From: jsing <jsing@openbsd.org>
Date: Sat, 20 Jun 2015 12:01:14 +0000 (+0000)
Subject: Replace remaining CRYPTO_memcmp() calls with timingsafe_memcmp().
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=e88e03638fcb419769139b77a34c2befb0c8cc35;p=openbsd

Replace remaining CRYPTO_memcmp() calls with timingsafe_memcmp().

ok doug@ deraadt@
---

diff --git a/lib/libcrypto/evp/e_aes.c b/lib/libcrypto/evp/e_aes.c
index 85591cfcb72..0a9455a5d2f 100644
--- a/lib/libcrypto/evp/e_aes.c
+++ b/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.27 2015/02/10 09:50:12 miod Exp $ */
+/* $OpenBSD: e_aes.c,v 1.28 2015/06/20 12:01:14 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -1499,7 +1499,7 @@ aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
 	}
 
 	CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len);
-	if (CRYPTO_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) {
+	if (timingsafe_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) {
 		EVPerr(EVP_F_AEAD_AES_GCM_OPEN, EVP_R_BAD_DECRYPT);
 		return 0;
 	}
diff --git a/lib/libcrypto/evp/e_chacha20poly1305.c b/lib/libcrypto/evp/e_chacha20poly1305.c
index da1e0366686..c003b0ba7f6 100644
--- a/lib/libcrypto/evp/e_chacha20poly1305.c
+++ b/lib/libcrypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_chacha20poly1305.c,v 1.8 2014/07/10 22:45:57 jsing Exp $ */
+/* $OpenBSD: e_chacha20poly1305.c,v 1.9 2015/06/20 12:01:14 jsing Exp $ */
 /*
  * Copyright (c) 2014, Google Inc.
  *
@@ -200,7 +200,7 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out,
 	poly1305_update_with_length(&poly1305, in, plaintext_len);
 	CRYPTO_poly1305_finish(&poly1305, mac);
 
-	if (CRYPTO_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) {
+	if (timingsafe_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) {
 		EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_BAD_DECRYPT);
 		return 0;
 	}
diff --git a/lib/libcrypto/rsa/rsa_oaep.c b/lib/libcrypto/rsa/rsa_oaep.c
index 8585d7c3aae..86e2bfc34f4 100644
--- a/lib/libcrypto/rsa/rsa_oaep.c
+++ b/lib/libcrypto/rsa/rsa_oaep.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_oaep.c,v 1.24 2014/10/22 13:02:04 jsing Exp $ */
+/* $OpenBSD: rsa_oaep.c,v 1.25 2015/06/20 12:01:14 jsing Exp $ */
 /* Written by Ulf Moeller. This software is distributed on an "AS IS"
    basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
 
@@ -154,7 +154,7 @@ RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
 	if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL))
 		return -1;
 
-	if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
+	if (timingsafe_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
 		goto decoding_err;
 	else {
 		for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
diff --git a/lib/libssl/src/crypto/evp/e_aes.c b/lib/libssl/src/crypto/evp/e_aes.c
index 85591cfcb72..0a9455a5d2f 100644
--- a/lib/libssl/src/crypto/evp/e_aes.c
+++ b/lib/libssl/src/crypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.27 2015/02/10 09:50:12 miod Exp $ */
+/* $OpenBSD: e_aes.c,v 1.28 2015/06/20 12:01:14 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -1499,7 +1499,7 @@ aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
 	}
 
 	CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len);
-	if (CRYPTO_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) {
+	if (timingsafe_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) {
 		EVPerr(EVP_F_AEAD_AES_GCM_OPEN, EVP_R_BAD_DECRYPT);
 		return 0;
 	}
diff --git a/lib/libssl/src/crypto/evp/e_chacha20poly1305.c b/lib/libssl/src/crypto/evp/e_chacha20poly1305.c
index da1e0366686..c003b0ba7f6 100644
--- a/lib/libssl/src/crypto/evp/e_chacha20poly1305.c
+++ b/lib/libssl/src/crypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_chacha20poly1305.c,v 1.8 2014/07/10 22:45:57 jsing Exp $ */
+/* $OpenBSD: e_chacha20poly1305.c,v 1.9 2015/06/20 12:01:14 jsing Exp $ */
 /*
  * Copyright (c) 2014, Google Inc.
  *
@@ -200,7 +200,7 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out,
 	poly1305_update_with_length(&poly1305, in, plaintext_len);
 	CRYPTO_poly1305_finish(&poly1305, mac);
 
-	if (CRYPTO_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) {
+	if (timingsafe_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) {
 		EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_BAD_DECRYPT);
 		return 0;
 	}
diff --git a/lib/libssl/src/crypto/rsa/rsa_oaep.c b/lib/libssl/src/crypto/rsa/rsa_oaep.c
index 8585d7c3aae..86e2bfc34f4 100644
--- a/lib/libssl/src/crypto/rsa/rsa_oaep.c
+++ b/lib/libssl/src/crypto/rsa/rsa_oaep.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_oaep.c,v 1.24 2014/10/22 13:02:04 jsing Exp $ */
+/* $OpenBSD: rsa_oaep.c,v 1.25 2015/06/20 12:01:14 jsing Exp $ */
 /* Written by Ulf Moeller. This software is distributed on an "AS IS"
    basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
 
@@ -154,7 +154,7 @@ RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
 	if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL))
 		return -1;
 
-	if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
+	if (timingsafe_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
 		goto decoding_err;
 	else {
 		for (i = SHA_DIGEST_LENGTH; i < dblen; i++)