- djm@cvs.openbsd.org 2010/07/13 11:52:06

[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] [packet.c ssh-rsa.c] implement a timing_safe_cmp() function to compare memory without leaking timing information by short-circuiting like memcmp() and use it for some of the more sensitive comparisons (though nothing high-value was readily attackable anyway); "looks ok" markus@
author: Damien Miller <djm@mindrot.org> 2010-07-16 13:57:51 +1000
committer: Damien Miller <djm@mindrot.org> 2010-07-16 13:57:51 +1000
commit: 8a0268f1b3f62292d4124f8d158e0587c4f7c330 (patch)
tree: 43493a3202569a2939f5616127d9de8689613a7b /packet.c
parent: d0244d498ba970b9d9348429eaf7a4a0ef2b903c (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/packet.c b/packet.c
index 994e35b6d..5c7ec2b5f 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.166 2009/06/27 09:29:06 andreas Exp $ */
+/* $OpenBSD: packet.c,v 1.167 2010/07/13 11:52:06 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1307,7 +1307,7 @@ packet_read_poll2(u_int32_t *seqnr_p)
                macbuf = mac_compute(mac, active_state->p_read.seqnr,
                    buffer_ptr(&active_state->incoming_packet),
                    buffer_len(&active_state->incoming_packet));
-                if (memcmp(macbuf, buffer_ptr(&active_state->input),
+                if (timing_safe_cmp(macbuf, buffer_ptr(&active_state->input),
                    mac->mac_len) != 0) {
                        logit("Corrupted MAC on input.");
                        if (need > PACKET_MAX_SIZE)
author	Damien Miller <djm@mindrot.org>	2010-07-16 13:57:51 +1000
committer	Damien Miller <djm@mindrot.org>	2010-07-16 13:57:51 +1000
commit	8a0268f1b3f62292d4124f8d158e0587c4f7c330 (patch)
tree	43493a3202569a2939f5616127d9de8689613a7b /packet.c
parent	d0244d498ba970b9d9348429eaf7a4a0ef2b903c (diff)

diff --git a/packet.c b/packet.c index 994e35b6d..5c7ec2b5f 100644 --- a/packet.c +++ b/packet.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: packet.c,v 1.166 2009/06/27 09:29:06 andreas Exp $ */	1	/* $OpenBSD: packet.c,v 1.167 2010/07/13 11:52:06 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1307,7 +1307,7 @@ packet_read_poll2(u_int32_t *seqnr_p)
1307	macbuf = mac_compute(mac, active_state->p_read.seqnr,	1307	macbuf = mac_compute(mac, active_state->p_read.seqnr,
1308	buffer_ptr(&active_state->incoming_packet),	1308	buffer_ptr(&active_state->incoming_packet),
1309	buffer_len(&active_state->incoming_packet));	1309	buffer_len(&active_state->incoming_packet));
1310	if (memcmp(macbuf, buffer_ptr(&active_state->input),	1310	if (timing_safe_cmp(macbuf, buffer_ptr(&active_state->input),
1311	mac->mac_len) != 0) {	1311	mac->mac_len) != 0) {
1312	logit("Corrupted MAC on input.");	1312	logit("Corrupted MAC on input.");
1313	if (need > PACKET_MAX_SIZE)	1313	if (need > PACKET_MAX_SIZE)