diff options
| author | Greg Hudson <ghudson@mit.edu> | 2013-10-02 17:58:06 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2013-10-03 15:26:00 -0400 |
| commit | 07d68eec2788bfe80686608813f644838707c168 (patch) | |
| tree | 59c01da03dc85a005b5936ecf836eac4fe71c98b | |
| parent | ac7d07c2cc54e9f07fe81ac4c50bcc80ecc7ac54 (diff) | |
| download | krb5-07d68eec2788bfe80686608813f644838707c168.tar.gz krb5-07d68eec2788bfe80686608813f644838707c168.tar.xz krb5-07d68eec2788bfe80686608813f644838707c168.zip | |
Use constant-time comparisons for checksums
| -rw-r--r-- | src/lib/crypto/krb/checksum_confounder.c | 2 | ||||
| -rw-r--r-- | src/lib/crypto/krb/enc_dk_cmac.c | 2 | ||||
| -rw-r--r-- | src/lib/crypto/krb/enc_dk_hmac.c | 2 | ||||
| -rw-r--r-- | src/lib/crypto/krb/enc_old.c | 2 | ||||
| -rw-r--r-- | src/lib/crypto/krb/enc_rc4.c | 2 | ||||
| -rw-r--r-- | src/lib/crypto/krb/verify_checksum_iov.c | 4 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/k5unseal.c | 6 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/k5unsealiov.c | 4 | ||||
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_clnt.c | 4 | ||||
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_srv.c | 6 |
10 files changed, 17 insertions, 17 deletions
diff --git a/src/lib/crypto/krb/checksum_confounder.c b/src/lib/crypto/krb/checksum_confounder.c index 31c7cd364..34941562c 100644 --- a/src/lib/crypto/krb/checksum_confounder.c +++ b/src/lib/crypto/krb/checksum_confounder.c @@ -148,7 +148,7 @@ krb5_error_code krb5int_confounder_verify(const struct krb5_cksumtypes *ctp, goto cleanup; /* Compare the decrypted hash to the computed one. */ - *valid = (memcmp(plaintext + blocksize, computed.data, hashsize) == 0); + *valid = (k5_bcmp(plaintext + blocksize, computed.data, hashsize) == 0); cleanup: zapfree(plaintext, input->length); diff --git a/src/lib/crypto/krb/enc_dk_cmac.c b/src/lib/crypto/krb/enc_dk_cmac.c index e27c862ad..9bb3dbaec 100644 --- a/src/lib/crypto/krb/enc_dk_cmac.c +++ b/src/lib/crypto/krb/enc_dk_cmac.c @@ -169,7 +169,7 @@ krb5int_dk_cmac_decrypt(const struct krb5_keytypes *ktp, krb5_key key, ret = krb5int_cmac_checksum(enc, ki, data, num_data, &cksum); if (ret != 0) goto cleanup; - if (!data_eq(cksum, trailer->data)) + if (k5_bcmp(cksum.data, trailer->data.data, enc->block_size) != 0) ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; cleanup: diff --git a/src/lib/crypto/krb/enc_dk_hmac.c b/src/lib/crypto/krb/enc_dk_hmac.c index 217aa88f6..f16459ec2 100644 --- a/src/lib/crypto/krb/enc_dk_hmac.c +++ b/src/lib/crypto/krb/enc_dk_hmac.c @@ -256,7 +256,7 @@ krb5int_dk_decrypt(const struct krb5_keytypes *ktp, krb5_key key, goto cleanup; /* Compare only the possibly truncated length. */ - if (memcmp(cksum, trailer->data.data, hmacsize) != 0) { + if (k5_bcmp(cksum, trailer->data.data, hmacsize) != 0) { ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; goto cleanup; } diff --git a/src/lib/crypto/krb/enc_old.c b/src/lib/crypto/krb/enc_old.c index a40f70942..1b02a5915 100644 --- a/src/lib/crypto/krb/enc_old.c +++ b/src/lib/crypto/krb/enc_old.c @@ -169,7 +169,7 @@ krb5int_old_decrypt(const struct krb5_keytypes *ktp, krb5_key key, * the saved checksum. */ ret = hash->hash(data, num_data, &checksum); - if (memcmp(checksum.data, saved_checksum, checksum.length) != 0) { + if (k5_bcmp(checksum.data, saved_checksum, checksum.length) != 0) { ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; goto cleanup; } diff --git a/src/lib/crypto/krb/enc_rc4.c b/src/lib/crypto/krb/enc_rc4.c index 265e3c1d0..aac8508b1 100644 --- a/src/lib/crypto/krb/enc_rc4.c +++ b/src/lib/crypto/krb/enc_rc4.c @@ -277,7 +277,7 @@ krb5int_arcfour_decrypt(const struct