Use CRYPTO_memcmp when comparing authenticators
Pointed out by Victor Vasiliev (vasilvv@mit.edu) via Adam Langley (Google). Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit1e4a355dca) (cherry picked from commitac32a77cd6)
This commit is contained in:
Emilia Kasper
parent
c22ed559bb
commit
59b5ab4aa7
4 changed files with 8 additions and 5 deletions
|
|
@ -50,6 +50,7 @@
|
|||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifndef OPENSSL_NO_AES
|
||||
#include <openssl/crypto.h>
|
||||
# include <openssl/evp.h>
|
||||
# include <openssl/err.h>
|
||||
# include <string.h>
|
||||
|
|
@ -914,7 +915,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
|||
/* Retrieve tag */
|
||||
CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN);
|
||||
/* If tag mismatch wipe buffer */
|
||||
if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
|
||||
if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
|
||||
OPENSSL_cleanse(out, len);
|
||||
goto err;
|
||||
}
|
||||
|
|
@ -1259,7 +1260,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
|||
!CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
|
||||
unsigned char tag[16];
|
||||
if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
|
||||
if (!memcmp(tag, ctx->buf, cctx->M))
|
||||
if (!CRYPTO_memcmp(tag, ctx->buf, cctx->M))
|
||||
rv = len;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -54,6 +54,7 @@
|
|||
|
||||
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5)
|
||||
|
||||
# include <openssl/crypto.h>
|
||||
# include <openssl/evp.h>
|
||||
# include <openssl/objects.h>
|
||||
# include <openssl/rc4.h>
|
||||
|
|
@ -210,7 +211,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
|||
MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH);
|
||||
MD5_Final(mac, &key->md);
|
||||
|
||||
if (memcmp(out + plen, mac, MD5_DIGEST_LENGTH))
|
||||
if (CRYPTO_memcmp(out + plen, mac, MD5_DIGEST_LENGTH))
|
||||
return 0;
|
||||
} else {
|
||||
MD5_Update(&key->md, out + md5_off, len - md5_off);
|
||||
|
|
|
|||
|
|
@ -1622,7 +1622,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
|
|||
ctx->Xi.u[1] ^= ctx->EK0.u[1];
|
||||
|
||||
if (tag && len <= sizeof(ctx->Xi))
|
||||
return memcmp(ctx->Xi.c, tag, len);
|
||||
return CRYPTO_memcmp(ctx->Xi.c, tag, len);
|
||||
else
|
||||
return -1;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -60,6 +60,7 @@
|
|||
#ifndef OPENSSL_NO_HMAC
|
||||
# include <stdio.h>
|
||||
# include "cryptlib.h"
|
||||
# include <openssl/crypto.h>
|
||||
# include <openssl/hmac.h>
|
||||
# include <openssl/rand.h>
|
||||
# include <openssl/pkcs12.h>
|
||||
|
|
@ -123,7 +124,7 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
|
|||
return 0;
|
||||
}
|
||||
if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
|
||||
|| memcmp(mac, p12->mac->dinfo->digest->data, maclen))
|
||||
|| CRYPTO_memcmp(mac, p12->mac->dinfo->digest->data, maclen))
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue