Permalink
Browse files
Use constant time memcmp when comparing HMACs in openvpn_decrypt.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: Gert Doering <gert@greenie.muc.de>
- Loading branch information...
Showing
with
27 additions
and
1 deletion.
-
+8
−0
src/openvpn/buffer.h
-
+19
−1
src/openvpn/crypto.c
|
|
@@ -668,6 +668,10 @@ buf_read_u32 (struct buffer *buf, bool *good) |
|
|
}
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
* Compare src buffer contents with match.
|
|
|
* *NOT* constant time. Do not use when comparing HMACs.
|
|
|
*/
|
|
|
static inline bool
|
|
|
buf_string_match (const struct buffer *src, const void *match, int size)
|
|
|
{
|
|
|
@@ -676,6 +680,10 @@ buf_string_match (const struct buffer *src, const void *match, int size) |
|
|
return memcmp (BPTR (src), match, size) == 0;
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
* Compare first size bytes of src buffer contents with match.
|
|
|
* *NOT* constant time. Do not use when comparing HMACs.
|
|
|
*/
|
|
|
static inline bool
|
|
|
buf_string_match_head (const struct buffer *src, const void *match, int size)
|
|
|
{
|
|
|
|
|
|
@@ -65,6 +65,24 @@ |
|
|
#define CRYPT_ERROR(format) \
|
|
|
do { msg (D_CRYPT_ERRORS, "%s: " format, error_prefix); goto error_exit; } while (false)
|
|
|
|
|
|
/**
|
|
|
* As memcmp(), but constant-time.
|
|
|
* Returns 0 when data is equal, non-zero otherwise.
|
|
|
*/
|
|
|
static int
|
|
|
memcmp_constant_time (const void *a, const void *b, size_t size) {
|
|
|
const uint8_t * a1 = a;
|
|
|
const uint8_t * b1 = b;
|
|
|
int ret = 0;
|
|
|
size_t i;
|
|
|
|
|
|
for (i = 0; i < size; i++) {
|
|
|
ret |= *a1++ ^ *b1++;
|
|
|
}
|
|
|
|
|
|
return ret;
|
|
|
}
|
|
|
|
|
|
void
|
|
|
openvpn_encrypt (struct buffer *buf, struct buffer work,
|
|
|
const struct crypto_options *opt,
|
|
|
@@ -244,7 +262,7 @@ openvpn_decrypt (struct buffer *buf, struct buffer work, |
|
|
hmac_ctx_final (ctx->hmac, local_hmac);
|
|
|
|
|
|
/* Compare locally computed HMAC with packet HMAC */
|
|
|
if (memcmp (local_hmac, BPTR (buf), hmac_len))
|
|
|
if (memcmp_constant_time (local_hmac, BPTR (buf), hmac_len))
|
|
|
CRYPT_ERROR ("packet HMAC authentication failed");
|
|
|
|
|
|
ASSERT (buf_advance (buf, hmac_len));
|
|
|
|
0 comments on commit
11d2134