0))	1687	timing_safe_cmp(kex->session_id, session_id2, session_id2_len) != 0)
1688	fatal("mm_get_get: internal error: bad session id");	1688	fatal("mm_get_get: internal error: bad session id");
1689	kex->we_need = buffer_get_int(m);	1689	kex->we_need = buffer_get_int(m);
1690	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;	1690	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;