Sophie

Sophie

distrib > Mageia > 2 > i586 > by-pkgid > 407ba4b4930b358eca22275a991be50b > files > 8

openvpn-2.2.2-5.3.mga2.src.rpm

From 11d21349a4e7e38a025849479b36ace7c2eec2ee Mon Sep 17 00:00:00 2001
From: Steffan Karger <steffan.karger@fox-it.com>
Date: Tue, 19 Mar 2013 13:01:50 +0100
Subject: [PATCH] Use constant time memcmp when comparing HMACs in
 openvpn_decrypt.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---
 buffer.h |  8 ++++++++
 crypto.c | 20 +++++++++++++++++++-
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git buffer.h buffer.h
index 7cae733..93efb09 100644
--- buffer.h
+++ buffer.h
@@ -615,6 +615,10 @@ bool openvpn_snprintf(char *str, size_t size, const char *format, ...)
     }
 }
 
+/**
+ * Compare src buffer contents with match.
+ * *NOT* constant time. Do not use when comparing HMACs.
+ */
 static inline bool
 buf_string_match (const struct buffer *src, const void *match, int size)
 {
@@ -623,6 +627,10 @@ bool openvpn_snprintf(char *str, size_t size, const char *format, ...)
   return memcmp (BPTR (src), match, size) == 0;
 }
 
+/**
+ * Compare first size bytes of src buffer contents with match.
+ * *NOT* constant time. Do not use when comparing HMACs.
+ */
 static inline bool
 buf_string_match_head (const struct buffer *src, const void *match, int size)
 {
diff --git crypto.c crypto.c
index 405c0aa..d9adf5b 100644
--- crypto.c
+++ crypto.c
@@ -70,6 +70,24 @@
 #define CRYPT_ERROR(format) \
   do { msg (D_CRYPT_ERRORS, "%s: " format, error_prefix); goto error_exit; } while (false)
 
+/**
+ * As memcmp(), but constant-time.
+ * Returns 0 when data is equal, non-zero otherwise.
+ */
+static int
+memcmp_constant_time (const void *a, const void *b, size_t size) {
+  const uint8_t * a1 = a;
+  const uint8_t * b1 = b;
+  int ret = 0;
+  size_t i;
+
+  for (i = 0; i < size; i++) {
+      ret |= *a1++ ^ *b1++;
+  }
+
+  return ret;
+}
+
 void
 openvpn_encrypt (struct buffer *buf, struct buffer work,
 		 const struct crypto_options *opt,
@@ -254,7 +272,7 @@
 	  ASSERT (hmac_len == in_hmac_len);
 
 	  /* Compare locally computed HMAC with packet HMAC */
-	  if (memcmp (local_hmac, BPTR (buf), hmac_len))
+	  if (memcmp_constant_time (local_hmac, BPTR (buf), hmac_len))
 	    CRYPT_ERROR ("packet HMAC authentication failed");
 
 	  ASSERT (buf_advance (buf, hmac_len));
-- 
1.8.1.6

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional