Module Name: src
Committed By: riastradh
Date: Wed Aug 28 15:24:41 UTC 2013
Modified Files:
src/common/lib/libc/string: consttime_memequal.c
src/crypto/external/bsd/openssh/dist: dns.c
src/lib/libc/string: consttime_memequal.3
src/sys/netipsec: xform_ah.c xform_esp.c
Log Message:
Fix sense of consttime_memequal and update all callers.
Now it returns true (nonzero) to mean equal and false (zero) to mean
inequal, as the name suggests.
As promised on tech-userlevel back in June:
https://mail-index.netbsd.org/tech-userlevel/2013/06/24/msg007843.html
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/common/lib/libc/string/consttime_memequal.c
cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssh/dist/dns.c
cvs rdiff -u -r1.1 -r1.2 src/lib/libc/string/consttime_memequal.3
cvs rdiff -u -r1.40 -r1.41 src/sys/netipsec/xform_ah.c
cvs rdiff -u -r1.43 -r1.44 src/sys/netipsec/xform_esp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/common/lib/libc/string/consttime_memequal.c
diff -u src/common/lib/libc/string/consttime_memequal.c:1.1 src/common/lib/libc/string/consttime_memequal.c:1.2
--- src/common/lib/libc/string/consttime_memequal.c:1.1 Mon Jun 24 04:21:19 2013
+++ src/common/lib/libc/string/consttime_memequal.c Wed Aug 28 15:24:41 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: consttime_memequal.c,v 1.1 2013/06/24 04:21:19 riastradh Exp $ */
+/* $NetBSD: consttime_memequal.c,v 1.2 2013/08/28 15:24:41 riastradh Exp $ */
#if !defined(_KERNEL) && !defined(_STANDALONE)
#include <string.h>
@@ -15,5 +15,5 @@ consttime_memequal(const void *b1, const
while (len --)
res |= *c1++ ^ *c2++;
- return res;
+ return !res;
}
Index: src/crypto/external/bsd/openssh/dist/dns.c
diff -u src/crypto/external/bsd/openssh/dist/dns.c:1.6 src/crypto/external/bsd/openssh/dist/dns.c:1.7
--- src/crypto/external/bsd/openssh/dist/dns.c:1.6 Mon Jun 24 04:21:19 2013
+++ src/crypto/external/bsd/openssh/dist/dns.c Wed Aug 28 15:24:41 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: dns.c,v 1.6 2013/06/24 04:21:19 riastradh Exp $ */
+/* $NetBSD: dns.c,v 1.7 2013/08/28 15:24:41 riastradh Exp $ */
/* $OpenBSD: dns.c,v 1.28 2012/05/23 03:28:28 djm Exp $ */
/*
@@ -27,7 +27,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: dns.c,v 1.6 2013/06/24 04:21:19 riastradh Exp $");
+__RCSID("$NetBSD: dns.c,v 1.7 2013/08/28 15:24:41 riastradh Exp $");
#include <sys/types.h>
#include <sys/socket.h>
@@ -279,7 +279,7 @@ verify_host_key_dns(const char *hostname
hostkey_digest_type == dnskey_digest_type) {
if (hostkey_digest_len == dnskey_digest_len &&
__consttime_memequal(hostkey_digest, dnskey_digest,
- hostkey_digest_len) == 0)
+ hostkey_digest_len))
*flags |= DNS_VERIFY_MATCH;
}
xfree(dnskey_digest);
Index: src/lib/libc/string/consttime_memequal.3
diff -u src/lib/libc/string/consttime_memequal.3:1.1 src/lib/libc/string/consttime_memequal.3:1.2
--- src/lib/libc/string/consttime_memequal.3:1.1 Mon Jun 24 04:21:20 2013
+++ src/lib/libc/string/consttime_memequal.3 Wed Aug 28 15:24:41 2013
@@ -1,4 +1,4 @@
-.\" $NetBSD: consttime_memequal.3,v 1.1 2013/06/24 04:21:20 riastradh Exp $
+.\" $NetBSD: consttime_memequal.3,v 1.2 2013/08/28 15:24:41 riastradh Exp $
.\"
.\" Copyright (c) 2013 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd June 23, 2013
+.Dd August 28, 2013
.Dt CONSTTIME_MEMEQUAL 3
.Os
.Sh NAME
@@ -48,8 +48,8 @@ bytes of memory at
.Fa b1
and
.Fa b2
-for equality, returning zero if they are identical and nonzero
-otherwise.
+for equality, returning zero if they are distinct and nonzero if they
+are identical.
.Pp
The time taken by
.Fn consttime_memequal
Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.40 src/sys/netipsec/xform_ah.c:1.41
--- src/sys/netipsec/xform_ah.c:1.40 Mon Jun 24 04:21:20 2013
+++ src/sys/netipsec/xform_ah.c Wed Aug 28 15:24:41 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.40 2013/06/24 04:21:20 riastradh Exp $ */
+/* $NetBSD: xform_ah.c,v 1.41 2013/08/28 15:24:41 riastradh Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.40 2013/06/24 04:21:20 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.41 2013/08/28 15:24:41 riastradh Exp $");
#include "opt_inet.h"
#ifdef __FreeBSD__
@@ -910,7 +910,7 @@ ah_input_cb(struct cryptop *crp)
ptr = (char *) (tc + 1);
/* Verify authenticator. */
- if (consttime_memequal(ptr + skip + rplen, calc, authsize)) {
+ if (!consttime_memequal(ptr + skip + rplen, calc, authsize)) {
u_int8_t *pppp = ptr + skip+rplen;
DPRINTF(("ah_input: authentication hash mismatch " \
"over %d bytes " \
Index: src/sys/netipsec/xform_esp.c
diff -u src/sys/netipsec/xform_esp.c:1.43 src/sys/netipsec/xform_esp.c:1.44
--- src/sys/netipsec/xform_esp.c:1.43 Mon Jun 24 04:21:20 2013
+++ src/sys/netipsec/xform_esp.c Wed Aug 28 15:24:41 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_esp.c,v 1.43 2013/06/24 04:21:20 riastradh Exp $ */
+/* $NetBSD: xform_esp.c,v 1.44 2013/08/28 15:24:41 riastradh Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.43 2013/06/24 04:21:20 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.44 2013/08/28 15:24:41 riastradh Exp $");
#include "opt_inet.h"
#ifdef __FreeBSD__
@@ -593,8 +593,7 @@ esp_input_cb(struct cryptop *crp)
ptr = (tc + 1);
/* Verify authenticator */
- if (consttime_memequal(ptr, aalg, esph->authsize)
- != 0) {
+ if (!consttime_memequal(ptr, aalg, esph->authsize)) {
DPRINTF(("esp_input_cb: "
"authentication hash mismatch for packet in SA %s/%08lx\n",
ipsec_address(&saidx->dst),
