TLS: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
a79aea531e
commit
2049a3c874
6 changed files with 7 additions and 6 deletions
|
@ -298,7 +298,7 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
|
||||||
hdr.payload, hdr.length);
|
hdr.payload, hdr.length);
|
||||||
|
|
||||||
if (hdr.length != hash_len ||
|
if (hdr.length != hash_len ||
|
||||||
os_memcmp(hdr.payload, hash, hdr.length) != 0) {
|
os_memcmp_const(hdr.payload, hash, hdr.length) != 0) {
|
||||||
wpa_printf(MSG_INFO, "PKCS #1: Digest value does not match calculated hash");
|
wpa_printf(MSG_INFO, "PKCS #1: Digest value does not match calculated hash");
|
||||||
os_free(decrypted);
|
os_free(decrypted);
|
||||||
return -1;
|
return -1;
|
||||||
|
|
|
@ -962,7 +962,7 @@ static int tls_process_server_finished(struct tlsv1_client *conn, u8 ct,
|
||||||
wpa_hexdump_key(MSG_DEBUG, "TLSv1: verify_data (server)",
|
wpa_hexdump_key(MSG_DEBUG, "TLSv1: verify_data (server)",
|
||||||
verify_data, TLS_VERIFY_DATA_LEN);
|
verify_data, TLS_VERIFY_DATA_LEN);
|
||||||
|
|
||||||
if (os_memcmp(pos, verify_data, TLS_VERIFY_DATA_LEN) != 0) {
|
if (os_memcmp_const(pos, verify_data, TLS_VERIFY_DATA_LEN) != 0) {
|
||||||
wpa_printf(MSG_INFO, "TLSv1: Mismatch in verify_data");
|
wpa_printf(MSG_INFO, "TLSv1: Mismatch in verify_data");
|
||||||
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
|
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
|
||||||
TLS_ALERT_DECRYPT_ERROR);
|
TLS_ALERT_DECRYPT_ERROR);
|
||||||
|
|
|
@ -481,7 +481,8 @@ int tls_verify_signature(u16 tls_version, struct crypto_public_key *pk,
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_TLSV12 */
|
#endif /* CONFIG_TLSV12 */
|
||||||
|
|
||||||
if (buflen != data_len || os_memcmp(decrypted, data, data_len) != 0) {
|
if (buflen != data_len ||
|
||||||
|
os_memcmp_const(decrypted, data, data_len) != 0) {
|
||||||
wpa_printf(MSG_DEBUG, "TLSv1: Invalid Signature in CertificateVerify - did not match calculated hash");
|
wpa_printf(MSG_DEBUG, "TLSv1: Invalid Signature in CertificateVerify - did not match calculated hash");
|
||||||
os_free(buf);
|
os_free(buf);
|
||||||
*alert = TLS_ALERT_DECRYPT_ERROR;
|
*alert = TLS_ALERT_DECRYPT_ERROR;
|
||||||
|
|
|
@ -456,7 +456,7 @@ int tlsv1_record_receive(struct tlsv1_record_layer *rl,
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (hlen != rl->hash_size ||
|
if (hlen != rl->hash_size ||
|
||||||
os_memcmp(hash, out_data + plen, hlen) != 0 ||
|
os_memcmp_const(hash, out_data + plen, hlen) != 0 ||
|
||||||
force_mac_error) {
|
force_mac_error) {
|
||||||
wpa_printf(MSG_DEBUG, "TLSv1: Invalid HMAC value in "
|
wpa_printf(MSG_DEBUG, "TLSv1: Invalid HMAC value in "
|
||||||
"received message (force_mac_error=%d)",
|
"received message (force_mac_error=%d)",
|
||||||
|
|
|
@ -1135,7 +1135,7 @@ static int tls_process_client_finished(struct tlsv1_server *conn, u8 ct,
|
||||||
wpa_hexdump_key(MSG_DEBUG, "TLSv1: verify_data (client)",
|
wpa_hexdump_key(MSG_DEBUG, "TLSv1: verify_data (client)",
|
||||||
verify_data, TLS_VERIFY_DATA_LEN);
|
verify_data, TLS_VERIFY_DATA_LEN);
|
||||||
|
|
||||||
if (os_memcmp(pos, verify_data, TLS_VERIFY_DATA_LEN) != 0) {
|
if (os_memcmp_const(pos, verify_data, TLS_VERIFY_DATA_LEN) != 0) {
|
||||||
tlsv1_server_log(conn, "Mismatch in verify_data");
|
tlsv1_server_log(conn, "Mismatch in verify_data");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1776,7 +1776,7 @@ skip_digest_oid:
|
||||||
}
|
}
|
||||||
|
|
||||||
if (hdr.length != hash_len ||
|
if (hdr.length != hash_len ||
|
||||||
os_memcmp(hdr.payload, hash, hdr.length) != 0) {
|
os_memcmp_const(hdr.payload, hash, hdr.length) != 0) {
|
||||||
wpa_printf(MSG_INFO, "X509: Certificate Digest does not match "
|
wpa_printf(MSG_INFO, "X509: Certificate Digest does not match "
|
||||||
"with calculated tbsCertificate hash");
|
"with calculated tbsCertificate hash");
|
||||||
os_free(data);
|
os_free(data);
|
||||||
|
|
Loading…
Reference in a new issue