Use CRYPTO_memcmp when comparing authenticators
Pointed out by Victor Vasiliev (vasilvv@mit.edu) via Adam Langley (Google). Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
parent
65d3941f4a
commit
1e4a355dca
@ -50,6 +50,7 @@
|
|||||||
|
|
||||||
#include <openssl/opensslconf.h>
|
#include <openssl/opensslconf.h>
|
||||||
#ifndef OPENSSL_NO_AES
|
#ifndef OPENSSL_NO_AES
|
||||||
|
#include <openssl/crypto.h>
|
||||||
# include <openssl/evp.h>
|
# include <openssl/evp.h>
|
||||||
# include <openssl/err.h>
|
# include <openssl/err.h>
|
||||||
# include <string.h>
|
# include <string.h>
|
||||||
@ -1555,7 +1556,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
|||||||
/* Retrieve tag */
|
/* Retrieve tag */
|
||||||
CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN);
|
CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN);
|
||||||
/* If tag mismatch wipe buffer */
|
/* If tag mismatch wipe buffer */
|
||||||
if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
|
if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
|
||||||
OPENSSL_cleanse(out, len);
|
OPENSSL_cleanse(out, len);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
@ -1990,7 +1991,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
|||||||
!CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
|
!CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
|
||||||
unsigned char tag[16];
|
unsigned char tag[16];
|
||||||
if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
|
if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
|
||||||
if (!memcmp(tag, ctx->buf, cctx->M))
|
if (!CRYPTO_memcmp(tag, ctx->buf, cctx->M))
|
||||||
rv = len;
|
rv = len;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -54,6 +54,7 @@
|
|||||||
|
|
||||||
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5)
|
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5)
|
||||||
|
|
||||||
|
# include <openssl/crypto.h>
|
||||||
# include <openssl/evp.h>
|
# include <openssl/evp.h>
|
||||||
# include <openssl/objects.h>
|
# include <openssl/objects.h>
|
||||||
# include <openssl/rc4.h>
|
# include <openssl/rc4.h>
|
||||||
@ -209,7 +210,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
|||||||
MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH);
|
MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH);
|
||||||
MD5_Final(mac, &key->md);
|
MD5_Final(mac, &key->md);
|
||||||
|
|
||||||
if (memcmp(out + plen, mac, MD5_DIGEST_LENGTH))
|
if (CRYPTO_memcmp(out + plen, mac, MD5_DIGEST_LENGTH))
|
||||||
return 0;
|
return 0;
|
||||||
} else {
|
} else {
|
||||||
MD5_Update(&key->md, out + md5_off, len - md5_off);
|
MD5_Update(&key->md, out + md5_off, len - md5_off);
|
||||||
|
@ -1685,7 +1685,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
|
|||||||
ctx->Xi.u[1] ^= ctx->EK0.u[1];
|
ctx->Xi.u[1] ^= ctx->EK0.u[1];
|
||||||
|
|
||||||
if (tag && len <= sizeof(ctx->Xi))
|
if (tag && len <= sizeof(ctx->Xi))
|
||||||
return memcmp(ctx->Xi.c, tag, len);
|
return CRYPTO_memcmp(ctx->Xi.c, tag, len);
|
||||||
else
|
else
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
@ -59,6 +59,7 @@
|
|||||||
|
|
||||||
# include <stdio.h>
|
# include <stdio.h>
|
||||||
# include "internal/cryptlib.h"
|
# include "internal/cryptlib.h"
|
||||||
|
#include <openssl/crypto.h>
|
||||||
# include <openssl/hmac.h>
|
# include <openssl/hmac.h>
|
||||||
# include <openssl/rand.h>
|
# include <openssl/rand.h>
|
||||||
# include <openssl/pkcs12.h>
|
# include <openssl/pkcs12.h>
|
||||||
@ -123,7 +124,7 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
|
if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
|
||||||
|| memcmp(mac, p12->mac->dinfo->digest->data, maclen))
|
|| CRYPTO_memcmp(mac, p12->mac->dinfo->digest->data, maclen))
|
||||||
return 0;
|
return 0;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user