mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-19 19:42:30 +02:00
Use constant time memcmp when comparing HMACs in openvpn_decrypt.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 11d21349a4
)
This commit is contained in:
parent
1be49401a3
commit
d106cf240f
8
buffer.h
8
buffer.h
@ -615,6 +615,10 @@ buf_read_u32 (struct buffer *buf, bool *good)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Compare src buffer contents with match.
|
||||
* *NOT* constant time. Do not use when comparing HMACs.
|
||||
*/
|
||||
static inline bool
|
||||
buf_string_match (const struct buffer *src, const void *match, int size)
|
||||
{
|
||||
@ -623,6 +627,10 @@ buf_string_match (const struct buffer *src, const void *match, int size)
|
||||
return memcmp (BPTR (src), match, size) == 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Compare first size bytes of src buffer contents with match.
|
||||
* *NOT* constant time. Do not use when comparing HMACs.
|
||||
*/
|
||||
static inline bool
|
||||
buf_string_match_head (const struct buffer *src, const void *match, int size)
|
||||
{
|
||||
|
20
crypto.c
20
crypto.c
@ -70,6 +70,24 @@
|
||||
#define CRYPT_ERROR(format) \
|
||||
do { msg (D_CRYPT_ERRORS, "%s: " format, error_prefix); goto error_exit; } while (false)
|
||||
|
||||
/**
|
||||
* As memcmp(), but constant-time.
|
||||
* Returns 0 when data is equal, non-zero otherwise.
|
||||
*/
|
||||
static int
|
||||
memcmp_constant_time (const void *a, const void *b, size_t size) {
|
||||
const uint8_t * a1 = a;
|
||||
const uint8_t * b1 = b;
|
||||
int ret = 0;
|
||||
size_t i;
|
||||
|
||||
for (i = 0; i < size; i++) {
|
||||
ret |= *a1++ ^ *b1++;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
void
|
||||
openvpn_encrypt (struct buffer *buf, struct buffer work,
|
||||
const struct crypto_options *opt,
|
||||
@ -254,7 +272,7 @@ openvpn_decrypt (struct buffer *buf, struct buffer work,
|
||||
ASSERT (hmac_len == in_hmac_len);
|
||||
|
||||
/* Compare locally computed HMAC with packet HMAC */
|
||||
if (memcmp (local_hmac, BPTR (buf), hmac_len))
|
||||
if (memcmp_constant_time (local_hmac, BPTR (buf), hmac_len))
|
||||
CRYPT_ERROR ("packet HMAC authentication failed");
|
||||
|
||||
ASSERT (buf_advance (buf, hmac_len));
|
||||
|
Loading…
Reference in New Issue
Block a user