krb5 commit: Use constant-time comparisons for checksums
Greg Hudson
ghudson at MIT.EDU
Thu Oct 3 16:35:34 EDT 2013
https://github.com/krb5/krb5/commit/07d68eec2788bfe80686608813f644838707c168
commit 07d68eec2788bfe80686608813f644838707c168
Author: Greg Hudson <ghudson at mit.edu>
Date: Wed Oct 2 17:58:06 2013 -0400
Use constant-time comparisons for checksums
src/lib/crypto/krb/checksum_confounder.c | 2 +-
src/lib/crypto/krb/enc_dk_cmac.c | 2 +-
src/lib/crypto/krb/enc_dk_hmac.c | 2 +-
src/lib/crypto/krb/enc_old.c | 2 +-
src/lib/crypto/krb/enc_rc4.c | 2 +-
src/lib/crypto/krb/verify_checksum_iov.c | 4 ++--
src/lib/gssapi/krb5/k5unseal.c | 6 +++---
src/lib/gssapi/krb5/k5unsealiov.c | 4 ++--
src/plugins/preauth/pkinit/pkinit_clnt.c | 4 ++--
src/plugins/preauth/pkinit/pkinit_srv.c | 6 +++---
10 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/src/lib/crypto/krb/checksum_confounder.c b/src/lib/crypto/krb/checksum_confounder.c
index 31c7cd3..3494156 100644
--- a/src/lib/crypto/krb/checksum_confounder.c
+++ b/src/lib/crypto/krb/checksum_confounder.c
@@ -148,7 +148,7 @@ krb5_error_code krb5int_confounder_verify(const struct krb5_cksumtypes *ctp,
goto cleanup;
/* Compare the decrypted hash to the computed one. */
- *valid = (memcmp(plaintext + blocksize, computed.data, hashsize) == 0);
+ *valid = (k5_bcmp(plaintext + blocksize, computed.data, hashsize) == 0);
cleanup:
zapfree(plaintext, input->length);
diff --git a/src/lib/crypto/krb/enc_dk_cmac.c b/src/lib/crypto/krb/enc_dk_cmac.c
index e27c862..9bb3dba 100644
--- a/src/lib/crypto/krb/enc_dk_cmac.c
+++ b/src/lib/crypto/krb/enc_dk_cmac.c
@@ -169,7 +169,7 @@ krb5int_dk_cmac_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
ret = krb5int_cmac_checksum(enc, ki, data, num_data, &cksum);
if (ret != 0)
goto cleanup;
- if (!data_eq(cksum, trailer->data))
+ if (k5_bcmp(cksum.data, trailer->data.data, enc->block_size) != 0)
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
cleanup:
diff --git a/src/lib/crypto/krb/enc_dk_hmac.c b/src/lib/crypto/krb/enc_dk_hmac.c
index 217aa88..f16459e 100644
--- a/src/lib/crypto/krb/enc_dk_hmac.c
+++ b/src/lib/crypto/krb/enc_dk_hmac.c
@@ -256,7 +256,7 @@ krb5int_dk_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
goto cleanup;
/* Compare only the possibly truncated length. */
- if (memcmp(cksum, trailer->data.data, hmacsize) != 0) {
+ if (k5_bcmp(cksum, trailer->data.data, hmacsize) != 0) {
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
goto cleanup;
}
diff --git a/src/lib/crypto/krb/enc_old.c b/src/lib/crypto/krb/enc_old.c
index a40f709..1b02a59 100644
--- a/src/lib/crypto/krb/enc_old.c
+++ b/src/lib/crypto/krb/enc_old.c
@@ -169,7 +169,7 @@ krb5int_old_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
* the saved checksum.
