tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: crypto_memset (was: Re: Zero it if you're going to copy it out.)



I've added a "consttime_bcmp()" and brought things into shape.
The API of the Annex-K stuff is too complex anyway, it makes sense
to have a minimalistic API for internal use.
Comments?

best regards
Matthias


------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------

Kennen Sie schon unsere app? http://www.fz-juelich.de/app
diff -r aad5a657a1e2 common/lib/libc/string/consttime_bcmp.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/common/lib/libc/string/consttime_bcmp.c   Tue Aug 28 14:06:13 2012 +0200
@@ -0,0 +1,19 @@
+/* $NetBSD$ */
+
+#if !defined(_KERNEL) && !defined(_STANDALONE)
+#include <string.h>
+#define consttime_bcmp __consttime_bcmp
+#else
+#include <lib/libkern/libkern.h>
+#endif
+
+int
+consttime_bcmp(const void *b1, const void *b2, size_t len)
+{
+       const char *c1 = b1, *c2 = b2;
+       int res = 0;
+
+       while (len --)
+               res |= *c1++ ^ *c2++;
+       return res;
+}
diff -r aad5a657a1e2 common/lib/libc/string/explicit_bzero.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/common/lib/libc/string/explicit_bzero.c   Tue Aug 28 14:06:13 2012 +0200
@@ -0,0 +1,19 @@
+/* $NetBSD$ */
+
+#if !defined(_KERNEL) && !defined(_STANDALONE)
+#include <string.h>
+#define explicit_bzero __explicit_bzero
+#else
+#include <lib/libkern/libkern.h>
+#endif
+
+/*
+ * Since we are in our own compilation unit, the compiler
+ * can't optimize the memset() away.
+ */
+void
+explicit_bzero(void *b, size_t len)
+{
+
+       memset(b, 0, len);
+}
diff -r aad5a657a1e2 include/string.h
--- a/include/string.h  Mon Aug 27 20:12:15 2012 +0200
+++ b/include/string.h  Tue Aug 28 14:06:13 2012 +0200
@@ -109,6 +109,8 @@
 char   *stresep(char **, const char *, int);
 char   *strndup(const char *, size_t);
 void   *memrchr(const void *, int, size_t);
+void   __explicit_bzero(void *, size_t);
+int    __consttime_bcmp(const void *, const void *, size_t);
 __END_DECLS
 #endif
 
diff -r aad5a657a1e2 lib/libc/string/Makefile.inc
--- a/lib/libc/string/Makefile.inc      Mon Aug 27 20:12:15 2012 +0200
+++ b/lib/libc/string/Makefile.inc      Tue Aug 28 14:06:13 2012 +0200
@@ -19,6 +19,7 @@
 SRCS+= strcat.c strcmp.c strcpy.c strcspn.c strlen.c
 SRCS+= strncat.c strncmp.c strncpy.c strpbrk.c strsep.c
 SRCS+= strspn.c strstr.c swab.c
+SRCS+= explicit_bzero.c consttime_bcmp.c
 
 SRCS+= memccpy.c memcpy.c memmem.c memmove.c
 SRCS+= strchr.c strrchr.c
diff -r aad5a657a1e2 lib/libcrypt/bcrypt.c
--- a/lib/libcrypt/bcrypt.c     Mon Aug 27 20:12:15 2012 +0200
+++ b/lib/libcrypt/bcrypt.c     Tue Aug 28 14:06:13 2012 +0200
@@ -314,7 +314,7 @@
        encode_base64((u_int8_t *) encrypted + i + 3, csalt, BCRYPT_MAXSALT);
        encode_base64((u_int8_t *) encrypted + strlen(encrypted), ciphertext,
            4 * BCRYPT_BLOCKS - 1);
-       memset(&state, 0, sizeof(state));
+       __explicit_bzero(&state, sizeof(state));
        return encrypted;
 }
 
diff -r aad5a657a1e2 lib/libcrypt/crypt-sha1.c
--- a/lib/libcrypt/crypt-sha1.c Mon Aug 27 20:12:15 2012 +0200
+++ b/lib/libcrypt/crypt-sha1.c Tue Aug 28 14:06:13 2012 +0200
@@ -190,7 +190,7 @@
     *ep = '\0';
 
