|
|
90a1d9 |
From 9acc0f68320db4c7c6dadacb974e77c7fbca72a7 Mon Sep 17 00:00:00 2001
|
|
|
90a1d9 |
From: Daiki Ueno <ueno@gnu.org>
|
|
|
90a1d9 |
Date: Sun, 21 Jun 2020 16:03:54 +0200
|
|
|
90a1d9 |
Subject: [PATCH] safe_memcmp: remove in favor of gnutls_memcmp
|
|
|
90a1d9 |
|
|
|
90a1d9 |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
90a1d9 |
---
|
|
|
90a1d9 |
lib/accelerated/x86/aes-xts-x86-aesni.c | 2 +-
|
|
|
90a1d9 |
lib/ext/pre_shared_key.c | 2 +-
|
|
|
90a1d9 |
lib/mem.h | 9 ---------
|
|
|
90a1d9 |
lib/nettle/cipher.c | 8 ++++----
|
|
|
90a1d9 |
lib/tls13/finished.c | 2 +-
|
|
|
90a1d9 |
lib/x509/x509.c | 3 ++-
|
|
|
90a1d9 |
6 files changed, 9 insertions(+), 17 deletions(-)
|
|
|
90a1d9 |
|
|
|
90a1d9 |
diff --git a/lib/accelerated/x86/aes-xts-x86-aesni.c b/lib/accelerated/x86/aes-xts-x86-aesni.c
|
|
|
90a1d9 |
index 3371d0812..b904cbf00 100644
|
|
|
90a1d9 |
--- a/lib/accelerated/x86/aes-xts-x86-aesni.c
|
|
|
90a1d9 |
+++ b/lib/accelerated/x86/aes-xts-x86-aesni.c
|
|
|
90a1d9 |
@@ -72,7 +72,7 @@ x86_aes_xts_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
|
|
|
90a1d9 |
|
|
|
90a1d9 |
/* Check key block according to FIPS-140-2 IG A.9 */
|
|
|
90a1d9 |
if (_gnutls_fips_mode_enabled()){
|
|
|
90a1d9 |
- if (safe_memcmp(key, key + (keysize / 2), keysize / 2) == 0) {
|
|
|
90a1d9 |
+ if (gnutls_memcmp(key, key + (keysize / 2), keysize / 2) == 0) {
|
|
|
90a1d9 |
_gnutls_switch_lib_state(LIB_STATE_ERROR);
|
|
|
90a1d9 |
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
|
90a1d9 |
}
|
|
|
90a1d9 |
diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c
|
|
|
90a1d9 |
index fef67d341..240be2162 100644
|
|
|
90a1d9 |
--- a/lib/ext/pre_shared_key.c
|
|
|
90a1d9 |
+++ b/lib/ext/pre_shared_key.c
|
|
|
90a1d9 |
@@ -650,7 +650,7 @@ static int server_recv_params(gnutls_session_t session,
|
|
|
90a1d9 |
}
|
|
|
90a1d9 |
|
|
|
90a1d9 |
if (_gnutls_mac_get_algo_len(prf) != binder_recvd.size ||
|
|
|
90a1d9 |
- safe_memcmp(binder_value, binder_recvd.data, binder_recvd.size)) {
|
|
|
90a1d9 |
+ gnutls_memcmp(binder_value, binder_recvd.data, binder_recvd.size)) {
|
|
|
90a1d9 |
gnutls_assert();
|
|
|
90a1d9 |
ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
|
|
|
90a1d9 |
goto fail;
|
|
|
90a1d9 |
diff --git a/lib/mem.h b/lib/mem.h
|
|
|
90a1d9 |
index dc838a2b4..d3eea97a4 100644
|
|
|
90a1d9 |
--- a/lib/mem.h
|
|
|
90a1d9 |
+++ b/lib/mem.h
|
|
|
90a1d9 |
@@ -35,15 +35,6 @@ char *_gnutls_strdup(const char *);
|
|
|
90a1d9 |
|
|
|
90a1d9 |
unsigned _gnutls_mem_is_zero(const uint8_t *ptr, unsigned size);
|
|
|
90a1d9 |
|
|
|
90a1d9 |
-/* To avoid undefined behavior when s1 or s2 are null and n = 0 */
|
|
|
90a1d9 |
-inline static
|
|
|
90a1d9 |
-int safe_memcmp(const void *s1, const void *s2, size_t n)
|
|
|
90a1d9 |
-{
|
|
|
90a1d9 |
- if (n == 0)
|
|
|
90a1d9 |
- return 0;
|
|
|
90a1d9 |
- return memcmp(s1, s2, n);
|
|
|
90a1d9 |
-}
|
|
|
90a1d9 |
-
|
|
|
90a1d9 |
#define zrelease_mpi_key(mpi) if (*mpi!=NULL) { \
|
|
|
90a1d9 |
_gnutls_mpi_clear(*mpi); \
|
|
|
90a1d9 |
_gnutls_mpi_release(mpi); \
|
|
|
90a1d9 |
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
|
|
|
90a1d9 |
index b0a52deb5..ec0c1ab04 100644
|
|
|
90a1d9 |
--- a/lib/nettle/cipher.c
|
|
|
90a1d9 |
+++ b/lib/nettle/cipher.c
|
|
|
90a1d9 |
