jcs.org
jcs's openbsd hax
openbsd
use timingsafe_bcmp and get rid of now unused safe.c
+15
-89
+2
-3
usr.bin/dig/dighost.c
+2
-3
usr.bin/dig/dighost.c
···
14
14
* PERFORMANCE OF THIS SOFTWARE.
15
15
*/
16
16
17
-
/* $Id: dighost.c,v 1.24 2020/02/25 17:01:56 deraadt Exp $ */
17
+
/* $Id: dighost.c,v 1.25 2020/02/25 18:10:17 florian Exp $ */
18
18
19
19
/*! \file
20
20
* \note
···
58
58
#include <isc/netaddr.h>
59
59
#include <isc/parseint.h>
60
60
#include <isc/result.h>
61
-
#include <isc/safe.h>
62
61
#include <isc/serial.h>
63
62
#include <isc/sockaddr.h>
64
63
#include <isc/task.h>
···
3188
3187
3189
3188
INSIST(msg->sitok == 0 && msg->sitbad == 0);
3190
3189
if (optlen >= len && optlen >= 8U) {
3191
-
if (isc_safe_memequal(isc_buffer_current(optbuf), sit, 8)) {
3190
+
if (timingsafe_bcmp(isc_buffer_current(optbuf), sit, 8) == 0) {
3192
3191
msg->sitok = 1;
3193
3192
} else {
3194
3193
printf(";; Warning: SIT client cookie mismatch\n");
+2
-3
usr.bin/dig/lib/dns/dst_api.c
+2
-3
usr.bin/dig/lib/dns/dst_api.c
···
33
33
34
34
/*
35
35
* Principal Author: Brian Wellington
36
-
* $Id: dst_api.c,v 1.14 2020/02/25 17:06:08 deraadt Exp $
36
+
* $Id: dst_api.c,v 1.15 2020/02/25 18:10:17 florian Exp $
37
37
*/
38
38
39
39
/*! \file */
40
40
#include <stdlib.h>
41
+
#include <string.h>
41
42
42
43
#include <isc/buffer.h>
43
44
#include <isc/refcount.h>
44
-
#include <isc/safe.h>
45
-
#include <string.h>
46
45
#include <isc/util.h>
47
46
48
47
#include <dns/keyvalues.h>
+1
-2
usr.bin/dig/lib/dns/hmac_link.c
+1
-2
usr.bin/dig/lib/dns/hmac_link.c
···
33
33
34
34
/*
35
35
* Principal Author: Brian Wellington
36
-
* $Id: hmac_link.c,v 1.8 2020/02/25 17:06:08 deraadt Exp $
36
+
* $Id: hmac_link.c,v 1.9 2020/02/25 18:10:17 florian Exp $
37
37
*/
38
38
39
39
#include <string.h>
···
41
41
#include <isc/buffer.h>
42
42
#include <isc/hmacsha.h>
43
43
#include <isc/sha1.h>
44
-
#include <isc/safe.h>
45
44
#include <isc/util.h>
46
45
47
46
#include <dst/result.h>
+2
-2
usr.bin/dig/lib/isc/Makefile.inc
+2
-2
usr.bin/dig/lib/isc/Makefile.inc
···
1
-
# $OpenBSD: Makefile.inc,v 1.5 2020/02/24 15:09:14 jsg Exp $
1
+
# $OpenBSD: Makefile.inc,v 1.6 2020/02/25 18:10:17 florian Exp $
2
2
3
3
.PATH: ${.CURDIR}/lib/isc
4
4
···
6
6
SRCS+= error.c event.c hash.c heap.c hex.c hmacsha.c
7
7
SRCS+= lex.c log.c regex.c sockaddr.c
8
8
SRCS+= task.c result.c parseint.c refcount.c timer.c
9
-
SRCS+= safe.c serial.c sha1.c sha2.c symtab.c
9
+
SRCS+= serial.c sha1.c sha2.c symtab.c
10
10
11
11
+8
-9
usr.bin/dig/lib/isc/hmacsha.c
+8
-9
usr.bin/dig/lib/isc/hmacsha.c
···
14
14
* PERFORMANCE OF THIS SOFTWARE.
15
15
*/
16
16
17
-
/* $Id: hmacsha.c,v 1.5 2020/02/25 16:54:24 deraadt Exp $ */
17
+
/* $Id: hmacsha.c,v 1.6 2020/02/25 18:10:17 florian Exp $ */
18
18
19
19
/*
20
20
* This code implements the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384
···
22
22
* draft-ietf-dnsext-tsig-sha-01.txt.