krb5_keytypes *ktp, krb5_key key, if (ret != 0) goto cleanup; - if (memcmp(checksum.data, comp_checksum.data, hash->hashsize) != 0) { + if (k5_bcmp(checksum.data, comp_checksum.data, hash->hashsize) != 0) { if (usage == 9) { /* * RFC 4757 specifies usage 8 for TGS-REP encrypted parts diff --git a/src/lib/crypto/krb/verify_checksum_iov.c b/src/lib/crypto/krb/verify_checksum_iov.c index efa2adcaa..fc76c0e26 100644 --- a/src/lib/crypto/krb/verify_checksum_iov.c +++ b/src/lib/crypto/krb/verify_checksum_iov.c @@ -71,8 +71,8 @@ krb5_k_verify_checksum_iov(krb5_context context, ret = ctp->checksum(ctp, key, usage, data, num_data, &computed); if (ret == 0) { - *valid = (memcmp(computed.data, checksum->data.data, - ctp->output_size) == 0); + *valid = (k5_bcmp(computed.data, checksum->data.data, + ctp->output_size) == 0); } zapfree(computed.data, ctp->compute_size); diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c index aae74fcd1..ca21d43a9 100644 --- a/src/lib/gssapi/krb5/k5unseal.c +++ b/src/lib/gssapi/krb5/k5unseal.c @@ -309,7 +309,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, cksum.length = 16; cksum.contents = md5cksum.contents + 16 - cksum.length; - code = memcmp(cksum.contents, ptr+14, cksum.length); + code = k5_bcmp(cksum.contents, ptr + 14, cksum.length); break; case SGN_ALG_MD2_5: @@ -353,7 +353,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, return(GSS_S_FAILURE); } - code = memcmp(md5cksum.contents, ptr+14, 8); + code = k5_bcmp(md5cksum.contents, ptr + 14, 8); /* Falls through to defective-token?? */ default: @@ -393,7 +393,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, return(GSS_S_FAILURE); } - code = memcmp(md5cksum.contents, ptr+14, cksum_len); + code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len); break; } diff --git a/src/lib/gssapi/krb5/k5unsealiov.c b/src/lib/gssapi/krb5/k5unsealiov.c index 24853abec..e34bda475 100644 --- a/src/lib/gssapi/krb5/k5unsealiov.c +++ b/src/lib/gssapi/krb5/k5unsealiov.c @@ -234,11 +234,11 @@ kg_unseal_v1_iov(krb5_context context, cksum.length = cksum_len; cksum.contents = md5cksum.contents + 16 - cksum.length; - code = memcmp(cksum.contents, ptr + 14, cksum.length); + code = k5_bcmp(cksum.contents, ptr + 14, cksum.length); break; case SGN_ALG_HMAC_SHA1_DES3_KD: case SGN_ALG_HMAC_MD5: - code = memcmp(md5cksum.contents, ptr + 14, cksum_len); + code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len); break; default: code = 0; diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c index 9d7d7bd6e..bfa25ae61 100644 --- a/src/plugins/preauth/pkinit/pkinit_clnt.c +++ b/src/plugins/preauth/pkinit/pkinit_clnt.c @@ -903,8 +903,8 @@ pkinit_as_rep_parse(krb5_context context, } if ((cksum.length != key_pack->asChecksum.length) || - memcmp(cksum.contents, key_pack->asChecksum.contents, - cksum.length)) { + k5_bcmp(cksum.contents, key_pack->asChecksum.contents, + cksum.length) != 0) { TRACE_PKINIT_CLIENT_REP_CHECKSUM_FAIL(context, &cksum, &key_pack->asChecksum); pkiDebug("failed to match the checksums\n"); diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c index 640e835ca..1179216b5 100644 --- a/src/plugins/preauth/pkinit/pkinit_srv.c +++ b/src/plugins/preauth/pkinit/pkinit_srv.c @@ -461,9 +461,9 @@ pkinit_server_verify_padata(krb5_context context, goto cleanup; } if (cksum.length != auth_pack->pkAuthenticator.paChecksum.length || - memcmp(cksum.contents, - auth_pack->pkAuthenticator.paChecksum.contents, - cksum.length)) { + k5_bcmp(cksum.contents, + auth_pack->pkAuthenticator.paChecksum.contents, + cksum.length) != 0) { pkiDebug("failed to match the checksum\n"); #ifdef DEBUG_CKSUM pkiDebug("calculating checksum on buf size (%d)\n", |