Commit d7aa7b44 authored by danh-arm's avatar danh-arm Committed by GitHub
Browse files

Merge pull request #817 from antonio-nino-diaz-arm/an/timingsafe

Import constant-time bcmp() and use it where necessary
parents 34438669 b621fb50
...@@ -217,7 +217,7 @@ static int verify_hash(void *data_ptr, unsigned int data_len, ...@@ -217,7 +217,7 @@ static int verify_hash(void *data_ptr, unsigned int data_len,
} }
/* Compare values */ /* Compare values */
rc = memcmp(data_hash, hash, mbedtls_md_get_size(md_info)); rc = timingsafe_bcmp(data_hash, hash, mbedtls_md_get_size(md_info));
if (rc != 0) { if (rc != 0) {
return CRYPTO_ERR_HASH; return CRYPTO_ERR_HASH;
} }
......
...@@ -392,7 +392,7 @@ static int cert_parse(void *img, unsigned int img_len) ...@@ -392,7 +392,7 @@ static int cert_parse(void *img, unsigned int img_len)
if (sig_alg1.len != sig_alg2.len) { if (sig_alg1.len != sig_alg2.len) {
return IMG_PARSER_ERR_FORMAT; return IMG_PARSER_ERR_FORMAT;
} }
if (0 != memcmp(sig_alg1.p, sig_alg2.p, sig_alg1.len)) { if (0 != timingsafe_bcmp(sig_alg1.p, sig_alg2.p, sig_alg1.len)) {
return IMG_PARSER_ERR_FORMAT; return IMG_PARSER_ERR_FORMAT;
} }
memcpy(&sig_alg, &sig_alg1, sizeof(sig_alg)); memcpy(&sig_alg, &sig_alg1, sizeof(sig_alg));
......
...@@ -61,6 +61,7 @@ size_t strlen(const char *) __pure; ...@@ -61,6 +61,7 @@ size_t strlen(const char *) __pure;
int strncmp(const char *, const char *, size_t) __pure; int strncmp(const char *, const char *, size_t) __pure;
size_t strnlen(const char *, size_t) __pure; size_t strnlen(const char *, size_t) __pure;
int strcasecmp(const char *, const char *); int strcasecmp(const char *, const char *);
int timingsafe_bcmp(const void *, const void *, size_t);
__END_DECLS __END_DECLS
......
...@@ -42,7 +42,8 @@ STDLIB_SRCS := $(addprefix lib/stdlib/, \ ...@@ -42,7 +42,8 @@ STDLIB_SRCS := $(addprefix lib/stdlib/, \
strlen.c \ strlen.c \
strncmp.c \ strncmp.c \
strnlen.c \ strnlen.c \
subr_prf.c) subr_prf.c \
timingsafe_bcmp.c)
INCLUDES += -Iinclude/lib/stdlib \ INCLUDES += -Iinclude/lib/stdlib \
-Iinclude/lib/stdlib/sys -Iinclude/lib/stdlib/sys
/* $OpenBSD: timingsafe_bcmp.c,v 1.3 2015/08/31 02:53:57 guenther Exp $ */
/*
* Copyright (c) 2010 Damien Miller. All rights reserved.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <string.h>
int __timingsafe_bcmp(const void *, const void *, size_t);
int
__timingsafe_bcmp(const void *b1, const void *b2, size_t n)
{
const unsigned char *p1 = b1, *p2 = b2;
int ret = 0;
for (; n > 0; n--)
ret |= *p1++ ^ *p2++;
return (ret != 0);
}
__weak_reference(__timingsafe_bcmp, timingsafe_bcmp);
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment