Make all hash checking in programs constant-time

2025-02-24 05:06:56 +00:00 · 2013-10-28 12:51:32 +01:00 · 2013-10-28 12:51:32 +01:00 · 291f9af935
parent 424cd6943c
commit 291f9af935
5 changed files with 35 additions and 5 deletions
--- a/programs/aes/aescrypt2.c
+++ b/programs/aes/aescrypt2.c
@ -75,6 +75,7 @@ int main( int argc, char *argv[] )
    unsigned char key[512];
    unsigned char digest[32];
    unsigned char buffer[1024];
    unsigned char diff;
    aes_context aes_ctx;
    sha256_context sha_ctx;
@ -397,7 +398,12 @@ int main( int argc, char *argv[] )
            goto exit;
        }
-        if( memcmp( digest, buffer, 32 ) != 0 )
+        /* Use constant-time buffer comparison */
        diff = 0;
        for( i = 0; i < 32; i++ )
            diff |= digest[i] ^ buffer[i];
        if( diff != 0 )
        {
            fprintf( stderr, "HMAC check failed: wrong key, "
                             "or file corrupted.\n" );
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@ -77,6 +77,7 @@ static int generic_check( const md_info_t *md_info, char *filename )
    int nb_tot1, nb_tot2;
    unsigned char sum[POLARSSL_MD_MAX_SIZE];
    char buf[POLARSSL_MD_MAX_SIZE * 2 + 1], line[1024];
    char diff;
    if( ( f = fopen( filename, "rb" ) ) == NULL )
    {
@ -123,7 +124,12 @@ static int generic_check( const md_info_t *md_info, char *filename )
        for( i = 0; i < md_info->size; i++ )
            sprintf( buf + i * 2, "%02x", sum[i] );
-        if( memcmp( line, buf, 2 * md_info->size ) != 0 )
+        /* Use constant-time buffer comparison */
        diff = 0;
        for( i = 0; i < 2 * md_info->size; i++ )
            diff |= line[i] ^ buf[i];
        if( diff != 0 )
        {
            nb_err2++;
            fprintf( stderr, "wrong checksum: %s\n", line + 66 );
--- a/programs/hash/md5sum.c
+++ b/programs/hash/md5sum.c
@ -77,6 +77,7 @@ static int md5_check( char *filename )
    int nb_tot1, nb_tot2;
    unsigned char sum[16];
    char buf[33], line[1024];
    char diff;
    if( ( f = fopen( filename, "rb" ) ) == NULL )
    {
@ -117,7 +118,12 @@ static int md5_check( char *filename )
        for( i = 0; i < 16; i++ )
            sprintf( buf + i * 2, "%02x", sum[i] );
-        if( memcmp( line, buf, 32 ) != 0 )
+        /* Use constant-time buffer comparison */
        diff = 0;
        for( i = 0; i < 32; i++ )
            diff |= line[i] ^ buf[i];
        if( diff != 0 )
        {
            nb_err2++;
            fprintf( stderr, "wrong checksum: %s\n", line + 34 );
--- a/programs/hash/sha1sum.c
+++ b/programs/hash/sha1sum.c
@ -77,6 +77,7 @@ static int sha1_check( char *filename )
    int nb_tot1, nb_tot2;
    unsigned char sum[20];
    char buf[41], line[1024];
    char diff;
    if( ( f = fopen( filename, "rb" ) ) == NULL )
    {
@ -117,7 +118,12 @@ static int sha1_check( char *filename )
        for( i = 0; i < 20; i++ )
            sprintf( buf + i * 2, "%02x", sum[i] );
-        if( memcmp( line, buf, 40 ) != 0 )
+        /* Use constant-time buffer comparison */
        diff = 0;
        for( i = 0; i < 40; i++ )
            diff |= line[i] ^ buf[i];
        if( diff != 0 )
        {
            nb_err2++;
            fprintf( stderr, "wrong checksum: %s\n", line + 42 );
--- a/programs/hash/sha2sum.c
+++ b/programs/hash/sha2sum.c
@ -77,6 +77,7 @@ static int sha256_check( char *filename )
    int nb_tot1, nb_tot2;
    unsigned char sum[32];
    char buf[65], line[1024];
    char diff;
    if( ( f = fopen( filename, "rb" ) ) == NULL )
    {
@ -117,7 +118,12 @@ static int sha256_check( char *filename )
        for( i = 0; i < 32; i++ )
            sprintf( buf + i * 2, "%02x", sum[i] );
-        if( memcmp( line, buf, 64 ) != 0 )
+        /* Use constant-time buffer comparison */
        diff = 0;
        for( i = 0; i < 64; i++ )
            diff |= line[i] ^ buf[i];
        if( diff != 0 )
        {
            nb_err2++;
            fprintf( stderr, "wrong checksum: %s\n", line + 66 );