Use constant-time memcmp when comparing sensitive buffers

This helps to avoid timing attacks.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This commit is contained in:
Joseph Sutton
2022-02-17 15:35:51 +13:00
committed by Jeffrey Altman
parent 20f038f4f0
commit b19633f9b9
9 changed files with 12 additions and 12 deletions

View File

@@ -179,7 +179,7 @@ ntlm_service(void *ctx, const heim_idata *req,
goto failed;
if (ntq.ntChallengeResponce.length != answer.length ||
memcmp(ntq.ntChallengeResponce.data, answer.data, answer.length) != 0) {
ct_memcmp(ntq.ntChallengeResponce.data, answer.data, answer.length) != 0) {
free(answer.data);
ret = EINVAL;
goto failed;

View File

@@ -1314,7 +1314,7 @@ _kdc_do_digest(krb5_context context,
}
if (ireq.u.ntlmRequest.ntlm.length != answer.length ||
memcmp(ireq.u.ntlmRequest.ntlm.data, answer.data, answer.length) != 0)
ct_memcmp(ireq.u.ntlmRequest.ntlm.data, answer.data, answer.length) != 0)
{
free(answer.data);
ret = EINVAL;

View File

@@ -259,7 +259,7 @@ _gsskrb5_verify_8003_checksum(
}
if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
&& (memcmp(p, zeros, sizeof(zeros)) != 0 || client_asserted_cb)) {
&& (ct_memcmp(p, zeros, sizeof(zeros)) != 0 || client_asserted_cb)) {
if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) {
*minor_status = 0;
return GSS_S_BAD_BINDINGS;

View File

@@ -1359,7 +1359,7 @@ _gssapi_unwrap_iov_arcfour(OM_uint32 *minor_status,
return GSS_S_FAILURE;
}
cmp = (memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */
cmp = (ct_memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */
if (cmp) {
*minor_status = 0;
return GSS_S_BAD_MIC;

View File

@@ -588,7 +588,7 @@ _netlogon_unwrap_iov(OM_uint32 *minor_status,
/* [MS-NRPC] 3.3.4.2.2.10: verify signature */
_netlogon_digest(ctx, sig, iov, iov_count, checksum);
if (memcmp(sig->Checksum, checksum, _netlogon_checksum_length(sig)) != 0)
if (ct_memcmp(sig->Checksum, checksum, _netlogon_checksum_length(sig)) != 0)
return GSS_S_BAD_SIG;
HEIMDAL_MUTEX_lock(&ctx->Mutex);

View File

@@ -230,7 +230,7 @@ v2_verify_message(gss_buffer_t in,
if (ret)
return ret;
if (memcmp(checksum, out, 16) != 0)
if (ct_memcmp(checksum, out, 16) != 0)
return GSS_S_BAD_MIC;
return GSS_S_COMPLETE;

View File

@@ -426,7 +426,7 @@ RSA_verify(int type, const unsigned char *from, unsigned int flen,
return -4;
}
if (flen != di.digest.length || memcmp(di.digest.data, from, flen) != 0) {
if (flen != di.digest.length || ct_memcmp(di.digest.data, from, flen) != 0) {
free_DigestInfo(&di);
return -5;
}

View File

@@ -682,7 +682,7 @@ heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data)
krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
CHECK_SIZE(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
CHECK(ct_memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
CHECK(krb5_ret_uint32(in, &type), 0);
CHECK(type, 1);
CHECK(krb5_ret_uint32(in, &data->flags), 0);
@@ -844,7 +844,7 @@ heim_ntlm_decode_type2(const struct ntlm_buf *buf, struct ntlm_type2 *type2)
krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
CHECK_SIZE(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
CHECK(ct_memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
CHECK(krb5_ret_uint32(in, &type), 0);
CHECK(type, 2);
@@ -1001,7 +1001,7 @@ heim_ntlm_decode_type3(const struct ntlm_buf *buf,
krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
CHECK_SIZE(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
CHECK(ct_memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
CHECK(krb5_ret_uint32(in, &type), 0);
CHECK(type, 3);
CHECK(ret_sec_buffer(in, &lm), 0);
@@ -1825,7 +1825,7 @@ verify_ntlm2(const void *key, size_t len,
if (ret)
goto out;
if (memcmp(serveranswer, clientanswer, 16) != 0) {
if (ct_memcmp(serveranswer, clientanswer, 16) != 0) {
heim_ntlm_free_buf(infotarget);
return HNTLM_ERR_AUTH;
}

View File

@@ -49,7 +49,7 @@ otp_verify_user_1 (OtpContext *ctx, const char *passwd)
}
memcpy (key2, key1, sizeof(key1));
ctx->alg->next (key2);
if (memcmp (ctx->key, key2, sizeof(key2)) == 0) {
if (ct_memcmp (ctx->key, key2, sizeof(key2)) == 0) {
--ctx->n;
memcpy (ctx->key, key1, sizeof(key1));
return 0;