summaryrefslogtreecommitdiffstats
path: root/src/openvpn/crypto.c
diff options
context:
space:
mode:
authorSteffan Karger <steffan.karger@fox-it.com>2013-03-19 13:01:50 +0100
committerGert Doering <gert@greenie.muc.de>2013-03-22 17:06:04 +0100
commit11d21349a4e7e38a025849479b36ace7c2eec2ee (patch)
treefb4c2112667f55216193908532bcb55a7e2f9bc1 /src/openvpn/crypto.c
parent9a3f670248d6f519a399e65a7232e2196b5115db (diff)
downloadopenvpn-11d21349a4e7e38a025849479b36ace7c2eec2ee.tar.gz
openvpn-11d21349a4e7e38a025849479b36ace7c2eec2ee.tar.xz
openvpn-11d21349a4e7e38a025849479b36ace7c2eec2ee.zip
Use constant time memcmp when comparing HMACs in openvpn_decrypt.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: Gert Doering <gert@greenie.muc.de>
Notes
Notes: This issue has been assigned to CVE-2013-2061 URL: http://www.openwall.com/lists/oss-security/2013/05/06/6 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2061
Diffstat (limited to 'src/openvpn/crypto.c')
-rw-r--r--src/openvpn/crypto.c20
1 files changed, 19 insertions, 1 deletions
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 405c0aa..d9adf5b 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -65,6 +65,24 @@
#define CRYPT_ERROR(format) \
do { msg (D_CRYPT_ERRORS, "%s: " format, error_prefix); goto error_exit; } while (false)
+/**
+ * As memcmp(), but constant-time.
+ * Returns 0 when data is equal, non-zero otherwise.
+ */
+static int
+memcmp_constant_time (const void *a, const void *b, size_t size) {
+ const uint8_t * a1 = a;
+ const uint8_t * b1 = b;
+ int ret = 0;
+ size_t i;
+
+ for (i = 0; i < size; i++) {
+ ret |= *a1++ ^ *b1++;
+ }
+
+ return ret;
+}
+
void
openvpn_encrypt (struct buffer *buf, struct buffer work,
const struct crypto_options *opt,
@@ -244,7 +262,7 @@ openvpn_decrypt (struct buffer *buf, struct buffer work,
hmac_ctx_final (ctx->hmac, local_hmac);
/* Compare locally computed HMAC with packet HMAC */
- if (memcmp (local_hmac, BPTR (buf), hmac_len))
+ if (memcmp_constant_time (local_hmac, BPTR (buf), hmac_len))
CRYPT_ERROR ("packet HMAC authentication failed");
ASSERT (buf_advance (buf, hmac_len));
generated by cgit (git 2.34.1) at 2024-05-05 03:31:19 +0000