Switch some obvious network stack MAC comparisons from bcmp() to

timingsafe_bcmp().

ok deraadt@; committed over WPA.

diff --git a/sys/crypto/key_wrap.c b/sys/crypto/key_wrap.c
index e99e74b..b9009ad 100644 (file)
--- a/sys/crypto/key_wrap.c
+++ b/sys/crypto/key_wrap.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: key_wrap.c,v 1.1 2008/08/12 15:43:00 damien Exp $     */
+/*     $OpenBSD: key_wrap.c,v 1.2 2010/07/20 15:36:03 matthew Exp $    */
 
 /*-
  * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
@@ -108,5 +108,5 @@ aes_key_unwrap(aes_key_wrap_ctx *ctx, const u_int8_t *C, u_int8_t *P, size_t n)
        memset(B, 0, sizeof B);
 
        /* check that A is an appropriate initial value */
-       return memcmp(A, IV, 8) != 0;
+       return timingsafe_bcmp(A, IV, 8) != 0;
 }

diff --git a/sys/net/if_spppsubr.c b/sys/net/if_spppsubr.c
index f2af538..69ee2ee 100644 (file)
--- a/sys/net/if_spppsubr.c
+++ b/sys/net/if_spppsubr.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: if_spppsubr.c,v 1.80 2010/05/01 08:14:26 mk Exp $     */
+/*     $OpenBSD: if_spppsubr.c,v 1.81 2010/07/20 15:36:03 matthew Exp $        */
 /*
  * Synchronous PPP/Cisco link level subroutines.
  * Keepalive protocol implemented in both Cisco and PPP modes.
@@ -3903,7 +3903,7 @@ sppp_chap_input(struct sppp *sp, struct mbuf *m)
 #define SUCCMSG "Welcome!"
 
                if (value_len != sizeof digest ||
-                   bcmp(digest, value, value_len) != 0) {
+                   timingsafe_bcmp(digest, value, value_len) != 0) {
                        /* action scn, tld */
                        sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident,
                                       sizeof(FAILMSG) - 1, (u_char *)FAILMSG,

diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c
index 64ab098..28afffa 100644 (file)
--- a/sys/net80211/ieee80211_crypto.c
+++ b/sys/net80211/ieee80211_crypto.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ieee80211_crypto.c,v 1.58 2009/02/13 17:24:54 damien Exp $    */
+/*     $OpenBSD: ieee80211_crypto.c,v 1.59 2010/07/20 15:36:03 matthew Exp $   */
 
 /*-
  * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
@@ -485,7 +485,7 @@ ieee80211_eapol_key_check_mic(struct ieee80211_eapol_key *key,
        memset(key->mic, 0, EAPOL_KEY_MIC_LEN);
        ieee80211_eapol_key_mic(key, kck);
 
-       return memcmp(key->mic, mic, EAPOL_KEY_MIC_LEN) != 0;
+       return timingsafe_bcmp(key->mic, mic, EAPOL_KEY_MIC_LEN) != 0;
 }
 
 #ifndef IEEE80211_STA_ONLY

diff --git a/sys/net80211/ieee80211_crypto_bip.c b/sys/net80211/ieee80211_crypto_bip.c
index efa9683..b69fac4 100644 (file)
--- a/sys/net80211/ieee80211_crypto_bip.c
+++ b/sys/net80211/ieee80211_crypto_bip.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ieee80211_crypto_bip.c,v 1.2 2009/01/26 19:09:41 damien Exp $ */
+/*     $OpenBSD: ieee80211_crypto_bip.c,v 1.3 2010/07/20 15:36:03 matthew Exp $        */
 
 /*-
  * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
@@ -201,7 +201,7 @@ ieee80211_bip_decap(struct ieee80211com *ic, struct mbuf *m0,
        AES_CMAC_Final(mic, &ctx->cmac);
 
        /* check that MIC matches the one in MMIE */
-       if (memcmp(mic, mic0, 8) != 0) {
+       if (timingsafe_bcmp(mic, mic0, 8) != 0) {
                ic->ic_stats.is_cmac_icv_errs++;
                m_freem(m0);
                return NULL;

diff --git a/sys/net80211/ieee80211_crypto_ccmp.c b/sys/net80211/ieee80211_crypto_ccmp.c
index d491c20..4b246d0 100644 (file)
--- a/sys/net80211/ieee80211_crypto_ccmp.c
+++ b/sys/net80211/ieee80211_crypto_ccmp.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ieee80211_crypto_ccmp.c,v 1.10 2009/09/24 16:03:10 damien Exp $       */
+/*     $OpenBSD: ieee80211_crypto_ccmp.c,v 1.11 2010/07/20 15:36:03 matthew Exp $      */
 
 /*-
  * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
@@ -445,7 +445,7 @@ ieee80211_ccmp_decrypt(struct ieee80211com *ic, struct mbuf *m0,
 