*/
ret = hash->hash(data, num_data, &checksum);
- if (memcmp(checksum.data, saved_checksum, checksum.length) != 0) {
+ if (k5_bcmp(checksum.data, saved_checksum, checksum.length) != 0) {
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
goto cleanup;
}
diff --git a/src/lib/crypto/krb/enc_rc4.c b/src/lib/crypto/krb/enc_rc4.c
index 265e3c1..aac8508 100644
--- a/src/lib/crypto/krb/enc_rc4.c
+++ b/src/lib/crypto/krb/enc_rc4.c
@@ -277,7 +277,7 @@ krb5int_arcfour_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
if (ret != 0)
goto cleanup;
- if (memcmp(checksum.data, comp_checksum.data, hash->hashsize) != 0) {
+ if (k5_bcmp(checksum.data, comp_checksum.data, hash->hashsize) != 0) {
if (usage == 9) {
/*
* RFC 4757 specifies usage 8 for TGS-REP encrypted parts
diff --git a/src/lib/crypto/krb/verify_checksum_iov.c b/src/lib/crypto/krb/verify_checksum_iov.c
index efa2adc..fc76c0e 100644
--- a/src/lib/crypto/krb/verify_checksum_iov.c
+++ b/src/lib/crypto/krb/verify_checksum_iov.c
@@ -71,8 +71,8 @@ krb5_k_verify_checksum_iov(krb5_context context,
ret = ctp->checksum(ctp, key, usage, data, num_data, &computed);
if (ret == 0) {
- *valid = (memcmp(computed.data, checksum->data.data,
- ctp->output_size) == 0);
+ *valid = (k5_bcmp(computed.data, checksum->data.data,
+ ctp->output_size) == 0);
}
zapfree(computed.data, ctp->compute_size);
diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c
index aae74fc..ca21d43 100644
--- a/src/lib/gssapi/krb5/k5unseal.c
+++ b/src/lib/gssapi/krb5/k5unseal.c
@@ -309,7 +309,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
cksum.length = 16;
cksum.contents = md5cksum.contents + 16 - cksum.length;
- code = memcmp(cksum.contents, ptr+14, cksum.length);
+ code = k5_bcmp(cksum.contents, ptr + 14, cksum.length);
break;
case SGN_ALG_MD2_5:
@@ -353,7 +353,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
return(GSS_S_FAILURE);
}
- code = memcmp(md5cksum.contents, ptr+14, 8);
+ code = k5_bcmp(md5cksum.contents, ptr + 14, 8);
/* Falls through to defective-token?? */
default:
@@ -393,7 +393,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
return(GSS_S_FAILURE);
}
- code = memcmp(md5cksum.contents, ptr+14, cksum_len);
+ code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len);
break;
}
diff --git a/src/lib/gssapi/krb5/k5unsealiov.c b/src/lib/gssapi/krb5/k5unsealiov.c
index 24853ab..e34bda4 100644
--- a/src/lib/gssapi/krb5/k5unsealiov.c
+++ b/src/lib/gssapi/krb5/k5unsealiov.c
@@ -234,11 +234,11 @@ kg_unseal_v1_iov(krb5_context context,
cksum.length = cksum_len;
cksum.contents = md5cksum.contents + 16 - cksum.length;
- code = memcmp(cksum.contents, ptr + 14, cksum.length);
+ code = k5_bcmp(cksum.contents, ptr + 14, cksum.length);
break;
case SGN_ALG_HMAC_SHA1_DES3_KD:
case SGN_ALG_HMAC_MD5:
- code = memcmp(md5cksum.contents, ptr + 14, cksum_len);
+ code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len);
break;
default:
code = 0;
diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c
index 9d7d7bd..bfa25ae 100644
--- a/src/plugins/preauth/pkinit/pkinit_clnt.c
+++ b/src/plugins/preauth/pkinit/pkinit_clnt.c
@@ -903,8 +903,8 @@ pkinit_as_rep_parse(krb5_context context,
}
if ((cksum.length != key_pack->asChecksum.length) ||
- memcmp(cksum.contents, key_pack->asChecksum.contents,
- cksum.length)) {
+ k5_bcmp(cksum.contents, key_pack->asChecksum.contents,
+ cksum.length) != 0) {
TRACE_PKINIT_CLIENT_REP_CHECKSUM_FAIL(context, &cksum,
&key_pack->asChecksum);
pkiDebug("failed to match the checksums\n");
diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c
index 640e835..1179216 100644
--- a/src/plugins/preauth/pkinit/pkinit_srv.c
+++ b/src/plugins/preauth/pkinit/pkinit_srv.c
@@ -461,9 +461,9 @@ pkinit_server_verify_padata(krb5_context context,
goto cleanup;
}
if (cksum.length != auth_pack->pkAuthenticator.paChecksum.length ||
- memcmp(cksum.contents,
- auth_pack->pkAuthenticator.paChecksum.contents,
- cksum.length)) {
+ k5_bcmp(cksum.contents,
+ auth_pack->pkAuthenticator.paChecksum.contents,
+ cksum.length) != 0) {
pkiDebug("failed to match the checksum\n");
#ifdef DEBUG_CKSUM
pkiDebug("calculating checksum on buf size (%d)\n",
More information about the cvs-krb5
mailing list