diff options
author | Deian Stefan <deian@cs.ucsd.edu> | 2019-09-26 16:13:21 -0700 |
---|---|---|
committer | Deian Stefan <deian@cs.ucsd.edu> | 2019-09-26 16:13:21 -0700 |
commit | 8fd862ae12eb7cc6076b9906193e305eed0c5d40 (patch) | |
tree | 4915bf35559a8dd2f103b684f16ca2b43ed5169d | |
parent | 7e0458e07dd1e663d7b886f3e0bb4d560c3cde97 (diff) | |
download | nss-hg-8fd862ae12eb7cc6076b9906193e305eed0c5d40.tar.gz |
Bug 1582343 - Use constant time memcmp in more places r=kjacobs,jcj
-rw-r--r-- | lib/softoken/pkcs11c.c | 6 | ||||
-rw-r--r-- | lib/softoken/tlsprf.c | 2 |
2 files changed, 4 insertions, 4 deletions
diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c index a249d679e..4f53cca61 100644 --- a/lib/softoken/pkcs11c.c +++ b/lib/softoken/pkcs11c.c @@ -1931,7 +1931,7 @@ static SECStatus sftk_HMACCmp(CK_ULONG *copyLen, unsigned char *sig, unsigned int sigLen, unsigned char *hash, unsigned int hashLen) { - return (PORT_Memcmp(sig, hash, *copyLen) == 0) ? SECSuccess : SECFailure; + return (NSS_SecureMemcmp(sig, hash, *copyLen) == 0) ? SECSuccess : SECFailure; } /* @@ -2125,7 +2125,7 @@ sftk_SSLMACVerify(SFTKSSLMACInfo *info, unsigned char *sig, unsigned int sigLen, info->update(info->hashContext, ssl_pad_2, info->padSize); info->update(info->hashContext, hash, hashLen); info->end(info->hashContext, tmpBuf, &out, SFTK_MAX_MAC_LENGTH); - return (PORT_Memcmp(sig, tmpBuf, info->macSize) == 0) ? SECSuccess : SECFailure; + return (NSS_SecureMemcmp(sig, tmpBuf, info->macSize) == 0) ? SECSuccess : SECFailure; } /* @@ -3647,7 +3647,7 @@ NSC_VerifyFinal(CK_SESSION_HANDLE hSession, /* must be block cipher MACing */ crv = CKR_SIGNATURE_LEN_RANGE; } else if (CKR_OK == (crv = sftk_MACFinal(context))) { - if (PORT_Memcmp(pSignature, context->macBuf, ulSignatureLen)) + if (NSS_SecureMemcmp(pSignature, context->macBuf, ulSignatureLen)) crv = CKR_SIGNATURE_INVALID; } diff --git a/lib/softoken/tlsprf.c b/lib/softoken/tlsprf.c index 05e246887..b96733b1f 100644 --- a/lib/softoken/tlsprf.c +++ b/lib/softoken/tlsprf.c @@ -129,7 +129,7 @@ sftk_TLSPRFVerify(TLSPRFContext *cx, } rv = sftk_TLSPRFUpdate(cx, tmp, &tmpLen, sigLen, NULL, 0); if (rv == SECSuccess) { - rv = (SECStatus)(1 - !PORT_Memcmp(tmp, sig, sigLen)); + rv = (SECStatus)(1 - !NSS_SecureMemcmp(tmp, sig, sigLen)); } PORT_ZFree(tmp, sigLen); return rv; |