mirror of
https://git.freebsd.org/ports.git
synced 2025-05-27 16:36:28 -04:00
2165191209
while it is unclear whether it affects OpenSSL-builds at all. Let's play it safe. - Reference CVE-2013-2061 name in OpenVPN's VuXML entry - Mark 2.0.9_4 <= openvpn < 2.1.0 and 2.2.2_2 < openvpn < 2.3.0 not vulnerable - Mark openvpn22 deprecated and to expire 2013-09-01. (openvpn20 is already marked to expire 2013-07-11.) Security: CVE-2013-2061 Security: 92f30415-9935-11e2-ad4c-080027ef73ec
74 lines
2.2 KiB
Text
74 lines
2.2 KiB
Text
commit 11d21349a4e7e38a025849479b36ace7c2eec2ee
|
|
Author: Steffan Karger <steffan.karger@fox-it.com>
|
|
Date: Tue Mar 19 13:01:50 2013 +0100
|
|
|
|
Use constant time memcmp when comparing HMACs in openvpn_decrypt.
|
|
|
|
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
|
|
Acked-by: Gert Doering <gert@greenie.muc.de>
|
|
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
|
|
index 7cae733..93efb09 100644
|
|
--- ./buffer.h~
|
|
+++ ./buffer.h
|
|
@@ -668,6 +668,10 @@ buf_read_u32 (struct buffer *buf, bool *good)
|
|
}
|
|
}
|
|
|
|
+/**
|
|
+ * Compare src buffer contents with match.
|
|
+ * *NOT* constant time. Do not use when comparing HMACs.
|
|
+ */
|
|
static inline bool
|
|
buf_string_match (const struct buffer *src, const void *match, int size)
|
|
{
|
|
@@ -676,6 +680,10 @@ buf_string_match (const struct buffer *src, const void *match, int size)
|
|
return memcmp (BPTR (src), match, size) == 0;
|
|
}
|
|
|
|
+/**
|
|
+ * Compare first size bytes of src buffer contents with match.
|
|
+ * *NOT* constant time. Do not use when comparing HMACs.
|
|
+ */
|
|
static inline bool
|
|
buf_string_match_head (const struct buffer *src, const void *match, int size)
|
|
{
|
|
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
|
|
index 405c0aa..d9adf5b 100644
|
|
--- ./crypto.c~
|
|
+++ ./crypto.c
|
|
@@ -65,6 +65,24 @@
|
|
#define CRYPT_ERROR(format) \
|
|
do { msg (D_CRYPT_ERRORS, "%s: " format, error_prefix); goto error_exit; } while (false)
|
|
|
|
+/**
|
|
+ * As memcmp(), but constant-time.
|
|
+ * Returns 0 when data is equal, non-zero otherwise.
|
|
+ */
|
|
+static int
|
|
+memcmp_constant_time (const void *a, const void *b, size_t size) {
|
|
+ const uint8_t * a1 = a;
|
|
+ const uint8_t * b1 = b;
|
|
+ int ret = 0;
|
|
+ size_t i;
|
|
+
|
|
+ for (i = 0; i < size; i++) {
|
|
+ ret |= *a1++ ^ *b1++;
|
|
+ }
|
|
+
|
|
+ return ret;
|
|
+}
|
|
+
|
|
void
|
|
openvpn_encrypt (struct buffer *buf, struct buffer work,
|
|
const struct crypto_options *opt,
|
|
@@ -244,7 +262,7 @@ openvpn_decrypt (struct buffer *buf, struct buffer work,
|
|
hmac_ctx_final (ctx->hmac, local_hmac);
|
|
|
|
/* Compare locally computed HMAC with packet HMAC */
|
|
- if (memcmp (local_hmac, BPTR (buf), hmac_len))
|
|
+ if (memcmp_constant_time (local_hmac, BPTR (buf), hmac_len))
|
|
CRYPT_ERROR ("packet HMAC authentication failed");
|
|
|
|
ASSERT (buf_advance (buf, hmac_len));
|