diff options
| author | Steffan Karger <steffan.karger@fox-it.com> | 2013-03-19 13:01:50 +0100 |
|---|---|---|
| committer | Gert Doering <gert@greenie.muc.de> | 2013-03-22 17:06:04 +0100 |
| commit | 11d21349a4e7e38a025849479b36ace7c2eec2ee (patch) | |
| tree | fb4c2112667f55216193908532bcb55a7e2f9bc1 /src/openvpn/buffer.h | |
| parent | 9a3f670248d6f519a399e65a7232e2196b5115db (diff) | |
| download | openvpn-11d21349a4e7e38a025849479b36ace7c2eec2ee.tar.gz openvpn-11d21349a4e7e38a025849479b36ace7c2eec2ee.tar.xz openvpn-11d21349a4e7e38a025849479b36ace7c2eec2ee.zip | |
Use constant time memcmp when comparing HMACs in openvpn_decrypt.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Notes
Notes:
This issue has been assigned to CVE-2013-2061
URL: http://www.openwall.com/lists/oss-security/2013/05/06/6
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2061
Diffstat (limited to 'src/openvpn/buffer.h')
| -rw-r--r-- | src/openvpn/buffer.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h index 7cae733..93efb09 100644 --- a/src/openvpn/buffer.h +++ b/src/openvpn/buffer.h @@ -668,6 +668,10 @@ buf_read_u32 (struct buffer *buf, bool *good) } } +/** + * Compare src buffer contents with match. + * *NOT* constant time. Do not use when comparing HMACs. + */ static inline bool buf_string_match (const struct buffer *src, const void *match, int size) { @@ -676,6 +680,10 @@ buf_string_match (const struct buffer *src, const void *match, int size) return memcmp (BPTR (src), match, size) == 0; } +/** + * Compare first size bytes of src buffer contents with match. + * *NOT* constant time. Do not use when comparing HMACs. + */ static inline bool buf_string_match_head (const struct buffer *src, const void *match, int size) { |