yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-05-09 19:22:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Safer buffer comparisons in the SSL modules

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2013-10-28 13:46:11 +01:00 committed by Paul Bakker
parent 79f1ff84ed
commit 5c8434cf52
4 changed files with 25 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
include/polarssl/ssl.h
View file

@ -1136,6 +1136,20 @@ int ssl_write_finished( ssl_context *ssl );
void ssl_optimize_checksum( ssl_context *ssl, int ciphersuite ); void ssl_optimize_checksum( ssl_context *ssl, int ciphersuite );
int ssl_get_ciphersuite_min_version( const int ciphersuite_id ); int ssl_get_ciphersuite_min_version( const int ciphersuite_id );
/* constant-time buffer comparison */
static inline int safer_memcmp( const void *a, const void *b, size_t n )
{
size_t i;
const unsigned char *A = (const unsigned char *) a;
const unsigned char *B = (const unsigned char *) b;
unsigned char diff = 0;
for( i = 0; i < n; i++ )
diff |= A[i] ^ B[i];
return( diff );
}
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

8
library/ssl_cli.c
View file

@ -341,11 +341,13 @@ static int ssl_parse_renegotiation_info( ssl_context *ssl,
} }
else else
{ {
/* Check verify-data in constant-time. The length OTOH is no secret */
if( len != 1 + ssl->verify_data_len * 2 || if( len != 1 + ssl->verify_data_len * 2 ||
buf[0] != ssl->verify_data_len * 2 || buf[0] != ssl->verify_data_len * 2 ||
memcmp( buf + 1, ssl->own_verify_data, ssl->verify_data_len ) != 0 || safer_memcmp( buf + 1,
memcmp( buf + 1 + ssl->verify_data_len, ssl->own_verify_data, ssl->verify_data_len ) != 0 ||
ssl->peer_verify_data, ssl->verify_data_len ) != 0 ) safer_memcmp( buf + 1 + ssl->verify_data_len,
ssl->peer_verify_data, ssl->verify_data_len ) != 0 )
{ {
SSL_DEBUG_MSG( 1, ( "non-matching renegotiated connection field" ) ); SSL_DEBUG_MSG( 1, ( "non-matching renegotiated connection field" ) );

4
library/ssl_srv.c
View file

@ -106,9 +106,11 @@ static int ssl_parse_renegotiation_info( ssl_context *ssl,
} }
else else
{ {
/* Check verify-data in constant-time. The length OTOH is no secret */
if( len != 1 + ssl->verify_data_len || if( len != 1 + ssl->verify_data_len ||
buf[0] != ssl->verify_data_len || buf[0] != ssl->verify_data_len ||
memcmp( buf + 1, ssl->peer_verify_data, ssl->verify_data_len ) != 0 ) safer_memcmp( buf + 1, ssl->peer_verify_data,
ssl->verify_data_len ) != 0 )
{ {
SSL_DEBUG_MSG( 1, ( "non-matching renegotiated connection field" ) ); SSL_DEBUG_MSG( 1, ( "non-matching renegotiated connection field" ) );

6
library/ssl_tls.c
View file

@ -1547,8 +1547,8 @@ static int ssl_decrypt_buf( ssl_context *ssl )
SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen, SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen,
ssl->transform_in->maclen ); ssl->transform_in->maclen );
if( memcmp( tmp, ssl->in_msg + ssl->in_msglen, if( safer_memcmp( tmp, ssl->in_msg + ssl->in_msglen,
ssl->transform_in->maclen ) != 0 ) ssl->transform_in->maclen ) != 0 )
{ {
#if defined(POLARSSL_SSL_DEBUG_ALL) #if defined(POLARSSL_SSL_DEBUG_ALL)
SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
@ -2886,7 +2886,7 @@ int ssl_parse_finished( ssl_context *ssl )
return( POLARSSL_ERR_SSL_BAD_HS_FINISHED ); return( POLARSSL_ERR_SSL_BAD_HS_FINISHED );
} }
if( memcmp( ssl->in_msg + 4, buf, hash_len ) != 0 ) if( safer_memcmp( ssl->in_msg + 4, buf, hash_len ) != 0 )
{ {
SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_FINISHED ); return( POLARSSL_ERR_SSL_BAD_HS_FINISHED );