        /* check that it matches the MIC in received frame */
        m_copydata(m, moff, IEEE80211_CCMP_MICLEN, mic0);
-       if (memcmp(mic0, b, IEEE80211_CCMP_MICLEN) != 0) {
+       if (timingsafe_bcmp(mic0, b, IEEE80211_CCMP_MICLEN) != 0) {
                ic->ic_stats.is_ccmp_dec_errs++;
                m_freem(m0);
                m_freem(n0);

diff --git a/sys/net80211/ieee80211_crypto_tkip.c b/sys/net80211/ieee80211_crypto_tkip.c
index ffd04f7..08375f2 100644 (file)
--- a/sys/net80211/ieee80211_crypto_tkip.c
+++ b/sys/net80211/ieee80211_crypto_tkip.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ieee80211_crypto_tkip.c,v 1.17 2009/10/30 20:32:25 damien Exp $       */
+/*     $OpenBSD: ieee80211_crypto_tkip.c,v 1.18 2010/07/20 15:36:03 matthew Exp $      */
 
 /*-
  * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
@@ -454,7 +454,7 @@ ieee80211_tkip_decrypt(struct ieee80211com *ic, struct mbuf *m0,
        /* compute TKIP MIC over decrypted message */
        ieee80211_tkip_mic(n0, hdrlen, ctx->rxmic, mic);
        /* check that it matches the MIC in received frame */
-       if (memcmp(mic0, mic, IEEE80211_TKIP_MICLEN) != 0) {
+       if (timingsafe_bcmp(mic0, mic, IEEE80211_TKIP_MICLEN) != 0) {
                m_freem(m0);
                m_freem(n0);
                ic->ic_stats.is_rx_locmicfail++;

diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c
index eae796f..013c0fd 100644 (file)
--- a/sys/netinet/ip_ah.c
+++ b/sys/netinet/ip_ah.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ip_ah.c,v 1.97 2010/07/09 16:58:06 reyk Exp $ */
+/*     $OpenBSD: ip_ah.c,v 1.98 2010/07/20 15:36:03 matthew Exp $ */
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
  * Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -815,7 +815,7 @@ ah_input_cb(void *op)
                ptr = (caddr_t) (tc + 1);
 
                /* Verify authenticator. */
-               if (bcmp(ptr + skip + rplen, calc, ahx->authsize)) {
+               if (timingsafe_bcmp(ptr + skip + rplen, calc, ahx->authsize)) {
                        free(tc, M_XDATA);
 
                        DPRINTF(("ah_input(): authentication failed for "

diff --git a/sys/netinet/ip_carp.c b/sys/netinet/ip_carp.c
index af64fd1..0ba78e7 100644 (file)
--- a/sys/netinet/ip_carp.c
+++ b/sys/netinet/ip_carp.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ip_carp.c,v 1.175 2010/04/25 17:38:53 mpf Exp $       */
+/*     $OpenBSD: ip_carp.c,v 1.176 2010/07/20 15:36:03 matthew Exp $   */
 
 /*
  * Copyright (c) 2002 Michael Shalayeff. All rights reserved.
@@ -392,7 +392,7 @@ carp_hmac_verify(struct carp_vhost_entry *vhe, u_int32_t counter[2],
 
        for (i = 0; i < HMAC_MAX; i++) { 
                carp_hmac_generate(vhe, counter, md2, i);
-               if (!bcmp(md, md2, sizeof(md2)))
+               if (!timingsafe_bcmp(md, md2, sizeof(md2)))
                        return (0);
        }
        return (1);

diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c
index 66f5049..a843c0e 100644 (file)
--- a/sys/netinet/ip_esp.c
+++ b/sys/netinet/ip_esp.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ip_esp.c,v 1.110 2010/07/09 16:58:06 reyk Exp $ */
+/*     $OpenBSD: ip_esp.c,v 1.111 2010/07/20 15:36:03 matthew Exp $ */
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
  * Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -559,7 +559,7 @@ esp_input_cb(void *op)
                        ptr = (caddr_t) (tc + 1);
 
                        /* Verify authenticator */
-                       if (bcmp(ptr, aalg, esph->authsize)) {
+                       if (timingsafe_bcmp(ptr, aalg, esph->authsize)) {
                                free(tc, M_XDATA);
                                DPRINTF(("esp_input_cb(): authentication failed for packet in SA %s/%08x\n", ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
                                espstat.esps_badauth++;

diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 3516af7..d923a3c 100644 (file)
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: tcp_input.c,v 1.234 2010/07/09 16:58:06 reyk Exp $    */
+/*     $OpenBSD: tcp_input.c,v 1.235 2010/07/20 15:36:03 matthew Exp $ */
 /*     $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $  */
 
 /*
@@ -2351,7 +2351,7 @@ tcp_dooptions(struct tcpcb *tp, u_char *cp, int cnt, struct tcphdr *th,
                        if (optlen != TCPOLEN_SIGNATURE)
                                continue;
 
-                       if (sigp && bcmp(sigp, cp + 2, 16))
+                       if (sigp && timingsafe_bcmp(sigp, cp + 2, 16))
                                return (-1);
 
                        sigp = cp + 2;
@@ -2419,7 +2419,7 @@ tcp_dooptions(struct tcpcb *tp, u_char *cp, int cnt, struct tcphdr *th,
                if (tcp_signature(tdb, tp->pf, m, th, iphlen, 1, sig) < 0)
                        return (-1);
 
-               if (bcmp(sig, sigp, 16)) {
+               if (timingsafe_bcmp(sig, sigp, 16)) {
                        tcpstat.tcps_rcvbadsig++;
                        return (-1);
                }