Skip to content

Commit

Permalink
al: add timingsafe_bcmp(), remove mem_scmp().
Browse files Browse the repository at this point in the history
  • Loading branch information
rozhuk-im committed Apr 28, 2024
1 parent abf5e88 commit b115d66
Show file tree
Hide file tree
Showing 7 changed files with 30 additions and 45 deletions.
1 change: 1 addition & 0 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,7 @@ endif()

# Check platform API.
chk_function_exists(explicit_bzero)
chk_function_exists(timingsafe_bcmp)
chk_function_exists(memrchr)
chk_function_exists(memmem)
chk_function_exists(strlcpy)
Expand Down
25 changes: 22 additions & 3 deletions include/al/os.h
Original file line number Diff line number Diff line change
Expand Up @@ -212,6 +212,24 @@ explicit_bzero(void *b, size_t len) {
}
#endif

#ifndef HAVE_TIMINGSAFE_BCMP
static inline int
timingsafe_bcmp(const void *b1, const void *b2, size_t len) {
int ret = 0;
const uint8_t *p1 = b1, *p2 = b2;

if (0 == len || b1 == b2)
return (0);
if (NULL == b1 ||
NULL == b2)
return (1);
for (size_t i = 0; i < len; i ++) {
ret |= (p1[i] ^ p2[i]);
}
return ((0 != ret));
}
#endif

#ifndef HAVE_MEMRCHR
static inline void *
memrchr(const void *buf, const int what_find, const size_t buf_size) {
Expand Down Expand Up @@ -292,7 +310,7 @@ freezero(void *ptr, const size_t size) {

if (NULL == ptr)
return;
memset_volatile(ptr, 0x00, size);
explicit_bzero(ptr, size);
free(ptr);
}
#endif
Expand All @@ -316,8 +334,6 @@ strlcpy(char * restrict dst, const char * restrict src, size_t size) {
#endif


/* Syscalls. */

/* pthread_create(2) can spuriously fail on Linux. This is a function
* to wrap pthread_create(2) to retry if it fails with EAGAIN. */
static inline int
Expand Down Expand Up @@ -360,6 +376,9 @@ pthread_self_name_set(const char *name) {
}



/* Syscalls. */

#ifndef HAVE_PIPE2
static inline int
pipe2(int fildes[2], int flags) {
Expand Down
22 changes: 4 additions & 18 deletions include/proto/radius.h
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*-
* Copyright (c) 2014 - 2020 Rozhuk Ivan <[email protected]>
* Copyright (c) 2014-2024 Rozhuk Ivan <[email protected]>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Expand Down Expand Up @@ -49,6 +49,7 @@
#include <netinet/in.h> /* ntohs(), htons() */
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include "al/os.h"
#include "crypto/hash/md5.h"

#ifndef ENOATTR
Expand Down Expand Up @@ -585,21 +586,6 @@ typedef struct radius_pkt_hdr_s { /* Radius packet header. */



/* Constatnt time memory comparation, prevent timing attacks
* http://www.cs.rice.edu/~dwallach/pub/crosby-timing2009.pdf */
static inline int
radius_sec_memcmp(uint8_t const *a, uint8_t const *b, const size_t size) {
register int res = 0;
register size_t i;

for (i = 0; i < size; i ++) {
res |= a[i] ^ b[i];
}

return (res);
}


//////////////////////////////////////////////////////////////////////////
////////////////////////Radius packet attribute///////////////////////////
//////////////////////////////////////////////////////////////////////////
Expand Down Expand Up @@ -959,7 +945,7 @@ radius_pkt_attr_msg_authenticator_chk(rad_pkt_hdr_p pkt, size_t offset,
pkt_authenticator_inside, pkt_req, (uint8_t*)calc_msg_authr);
if (0 != error)
return (error);
if (0 != radius_sec_memcmp(RADIUS_PKT_ATTR_DATA(attr), calc_msg_authr,
if (0 != timingsafe_bcmp(RADIUS_PKT_ATTR_DATA(attr), calc_msg_authr,
MD5_HASH_SIZE))
return (EBADMSG);

Expand Down Expand Up @@ -1408,7 +1394,7 @@ radius_pkt_authenticator_chk(rad_pkt_hdr_p pkt, uint8_t *key, size_t key_len,
if (0 != radius_pkt_authenticator_calc(pkt, key, key_len,
pkt_authenticator_inside, pkt_req, (uint8_t*)calc_authr))
return (EINVAL);
if (0 != radius_sec_memcmp(pkt->authenticator, calc_authr, MD5_HASH_SIZE))
if (0 != timingsafe_bcmp(pkt->authenticator, calc_authr, MD5_HASH_SIZE))
return (EBADMSG);

return (0);
Expand Down
21 changes: 0 additions & 21 deletions include/utils/mem_utils.h
Original file line number Diff line number Diff line change
Expand Up @@ -393,27 +393,6 @@ mem_cmpn(const void *buf1, const size_t buf1_size,
return (mem_cmp(buf1, buf2, buf1_size));
}