@@ -482,7 +482,7 @@ _xts_aes128_set_encrypt_key(struct xts_aes128_key *xts_key,
|
|
|
90a1d9 |
const uint8_t *key)
|
|
|
90a1d9 |
{
|
|
|
90a1d9 |
if (_gnutls_fips_mode_enabled() &&
|
|
|
90a1d9 |
- safe_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
|
|
|
90a1d9 |
+ gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
|
|
|
90a1d9 |
_gnutls_switch_lib_state(LIB_STATE_ERROR);
|
|
|
90a1d9 |
|
|
|
90a1d9 |
xts_aes128_set_encrypt_key(xts_key, key);
|
|
|
90a1d9 |
@@ -493,7 +493,7 @@ _xts_aes128_set_decrypt_key(struct xts_aes128_key *xts_key,
|
|
|
90a1d9 |
const uint8_t *key)
|
|
|
90a1d9 |
{
|
|
|
90a1d9 |
if (_gnutls_fips_mode_enabled() &&
|
|
|
90a1d9 |
- safe_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
|
|
|
90a1d9 |
+ gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
|
|
|
90a1d9 |
_gnutls_switch_lib_state(LIB_STATE_ERROR);
|
|
|
90a1d9 |
|
|
|
90a1d9 |
xts_aes128_set_decrypt_key(xts_key, key);
|
|
|
90a1d9 |
@@ -504,7 +504,7 @@ _xts_aes256_set_encrypt_key(struct xts_aes256_key *xts_key,
|
|
|
90a1d9 |
const uint8_t *key)
|
|
|
90a1d9 |
{
|
|
|
90a1d9 |
if (_gnutls_fips_mode_enabled() &&
|
|
|
90a1d9 |
- safe_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
|
|
|
90a1d9 |
+ gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
|
|
|
90a1d9 |
_gnutls_switch_lib_state(LIB_STATE_ERROR);
|
|
|
90a1d9 |
|
|
|
90a1d9 |
xts_aes256_set_encrypt_key(xts_key, key);
|
|
|
90a1d9 |
@@ -515,7 +515,7 @@ _xts_aes256_set_decrypt_key(struct xts_aes256_key *xts_key,
|
|
|
90a1d9 |
const uint8_t *key)
|
|
|
90a1d9 |
{
|
|
|
90a1d9 |
if (_gnutls_fips_mode_enabled() &&
|
|
|
90a1d9 |
- safe_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
|
|
|
90a1d9 |
+ gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
|
|
|
90a1d9 |
_gnutls_switch_lib_state(LIB_STATE_ERROR);
|
|
|
90a1d9 |
|
|
|
90a1d9 |
xts_aes256_set_decrypt_key(xts_key, key);
|
|
|
90a1d9 |
diff --git a/lib/tls13/finished.c b/lib/tls13/finished.c
|
|
|
90a1d9 |
index 68eab993e..ec646e673 100644
|
|
|
90a1d9 |
--- a/lib/tls13/finished.c
|
|
|
90a1d9 |
+++ b/lib/tls13/finished.c
|
|
|
90a1d9 |
@@ -112,7 +112,7 @@ int _gnutls13_recv_finished(gnutls_session_t session)
|
|
|
90a1d9 |
#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
|
|
|
90a1d9 |
# warning This is unsafe for production builds
|
|
|
90a1d9 |
#else
|
|
|
90a1d9 |
- if (safe_memcmp(verifier, buf.data, buf.length) != 0) {
|
|
|
90a1d9 |
+ if (gnutls_memcmp(verifier, buf.data, buf.length) != 0) {
|
|
|
90a1d9 |
gnutls_assert();
|
|
|
90a1d9 |
ret = GNUTLS_E_ERROR_IN_FINISHED_PACKET;
|
|
|
90a1d9 |
goto cleanup;
|
|
|
90a1d9 |
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
|
|
|
90a1d9 |
index 2091f3ae6..2b68fe440 100644
|
|
|
90a1d9 |
--- a/lib/x509/x509.c
|
|
|
90a1d9 |
+++ b/lib/x509/x509.c
|
|
|
90a1d9 |
@@ -360,7 +360,8 @@ static int compare_sig_algorithm(gnutls_x509_crt_t cert)
|
|
|
90a1d9 |
}
|
|
|
90a1d9 |
|
|
|
90a1d9 |
if (empty1 != empty2 ||
|
|
|
90a1d9 |
- sp1.size != sp2.size || safe_memcmp(sp1.data, sp2.data, sp1.size) != 0) {
|
|
|
90a1d9 |
+ sp1.size != sp2.size ||
|
|
|
90a1d9 |
+ (sp1.size > 0 && memcmp(sp1.data, sp2.data, sp1.size) != 0)) {
|
|
|
90a1d9 |
gnutls_assert();
|
|
|
90a1d9 |
ret = GNUTLS_E_CERTIFICATE_ERROR;
|
|
|
90a1d9 |
goto cleanup;
|
|
|
90a1d9 |
--
|
|
|
90a1d9 |
2.26.2
|
|
|
90a1d9 |
|