Skip to content
Permalink
Browse files Browse the repository at this point in the history
Use constant time memcmp when comparing HMACs in openvpn_decrypt.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: Gert Doering <gert@greenie.muc.de>
  • Loading branch information
syzzer authored and cron2 committed Mar 22, 2013
1 parent 9a3f670 commit 11d2134
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 1 deletion.
8 changes: 8 additions & 0 deletions src/openvpn/buffer.h
Expand Up @@ -668,6 +668,10 @@ buf_read_u32 (struct buffer *buf, bool *good)
}
}

/**
* Compare src buffer contents with match.
* *NOT* constant time. Do not use when comparing HMACs.
*/
static inline bool
buf_string_match (const struct buffer *src, const void *match, int size)
{
Expand All @@ -676,6 +680,10 @@ buf_string_match (const struct buffer *src, const void *match, int size)
return memcmp (BPTR (src), match, size) == 0;
}

/**
* Compare first size bytes of src buffer contents with match.
* *NOT* constant time. Do not use when comparing HMACs.
*/
static inline bool
buf_string_match_head (const struct buffer *src, const void *match, int size)
{
Expand Down
20 changes: 19 additions & 1 deletion src/openvpn/crypto.c
Expand Up @@ -65,6 +65,24 @@
#define CRYPT_ERROR(format) \
do { msg (D_CRYPT_ERRORS, "%s: " format, error_prefix); goto error_exit; } while (false)

/**
* As memcmp(), but constant-time.
* Returns 0 when data is equal, non-zero otherwise.
*/
static int
memcmp_constant_time (const void *a, const void *b, size_t size) {
const uint8_t * a1 = a;
const uint8_t * b1 = b;
int ret = 0;
size_t i;

for (i = 0; i < size; i++) {
ret |= *a1++ ^ *b1++;
}

return ret;
}

void
openvpn_encrypt (struct buffer *buf, struct buffer work,
const struct crypto_options *opt,
Expand Down Expand Up @@ -244,7 +262,7 @@ openvpn_decrypt (struct buffer *buf, struct buffer work,
hmac_ctx_final (ctx->hmac, local_hmac);

/* Compare locally computed HMAC with packet HMAC */
if (memcmp (local_hmac, BPTR (buf), hmac_len))
if (memcmp_constant_time (local_hmac, BPTR (buf), hmac_len))
CRYPT_ERROR ("packet HMAC authentication failed");

ASSERT (buf_advance (buf, hmac_len));
Expand Down

0 comments on commit 11d2134

Please sign in to comment.