/* Secure version of memcmp(). */
static inline int
mem_scmp(const void *buf1, const void *buf2, const size_t size) {
register int res = 0;
register size_t i;
register const uint8_t *a = (const uint8_t*)buf1;
register const uint8_t *b = (const uint8_t*)buf2;

if (0 == size || buf1 == buf2)
return (0);
if (NULL == buf1)
return (-127);
if (NULL == buf2)
return (127);
for (i = 0; i < size; i ++) {
res |= (a[i] ^ b[i]);
}

return (res);
}


////////////////////////////////////////////////////////////////////////
////////////// Compare, ignory case, like strncasecmp() ////////////////
Expand Down
2 changes: 1 addition & 1 deletion lib.project
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@
<Dependencies Name="Debug"/>
<Settings Type="Static Library">
<GlobalSettings>
<Compiler Options="" C_Options="-DHAVE_STRLCPY;-DHAVE_PIPE2;-DHAVE_ACCEPT4;-DHAVE_REALLOCARRAY;-DHAVE_ACCEPT4;-DHAVE_MEMRCHR;-DHAVE_MEMMEM;-DHAVE_REALLOCARRAY;-DHAVE_MEMSET_S;-DHAVE_EXPLICIT_BZERO;-DHAVE_KQUEUEX;-Wimplicit-fallthrough" Assembler="">
<Compiler Options="" C_Options="-DHAVE_STRLCPY;-DHAVE_PIPE2;-DHAVE_ACCEPT4;-DHAVE_REALLOCARRAY;-DHAVE_ACCEPT4;-DHAVE_MEMRCHR;-DHAVE_MEMMEM;-DHAVE_REALLOCARRAY;-DHAVE_MEMSET_S;-DHAVE_EXPLICIT_BZERO;-DHAVE_KQUEUEX;-DHAVE_TIMINGSAFE_BCMP;-Wimplicit-fallthrough" Assembler="">
<IncludePath Value="./include"/>
</Compiler>
<Linker Options="">
Expand Down
2 changes: 1 addition & 1 deletion src/proto/http_client.c
Original file line number Diff line number Diff line change
Expand Up @@ -1144,7 +1144,7 @@ http_cli_recv_done_cb(io_task_p iotask, int error, io_buf_p buf, int eof,
host_port = UStr8ToUNum32(ptm, (cli->req.host_size - tm));
tm --;
}
action = (0 == mem_cmpin_cstr(c"localhost", li->req.host, tm));
action = (0 == mem_cmpin_cstr("localhost", li->req.host, tm));
/* Is connection to loopback from ext host? */
if (0 != action && 0 == sa_addr_is_loopback(&cli->addr)) /* from ext host? */
goto conn_from_net_to_loopback;
Expand Down
2 changes: 1 addition & 1 deletion tests/threadpool/test-threadpool.project
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
<Dependencies Name="Debug"/>
<Settings Type="Executable">
<GlobalSettings>
<Compiler Options="" C_Options="-DHAVE_STRLCPY;-DHAVE_PIPE2;-DHAVE_REALLOCARRAY;-DHAVE_ACCEPT4;-DHAVE_MEMRCHR;-DHAVE_MEMMEM;-DHAVE_REALLOCARRAY;-DHAVE_EXPLICIT_BZERO;-DHAVE_MEMSET_S;-DHAVE_KQUEUEX;-Wimplicit-fallthrough" Assembler="">
<Compiler Options="" C_Options="-DHAVE_STRLCPY;-DHAVE_PIPE2;-DHAVE_REALLOCARRAY;-DHAVE_ACCEPT4;-DHAVE_MEMRCHR;-DHAVE_MEMMEM;-DHAVE_REALLOCARRAY;-DHAVE_EXPLICIT_BZERO;-DHAVE_MEMSET_S;-DHAVE_KQUEUEX;-DHAVE_TIMINGSAFE_BCMP;-Wimplicit-fallthrough" Assembler="">
<IncludePath Value="../../include"/>
</Compiler>
<Linker Options="">
Expand Down

0 comments on commit b115d66

Please sign in to comment.