tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: crypto_memset (was: Re: Zero it if you're going to copy it out.)
I've added a "consttime_bcmp()" and brought things into shape.
The API of the Annex-K stuff is too complex anyway, it makes sense
to have a minimalistic API for internal use.
Comments?
best regards
Matthias
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Kennen Sie schon unsere app? http://www.fz-juelich.de/app
diff -r aad5a657a1e2 common/lib/libc/string/consttime_bcmp.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/common/lib/libc/string/consttime_bcmp.c Tue Aug 28 14:06:13 2012 +0200
@@ -0,0 +1,19 @@
+/* $NetBSD$ */
+
+#if !defined(_KERNEL) && !defined(_STANDALONE)
+#include <string.h>
+#define consttime_bcmp __consttime_bcmp
+#else
+#include <lib/libkern/libkern.h>
+#endif
+
+int
+consttime_bcmp(const void *b1, const void *b2, size_t len)
+{
+ const char *c1 = b1, *c2 = b2;
+ int res = 0;
+
+ while (len --)
+ res |= *c1++ ^ *c2++;
+ return res;
+}
diff -r aad5a657a1e2 common/lib/libc/string/explicit_bzero.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/common/lib/libc/string/explicit_bzero.c Tue Aug 28 14:06:13 2012 +0200
@@ -0,0 +1,19 @@
+/* $NetBSD$ */
+
+#if !defined(_KERNEL) && !defined(_STANDALONE)
+#include <string.h>
+#define explicit_bzero __explicit_bzero
+#else
+#include <lib/libkern/libkern.h>
+#endif
+
+/*
+ * Since we are in our own compilation unit, the compiler
+ * can't optimize the memset() away.
+ */
+void
+explicit_bzero(void *b, size_t len)
+{
+
+ memset(b, 0, len);
+}
diff -r aad5a657a1e2 include/string.h
--- a/include/string.h Mon Aug 27 20:12:15 2012 +0200
+++ b/include/string.h Tue Aug 28 14:06:13 2012 +0200
@@ -109,6 +109,8 @@
char *stresep(char **, const char *, int);
char *strndup(const char *, size_t);
void *memrchr(const void *, int, size_t);
+void __explicit_bzero(void *, size_t);
+int __consttime_bcmp(const void *, const void *, size_t);
__END_DECLS
#endif
diff -r aad5a657a1e2 lib/libc/string/Makefile.inc
--- a/lib/libc/string/Makefile.inc Mon Aug 27 20:12:15 2012 +0200
+++ b/lib/libc/string/Makefile.inc Tue Aug 28 14:06:13 2012 +0200
@@ -19,6 +19,7 @@
SRCS+= strcat.c strcmp.c strcpy.c strcspn.c strlen.c
SRCS+= strncat.c strncmp.c strncpy.c strpbrk.c strsep.c
SRCS+= strspn.c strstr.c swab.c
+SRCS+= explicit_bzero.c consttime_bcmp.c
SRCS+= memccpy.c memcpy.c memmem.c memmove.c
SRCS+= strchr.c strrchr.c
diff -r aad5a657a1e2 lib/libcrypt/bcrypt.c
--- a/lib/libcrypt/bcrypt.c Mon Aug 27 20:12:15 2012 +0200
+++ b/lib/libcrypt/bcrypt.c Tue Aug 28 14:06:13 2012 +0200
@@ -314,7 +314,7 @@
encode_base64((u_int8_t *) encrypted + i + 3, csalt, BCRYPT_MAXSALT);
encode_base64((u_int8_t *) encrypted + strlen(encrypted), ciphertext,
4 * BCRYPT_BLOCKS - 1);
- memset(&state, 0, sizeof(state));
+ __explicit_bzero(&state, sizeof(state));
return encrypted;
}
diff -r aad5a657a1e2 lib/libcrypt/crypt-sha1.c
--- a/lib/libcrypt/crypt-sha1.c Mon Aug 27 20:12:15 2012 +0200
+++ b/lib/libcrypt/crypt-sha1.c Tue Aug 28 14:06:13 2012 +0200
@@ -190,7 +190,7 @@
*ep = '\0';
/* Don't leave anything around in vm they could use. */
- memset(hmac_buf, 0, sizeof hmac_buf);
+ __explicit_bzero(hmac_buf, sizeof hmac_buf);
return passwd;
}
diff -r aad5a657a1e2 lib/libcrypt/md5crypt.c
--- a/lib/libcrypt/md5crypt.c Mon Aug 27 20:12:15 2012 +0200
+++ b/lib/libcrypt/md5crypt.c Tue Aug 28 14:06:13 2012 +0200
@@ -143,6 +143,6 @@
*p = '\0';
/* Don't leave anything around in vm they could use. */
- memset(final, 0, sizeof(final));
+ __explicit_bzero(final, sizeof(final));
return (passwd);
}
diff -r aad5a657a1e2 sys/lib/libkern/Makefile.libkern
--- a/sys/lib/libkern/Makefile.libkern Mon Aug 27 20:12:15 2012 +0200
+++ b/sys/lib/libkern/Makefile.libkern Tue Aug 28 14:06:13 2012 +0200
@@ -92,6 +92,9 @@
SRCS+= heapsort.c ptree.c rb.c
+# for crypto
+SRCS+= explicit_bzero.c consttime_bcmp.c
+
# Files to clean up
CLEANFILES+= lib${LIB}.o lib${LIB}.po
diff -r aad5a657a1e2 sys/lib/libkern/libkern.h
--- a/sys/lib/libkern/libkern.h Mon Aug 27 20:12:15 2012 +0200
+++ b/sys/lib/libkern/libkern.h Tue Aug 28 14:06:13 2012 +0200
@@ -345,4 +345,7 @@
unsigned int popcountll(unsigned long long) __constfunc;
unsigned int popcount32(uint32_t) __constfunc;
unsigned int popcount64(uint64_t) __constfunc;
+
+void explicit_bzero(void *, size_t);
+int consttime_bcmp(const void *, const void *, size_t);
#endif /* !_LIB_LIBKERN_LIBKERN_H_ */
diff -r aad5a657a1e2 sys/netipsec/xform_ah.c
--- a/sys/netipsec/xform_ah.c Mon Aug 27 20:12:15 2012 +0200
+++ b/sys/netipsec/xform_ah.c Tue Aug 28 14:06:13 2012 +0200
@@ -918,7 +918,7 @@
ptr = (char *) (tc + 1);
/* Verify authenticator. */
- if (memcmp(ptr + skip + rplen, calc, authsize)) {
+ if (consttime_bcmp(ptr + skip + rplen, calc, authsize)) {
u_int8_t *pppp = ptr + skip+rplen;
DPRINTF(("ah_input: authentication hash mismatch " \
"over %d bytes " \
diff -r aad5a657a1e2 sys/netipsec/xform_esp.c
--- a/sys/netipsec/xform_esp.c Mon Aug 27 20:12:15 2012 +0200
+++ b/sys/netipsec/xform_esp.c Tue Aug 28 14:06:13 2012 +0200
@@ -601,7 +601,7 @@
ptr = (tc + 1);
/* Verify authenticator */
- if (memcmp(ptr, aalg, esph->authsize) != 0) {
+ if (consttime_bcmp(ptr, aalg, esph->authsize) != 0) {
DPRINTF(("esp_input_cb: "
"authentication hash mismatch for packet in SA %s/%08lx\n",
ipsec_address(&saidx->dst),
Home |
Main Index |
Thread Index |
Old Index