     /* Don't leave anything around in vm they could use. */
-    memset(hmac_buf, 0, sizeof hmac_buf);
+    __explicit_bzero(hmac_buf, sizeof hmac_buf);
 
     return passwd;
 }      
diff -r aad5a657a1e2 lib/libcrypt/md5crypt.c
--- a/lib/libcrypt/md5crypt.c   Mon Aug 27 20:12:15 2012 +0200
+++ b/lib/libcrypt/md5crypt.c   Tue Aug 28 14:06:13 2012 +0200
@@ -143,6 +143,6 @@
        *p = '\0';
 
        /* Don't leave anything around in vm they could use. */
-       memset(final, 0, sizeof(final));
+       __explicit_bzero(final, sizeof(final));
        return (passwd);
 }
diff -r aad5a657a1e2 sys/lib/libkern/Makefile.libkern
--- a/sys/lib/libkern/Makefile.libkern  Mon Aug 27 20:12:15 2012 +0200
+++ b/sys/lib/libkern/Makefile.libkern  Tue Aug 28 14:06:13 2012 +0200
@@ -92,6 +92,9 @@
 
 SRCS+= heapsort.c ptree.c rb.c
 
+# for crypto
+SRCS+= explicit_bzero.c consttime_bcmp.c
+
 # Files to clean up
 CLEANFILES+= lib${LIB}.o lib${LIB}.po
 
diff -r aad5a657a1e2 sys/lib/libkern/libkern.h
--- a/sys/lib/libkern/libkern.h Mon Aug 27 20:12:15 2012 +0200
+++ b/sys/lib/libkern/libkern.h Tue Aug 28 14:06:13 2012 +0200
@@ -345,4 +345,7 @@
 unsigned int   popcountll(unsigned long long) __constfunc;
 unsigned int   popcount32(uint32_t) __constfunc;
 unsigned int   popcount64(uint64_t) __constfunc;
+
+void   explicit_bzero(void *, size_t);
+int    consttime_bcmp(const void *, const void *, size_t);
 #endif /* !_LIB_LIBKERN_LIBKERN_H_ */
diff -r aad5a657a1e2 sys/netipsec/xform_ah.c
--- a/sys/netipsec/xform_ah.c   Mon Aug 27 20:12:15 2012 +0200
+++ b/sys/netipsec/xform_ah.c   Tue Aug 28 14:06:13 2012 +0200
@@ -918,7 +918,7 @@
                ptr = (char *) (tc + 1);
 
                /* Verify authenticator. */
-               if (memcmp(ptr + skip + rplen, calc, authsize)) {
+               if (consttime_bcmp(ptr + skip + rplen, calc, authsize)) {
                        u_int8_t *pppp = ptr + skip+rplen;
                        DPRINTF(("ah_input: authentication hash mismatch " \
                            "over %d bytes " \
diff -r aad5a657a1e2 sys/netipsec/xform_esp.c
--- a/sys/netipsec/xform_esp.c  Mon Aug 27 20:12:15 2012 +0200
+++ b/sys/netipsec/xform_esp.c  Tue Aug 28 14:06:13 2012 +0200
@@ -601,7 +601,7 @@
                        ptr = (tc + 1);
 
                        /* Verify authenticator */
-                       if (memcmp(ptr, aalg, esph->authsize) != 0) {
+                       if (consttime_bcmp(ptr, aalg, esph->authsize) != 0) {
                                DPRINTF(("esp_input_cb: "
                    "authentication hash mismatch for packet in SA %s/%08lx\n",
                                    ipsec_address(&saidx->dst),


Home | Main Index | Thread Index | Old Index