23
23
*/
24
24
25
+
#include <string.h>
26
+
25
27
#include <isc/hmacsha.h>
26
-
27
-
#include <isc/safe.h>
28
28
#include <isc/sha1.h>
29
29
#include <isc/sha2.h>
30
-
#include <string.h>
31
30
#include <isc/util.h>
32
31
33
32
void
···
230
229
231
230
REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
232
231
isc_hmacsha1_sign(ctx, newdigest, ISC_SHA1_DIGESTLENGTH);
233
-
return (isc_safe_memequal(digest, newdigest, len));
232
+
return (ISC_TF(timingsafe_bcmp(digest, newdigest, len) == 0));
234
233
}
235
234
236
235
/*
···
243
242
244
243
REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
245
244
isc_hmacsha224_sign(ctx, newdigest, ISC_SHA224_DIGESTLENGTH);
246
-
return (isc_safe_memequal(digest, newdigest, len));
245
+
return (ISC_TF(timingsafe_bcmp(digest, newdigest, len) == 0));
247
246
}
248
247
249
248
/*
···
256
255
257
256
REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
258
257
isc_hmacsha256_sign(ctx, newdigest, ISC_SHA256_DIGESTLENGTH);
259
-
return (isc_safe_memequal(digest, newdigest, len));
258
+
return (ISC_TF(timingsafe_bcmp(digest, newdigest, len) == 0));
260
259
}
261
260
262
261
/*
···
269
268
270
269
REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
271
270
isc_hmacsha384_sign(ctx, newdigest, ISC_SHA384_DIGESTLENGTH);
272
-
return (isc_safe_memequal(digest, newdigest, len));
271
+
return (ISC_TF(timingsafe_bcmp(digest, newdigest, len) == 0));
273
272
}
274
273
275
274
/*
···
282
281
283
282
REQUIRE(len <= ISC_SHA512_DIGESTLENGTH);
284
283
isc_hmacsha512_sign(ctx, newdigest, ISC_SHA512_DIGESTLENGTH);
285
-
return (isc_safe_memequal(digest, newdigest, len));
284
+
return (ISC_TF(timingsafe_bcmp(digest, newdigest, len) == 0));
286
285
}
-35
usr.bin/dig/lib/isc/include/isc/safe.h
-35
usr.bin/dig/lib/isc/include/isc/safe.h
···
1
-
/*
2
-
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3
-
*
4
-
* Permission to use, copy, modify, and/or distribute this software for any
5
-
* purpose with or without fee is hereby granted, provided that the above
6
-
* copyright notice and this permission notice appear in all copies.
7
-
*
8
-
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9
-
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10
-
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11
-
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12
-
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13
-
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14
-
* PERFORMANCE OF THIS SOFTWARE.
15
-
*/
16
-
17
-
/* $Id: safe.h,v 1.4 2020/02/25 16:54:24 deraadt Exp $ */
18
-
19
-
#ifndef ISC_SAFE_H
20
-
#define ISC_SAFE_H 1
21
-
22
-
/*! \file isc/safe.h */
23
-
24
-
#include <isc/types.h>
25
-
#include <stdlib.h>
26
-
27
-
isc_boolean_t
28
-
isc_safe_memequal(const void *s1, const void *s2, size_t n);
29
-
/*%<
30
-
* Returns ISC_TRUE iff. two blocks of memory are equal, otherwise
31
-
* ISC_FALSE.
32
-
*
33
-
*/
34
-
35
-
#endif /* ISC_SAFE_H */
-35
usr.bin/dig/lib/isc/safe.c
-35
usr.bin/dig/lib/isc/safe.c
···
1
-
/*
2
-
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3
-
*
4
-
* Permission to use, copy, modify, and/or distribute this software for any
5
-
* purpose with or without fee is hereby granted, provided that the above
6
-
* copyright notice and this permission notice appear in all copies.
7
-
*
8
-
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9
-
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10
-
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11
-
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12
-
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13
-
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14
-
* PERFORMANCE OF THIS SOFTWARE.
15
-
*/
16
-
17
-
/*! \file */
18
-
19
-
#include <string.h>
20
-
21
-
#include <isc/safe.h>
22
-
23
-
isc_boolean_t
24
-
isc_safe_memequal(const void *s1, const void *s2, size_t n) {
25
-
uint8_t acc = 0;
26
-
27
-
if (n != 0U) {
28
-
const uint8_t *p1 = s1, *p2 = s2;
29
-
30
-
do {
31
-
acc |= *p1++ ^ *p2++;
32
-
} while (--n != 0U);
33
-
}
34
-
return (ISC_TF(acc == 0));
35
-
}